Post ARd7rELvmz66UPdYYa by EricZhang456@pl.starnix.network
(DIR) More posts by EricZhang456@pl.starnix.network
(DIR) Post #ARd7L8h3ILZLfeDKCG by lamp@mastodong.lol
2023-01-14T09:45:27Z
0 likes, 1 repeats
gawd damn #linux firewall shit is so confusing... so iptables.service is the service that loads /etc/iptables/rules.* right? but what's inside... "/usr/sbin/netfilter-persistent"... netfilter huh? doesn't netfilter = nftables? well hold up, there's also an nftables.service, and that runs "/usr/sbin/nft -f /etc/nftables.conf"... another completely different format firewall config... Wtf is all this! AAAAH! :aaaaaa:
(DIR) Post #ARd7UZKbcoD8tRD9vc by ringo@freeatlantis.com
2023-01-14T09:47:11Z
0 likes, 0 repeats
@lamp ufw is much easier...............
(DIR) Post #ARd7leOo2JoHX8Jy08 by lamp@mastodong.lol
2023-01-14T09:50:16Z
0 likes, 1 repeats
@ringo but docker works with iptablescan ufw do nat?
(DIR) Post #ARd7rELvmz66UPdYYa by EricZhang456@pl.starnix.network
2023-01-14T09:49:52.901699Z
0 likes, 0 repeats
@lamp use firewalld
(DIR) Post #ARd7rEkkIiwljNFNEe by lamp@mastodong.lol
2023-01-14T09:51:15Z
0 likes, 0 repeats
@EricZhang456 i suppose i could
(DIR) Post #ARd7uAO0zauD3a0n4a by Zerglingman@freespeechextremist.com
2023-01-14T09:51:50.093708Z
1 likes, 0 repeats
@lamp @ringo >>>>>>dockerWell there's your problem
(DIR) Post #ARd7xvIP2ZrRPeB6Aq by lamp@mastodong.lol
2023-01-14T09:52:29Z
1 likes, 0 repeats
@Zerglingman @ringo :sGrimace:
(DIR) Post #ARd7zYn3gdOYByIVTk by ringo@freeatlantis.com
2023-01-14T09:52:47Z
1 likes, 0 repeats
@Zerglingman @lamp docker is evil.
(DIR) Post #ARd80jKXz4xpAgWGfo by Zerglingman@freespeechextremist.com
2023-01-14T09:53:01.265547Z
1 likes, 0 repeats
@lamp @ringo You do this to yourself.
(DIR) Post #ARd84tnB1tAEmBtm7M by Zerglingman@freespeechextremist.com
2023-01-14T09:53:46.470504Z
1 likes, 0 repeats
@ringo @lamp STOP DOING CONTAINERSPROCESSES WERE NEVER MEANT TO BE GIVEN THEIR OWN OPERATING SYSTEMS
(DIR) Post #ARd89Az33P7PFkUUue by ringo@freeatlantis.com
2023-01-14T09:54:32Z
1 likes, 0 repeats
@Zerglingman @lamp correct. i hate virtualization.thats what systemd or systemv is for..
(DIR) Post #ARd8AkTYa49rcSVjQu by Zerglingman@freespeechextremist.com
2023-01-14T09:54:49.901760Z
1 likes, 0 repeats
@ringo @lamp Or chroots if you're really paranoid.
(DIR) Post #ARd8LZdLERgJB7FWLI by lamp@mastodong.lol
2023-01-14T09:56:46Z
1 likes, 0 repeats
@ringo @Zerglingman but then u have to manually install and set up all the dependencies and stuff when docker makes it sooo quick and easyand clean... when am done can delete all instantly and there be no garbage left tangled in host system
(DIR) Post #ARd8QTMVyaqxAxiNJw by brightside@mastodon.online
2023-01-14T09:57:27Z
0 likes, 0 repeats
@lamp Maybe ufw (Uncomplicated Firewall) can save the day. https://www.baeldung.com/linux/uncomplicated-firewall
(DIR) Post #ARd8SChosKTM61VOsq by ringo@freeatlantis.com
2023-01-14T09:57:58Z
1 likes, 0 repeats
@Zerglingman @lamp some things are better in chroot, like for example postfix.but yeahls -ld /proc/4645/rootetc theres a few others i dont recall off hand
(DIR) Post #ARd8SqU2yxDtStMxyC by Zerglingman@freespeechextremist.com
2023-01-14T09:58:06.137684Z
2 likes, 0 repeats
@lamp @ringo Sounds like motherfuckers need package management.http://michael.orlitzky.com/articles/motherfuckers_need_package_management.xhtml
(DIR) Post #ARd8Y7wjU3Sz4YIza4 by tux@hachyderm.io
2023-01-14T09:58:58Z
0 likes, 0 repeats
@lamp nftables is a "never and improved" version of iptables, but not the same. You can use either if you have both installed, but they are not the same program https://linuxhandbook.com/iptables-vs-nftables/
(DIR) Post #ARd8agaDfwvv4lzl44 by ringo@freeatlantis.com
2023-01-14T09:59:30Z
1 likes, 0 repeats
@Zerglingman @lamp Lamp:that's what apt is for.if you've never tried it in a pure debian system, it's pretty lovely.if something remains you can always obliterate it with dpkg --list package thendpkg --remove packagebut usually this is never needed because apt-get --purge package does the same thing. although you may have to rm -fr /etc/apache/conf or something sometimes..
