|
N1URO > PACKET 07.01.19 19:00l 39 Lines 1734 Bytes #999 (0) @ WW
BID : 15297_N1URO
Read: GUEST
Subj: G4APL > Re: Node excessive Broadcasts
Path: IW8PGT<IZ3LSV<IK6ZDE<I0OJJ<GB7CIP<N1URO
Sent: 190107/1752Z @:N1URO.#CCT.CT.USA.NOAM #:15297 [Unionville] $:15297_N1URO
>From n1uro%n1uro.#cct.ct.usa.noam@i0ojj.ampr.org Mon Jan 7 18:55:58 2019
Received: from i0ojj.ampr.org by i0ojj.ampr.org (JNOS2.0k.3b) with SMTP
id AA73081 ; Mon, 07 Jan 2019 18:55:58 +0100
Message-Id: <15297_N1URO@gb7cip.bbs>
>From: n1uro@n1uro.#cct.ct.usa.noam
X-JNOS-User-Port: Telnet (gb7cip @ 82.70.39.222) -> Sending message
From: N1URO@N1URO.#CCT.CT.USA.NOAM
To : PACKET@WW
Paul (et al)
One thing that's very misunderstood about URONode is that people seem to think
it handles kernel routines such as node broadcasts and receptions into the
netrom nodes tables. It does not! It's a user front-end that relies on the
kernel's tables for connectivity and nodes listings which is why it's such
a fast node rather than trying to run another protocol stack on top of an
existing one. In any event I have derived the following iptables rules
that will help filter out incoming nodes broadcasts that are not wanted.
Keep in mind you also must allow those who you wish to link with in:
# BPQ udp 10093 and node injection filter rules:
/sbin/iptables -I INPUT -s 0.0.0.0/0 -j DROP -p udp --dport 10093 -d 0.0.0.0/0
# axudp
/sbin/iptables -I INPUT -s 0.0.0.0/0 -j DROP -p udp --dport 93 -d 0.0.0.0/0
# axip
/sbin/iptables -I INPUT -s 0.0.0.0/0 -j DROP -p 93 -d 0.0.0.0/0
# now add those you intend to allow:
/sbin/iptables -I INPUT 1 -s 173.218.33.215 -j ACCEPT -p udp --dport 10093 -d 0.0.0.0/0
/sbin/iptables -I INPUT 1 -s 74.69.112.177 -j ACCEPT -p udp --dport 93 -d 0.0.0.0/0
/sbin/iptables -I INPUT 1 -s 44.88.0.9 -j ACCEPT -p 93 -d 44.88.0.1
/sbin/iptables -I INPUT 1 -s 44.131.244.1 -j ACCEPT -p 93 -d 44.88.0.1
Remember to do your denials first before the accept/allows.
I hope this information helps.
73 de N1URO
Read previous mail | Read next mail
| |