(DIR) Post #ARd8cWnd1RObJN94nA by lamp@mastodong.lol
2023-01-14T09:59:49Z
0 likes, 0 repeats
@brightside iptables itself isn't too complicated but persisting reboot is blehthe thing is if ufw is based on iptables then it only makes it more complicated underneath
(DIR) Post #ARd8ffJDq9wIZXQ2yG by Zerglingman@freespeechextremist.com
2023-01-14T10:00:25.148743Z
0 likes, 0 repeats
@ringo @lamp Normally I would just >aptBut this is the one thing pacman is actually bad at.
(DIR) Post #ARd8hMltjWGZesdvkG by ringo@freeatlantis.com
2023-01-14T10:00:42Z
1 likes, 0 repeats
@Zerglingman @lamp lamp - also worth mentioning - package management is crap on ubuntu and most debian derivatives,..........because the logic and decision making going INTO package management is hard, and the debian team is the only one that actually does this correctly.
(DIR) Post #ARd8tHnY39gfi06BPs by ringo@freeatlantis.com
2023-01-14T10:02:52Z
1 likes, 0 repeats
@Zerglingman @lamp oh i forgot, we were talking about ip tables..yeah look into UFW, but you have to have a KVM switch if you admin over SSH, because it can lock you out on install..I refuse to pay for this monthly so still haven't set up ufw, because the monthly for that remote keyboard mouse trigger is less than the cost they wanted to set it up, but my server is stable so not needed really, but so this upgrade its on the list of "things to do but not yet"whew . ::blink::
(DIR) Post #ARd8yrgQ3dZWS5QNLE by Zerglingman@freespeechextremist.com
2023-01-14T10:03:53.340819Z
1 likes, 0 repeats
@ringo @lamp >but you have to have a KVM switch if you admin over SSH, because it can lock you out on install..AHAHAHAHAHAHAHAHAHAHAHAHAHA
(DIR) Post #ARd9BwQVjVjEvbDcdk by 4censord@mstdn.social
2023-01-14T10:06:11Z
0 likes, 0 repeats
@lamp sadly it gets more even more confusing depending on which distro you are using.On CentOS and RHEL, firewalld is the default.On Ubuntu, ufw. On Debian, you can use either, but i'm not sure what is installed by default.If you can, i would prefer nftables over iptables.
(DIR) Post #ARd9DeMxq9sJVINHpQ by 4censord@mstdn.social
2023-01-14T10:06:31Z
0 likes, 0 repeats
@lamp sadly it gets more even more confusing depending on which distro you are using.On CentOS and RHEL, firewalld is the default.On Ubuntu, ufw. On Debian, you can use either, but i'm not sure what is installed by default.If you can, i would prefer nftables over iptables.
(DIR) Post #ARd9EdMj3evggDjSQS by ringo@freeatlantis.com
2023-01-14T10:06:43Z
1 likes, 0 repeats
@Zerglingman @lamp default rule disallow all.which would negate 22...
(DIR) Post #ARd9FjEwhb6vBmcCjw by ringo@freeatlantis.com
2023-01-14T10:06:55Z
1 likes, 0 repeats
@Zerglingman @lamp im surprised you havent jumped on my irc server yet
(DIR) Post #ARd9G0RcjiLwY1g4MS by lamp@mastodong.lol
2023-01-14T10:06:58Z
1 likes, 0 repeats
@ringo @Zerglingman apt install postgresql-14 redis ffmpeg bla bla bla[copy pasty shit from websites to install latest versions of nodejs etc]sudo -u postgres psql *create database bla bla bla*useradd -r -d /srv/blabla blanano /etc/systemd/system/blabla.service[Unit] Description=blablabladoidsfgsdfohsdhojs(and mastodon has three services)systemctl daemon-reload, systemctl enable --now balblalbadfgiosdhgisdhisdall this versusdocker-compose up -d
(DIR) Post #ARd9MoOhvQlVDBYhP6 by Zerglingman@freespeechextremist.com
2023-01-14T10:08:13.007447Z
1 likes, 0 repeats
@ringo @lamp Maybe just don't run on install lol, so you have a chance to configure it before it fucks you over. Like put in it in the postinstall: echo "Not running by default as it blocks all external connections (including ssh!), use <blah blah> if you don't care about this (eg. local access)"
(DIR) Post #ARd9Rb5Uq2s1Nbr3C4 by Zerglingman@freespeechextremist.com
2023-01-14T10:09:04.901768Z
1 likes, 0 repeats
@ringo @lamp I'm too lazy to set up a bouncer so I don't do much on IRC. What's the address?
(DIR) Post #ARd9TQGk260YPCz7uS by ringo@freeatlantis.com
2023-01-14T10:09:23Z
0 likes, 1 repeats
@lamp @Zerglingman well. if thats the only problem you have with node consider youself lucky.i actually am running it now, but only one thing uses it, and i tried for weeks to get it going in a more complicated environment.HOWEVER, your docker container isnt working either, so maybe just try the old fashioned way :) it'-ll be fun,. you'll learn things.
(DIR) Post #ARd9VJKKoXOxSEZ9Fo by ringo@freeatlantis.com
2023-01-14T10:09:44Z
1 likes, 0 repeats
@Zerglingman @lamp 2x2chat.com 6697
(DIR) Post #ARd9ZOh6ngwlG8APNQ by ringo@freeatlantis.com
2023-01-14T10:10:29Z
1 likes, 0 repeats
@Zerglingman @lamp now thats creative and i hadnt thought of that...that way i can install it and then not have it running, then edit the config THEN start it yes ?
(DIR) Post #ARd9bHDNa1gYdo9omW by lamp@mastodong.lol
2023-01-14T10:10:49Z
1 likes, 0 repeats
@ringo @Zerglingman the docker is working perfectly fine i just want the iptables to be all nice and clean and persist reboot properly.
(DIR) Post #ARd9jUcpbVU2Y8ypcW by ringo@freeatlantis.com
2023-01-14T10:12:18Z
1 likes, 0 repeats
@lamp @Zerglingman OH.Here you go.https://dev.to/oryaacov/3-ways-to-make-iptables-persistent-4pp
(DIR) Post #ARd9lVUfLYDzp17ZkO by Zerglingman@freespeechextremist.com
2023-01-14T10:12:40.794703Z
1 likes, 0 repeats
@lamp @ringo Motherfuckers need package management lmao.Docker needs a file to tell it what shit to install and run. You could also just write a fucking shell script to do that without a container, but you can do better than that: write a PKGBUILD. Not only is it shorter, because specific vars mean specific things, it also integrates with pacman so the system knows about the installed program, its dependencies, and can thus mark them for automatic removal when you pull the main program out. (But pacman doesn't do that; you have to specify -s.)
(DIR) Post #ARd9v18364hWXj4qPI by ringo@freeatlantis.com
2023-01-14T10:14:22Z
1 likes, 0 repeats
@Zerglingman @lamp oh and #2x2 or #bricks
(DIR) Post #ARd9yUWcG76MaBE036 by Zerglingman@freespeechextremist.com
2023-01-14T10:15:01.589231Z
0 likes, 0 repeats
@ringo @lamp This seems like the obvious behaviour to me. I don't mind some services starting themselves on install, but something with that much destructive potential shouldn't. If the default config were to block nothing, then it would be fine to run automatically.
(DIR) Post #ARdA0yVXkrkQ9RuJl2 by lamp@mastodong.lol
2023-01-14T10:15:27Z
1 likes, 0 repeats
@Zerglingman @ringo yeh but then the script depends on the specific distro and release and could conflict with existing configurations. containierizing guarantees consistent reproducable isolated environments.
(DIR) Post #ARdA14rk7F4Ps2L8C0 by Zerglingman@freespeechextremist.com
2023-01-14T10:15:29.634633Z
0 likes, 0 repeats
@ringo @lamp I'm expecting minetest.
(DIR) Post #ARdAJ1lsMOhbU99f4S by Zerglingman@freespeechextremist.com
2023-01-14T10:18:44.276480Z
0 likes, 0 repeats
@lamp @ringo You are a nigger. You are the blackest retard gorilla.>specific distroIt works on arch, blackarch, manjaro, artix, etc.Sounds like a skill issue to me. Also there's a distro-agnostic version that I keep forgetting the name of. AFAIK it does need specific support for each package type so it's not really "agnostic", and they probably should have just implemented PKGBUILD on other distros instead.>and releaselol what>could conflict with existing configurationslol what
(DIR) Post #ARdAJQzYafV5hokRMm by lamp@mastodong.lol
2023-01-14T10:18:46Z
0 likes, 0 repeats
ok netfilter is the linux api that allows firewall software to work (hook into the network stack), iptables is a firewall software that uses it and nftables is a newer one that does the same
(DIR) Post #ARdATDcVA4j985d6Ce by lamp@mastodong.lol
2023-01-14T10:20:34Z
1 likes, 0 repeats
@Zerglingman @ringo i'm talking bout the shell script bruh what u talking bout why u mad bro
(DIR) Post #ARdAZ9lmOEo8vQnhku by lamp@mastodong.lol
2023-01-14T10:21:38Z
1 likes, 0 repeats
@Zerglingman @ringo wtf is an PKGBUILD and howd u use it on ubuntu if it for pacman or whatever
(DIR) Post #ARdAbc489nnpGMYVSi by lamp@mastodong.lol
2023-01-14T10:22:05Z
1 likes, 0 repeats
@Zerglingman @ringo also it flippin 2:20am wtf how am i not sleepy i go now
(DIR) Post #ARdAfvuqIRc7zAGsC0 by Zerglingman@freespeechextremist.com
2023-01-14T10:22:52.655979Z
0 likes, 0 repeats
@lamp @ringo Yeah and? Write the script with support for multiple package managers if you want; test the output of `which $pacman` or something.Or just supply a different script for each distro.But that's why PKGBUILD exists, because this stuff is annoying.
(DIR) Post #ARdAh5ADOl66xP0eVk by Zerglingman@freespeechextremist.com
2023-01-14T10:23:05.116882Z
0 likes, 0 repeats
@lamp @ringo It's what makes arch as cool as gentoo.
(DIR) Post #ARdAm2yqwX17dM3vYu by ringo@freeatlantis.com
2023-01-14T10:23:57Z
0 likes, 1 repeats
@lamp @Zerglingman these are two entirely different ideologies on how to run a thingy on a linux based system.we're both in old camp.we're trying to show you why old camp is better.it's worked for the last 25 years or so.new camp is hard and has its own set of challenges. i know how docker works in theory, but i refuse to run it because of what it is and does and yeah.trogdolite.. but happily so.
(DIR) Post #ARdAn7iWoklkc7wKv2 by ringo@freeatlantis.com
2023-01-14T10:24:09Z
1 likes, 2 repeats
@lamp @Zerglingman "I'm sorry to everybody involved here in containers," he said. "I'm so happy that the kernel tends to be fairly far removed from all of these issues, all of the buzzwords and all the new technologies-Linus Torvalds 2015
(DIR) Post #ARdAoxR60uYtJ4f1Zg by Zerglingman@freespeechextremist.com
2023-01-14T10:24:30.514018Z
0 likes, 0 repeats
@ringo @lamp Suddenly rust
(DIR) Post #ARdAqGE7dTJRsIDJ68 by ringo@freeatlantis.com
2023-01-14T10:24:43Z
1 likes, 0 repeats
@lamp @Zerglingman get some rest you'll feel better..it took me 14 days to get my mailserver running..be patient with yourself.
(DIR) Post #ARdAs9bDFQIntmutpg by Zerglingman@freespeechextremist.com
2023-01-14T10:25:05.171262Z
1 likes, 0 repeats
@ringo @lamp 14 days is pretty quick IME
(DIR) Post #ARdAxke2wLkaF3uYvQ by ringo@freeatlantis.com
2023-01-14T10:26:05Z
1 likes, 0 repeats
@Zerglingman @lamp thanks. I'm not entirely a neophyte.I had God's help, too.and a few people made helpful suggestions that ruled this or that out.Imagine my confusion for the first week trying to connect exim to seamonkey mail... 🤣
(DIR) Post #ARdB2TfbTo5j2jtRWy by Zerglingman@freespeechextremist.com
2023-01-14T10:26:57.117513Z
1 likes, 0 repeats
@ringo @lamp Man I spent like half a week just trying to figure out how to use the "import" directive in smtpd's config.Turns out the documentation is SLIGHTLY wrong about it.
(DIR) Post #ARdB8C79fETEKhVRce by ringo@freeatlantis.com
2023-01-14T10:27:58Z
1 likes, 0 repeats
@Zerglingman @lamp you using postfix and dovecot?sounds like sendmail prollems
(DIR) Post #ARdBIJ66YXBOt0pxXE by Zerglingman@freespeechextremist.com
2023-01-14T10:29:48.766289Z
1 likes, 0 repeats
@ringo @lamp No, (open)smtpd and dovecot.
(DIR) Post #ARdEyvIFEcpvNDWnIm by brightside@mastodon.online
2023-01-14T11:11:03Z
0 likes, 0 repeats
@lamp Depending on what you need to do I prefer ufw to be able to avoid the Linux firewall chaos. On servers that means for me blocking all but ssh, http and https. ufw makes that very easy.