serverfault.com

Recently I switched from ufw to firewalld and faced an issue that connected OpenVPN server clients do not have internet access. As I researched it became clear that ufw and firewalld forwarding rules have a great difference and firewalld rules are somehow need to be set up. So in ufw I used before.rules like this: # START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.8.0.0/8 -o enp1s0 -j MASQUERADE COMMIT # END OPENVPN RULES listing iptables -L -n -v --line-numbers: Chain FORWARD 1 43059 25M DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0 2 43059 25M DOCKER-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 3 1030 501K ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0 4 1030 501K ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0 5 32 2027 ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0 iptables -t nat -L POSTROUTING -n -v 0 0 M

The capacity or Tokens Per Minute (TPM) rate limit of the model deployments across in my Azure subscription are a mess: [table is chopped] How can I set the capacity or Tokens Per Minute (TPM) rate limit to the minimum for all model deployments across an entire Azure subscription? I don't want to do it manually one by one.

Anybody else using Dentrix Dental PMS software? They seem to not understand both DevOps, cybersecurity/infosec or product quality standards as they are pushing ALPHA releases of their software to customers of their product. This is an ON-PREM product and NOT a managed service yet this company seems to think it should force updates upon its customers. They ignore some very critical realities: Healthcare software needs to be stable/secure above and beyond all else. They are pushing releases with very serious issues with no ability to stop them. They cause downtime and the company seems not to care about feedback. They don't seem to get that software updates need to be TESTED and that we as users need a maintenance window to do so which WE control. We should have scriptable controls to do so as well. They don't seem to grasp the notion of least privilege as they assume Windows local or AD admin priv exist for end users. This is both a H

I have a Ubuntu server that I have installed snmpd on. I have disabled v1 and v2 and have setup v3. I am connecting to it over a Wireguard tunnel so I have limited it to the wireguard interface's ip, and when I updated ufw to allow 161 I bound it to the wireguard interface. It looks good on the server, snmpwalk -l authPriv -v 3 -u snmp -a SHA -A "PASWORD" -x AES -X "PASSWORD" 10.8.0.1 (with the passwords swapped with actual) responds just fine when I run it on the server. But when I run it on the client on the other end of the wireguard connection, it times out. My ufw status looks right, I am using this server as backup a DNS server and have it also bound to the wg0 interface so it is only accessible through the wireguard tunnel and it works fine. Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere

Issue Receiving an email for an alias, I got those errors: <[email protected]>Recipient address rejected: Unknown user; I realized this happened when postfix queries dovecot about user quota. Basically, what happens is that postfix queries dovecot using the virutal alias as name, not the virtual user. And since dovecot doesn't find a user with such name, it returns an error and postfix rejects the mail. Configuration I followed the docs at https://doc.dovecot.org/latest/core/plugins/quota.html when setting up the server. /etc/postfix/main.cf smtpd_recipient_restrictions = check_policy_service unix:private/quota-status /etc/dovecot/conf.d/90-quota.conf service quota-status { executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-st

Installing ansible-core from Debian repositories provides man pages for commands (ansible, ansible-playbook…). However, when installing with pipx, no man page is available. Is there a way to obtain Ansible commands man pages when installing with pipx? Note that: I am using pipx 1.7.1, and that pipx should install man pages since version 1.3.0 Source code only seems to contain a template for all man pages I could not find any man page in the distributed .whl

i try to configure PostgreSQL as data source in my new grafana service and get a error: stat /home/grafana/.postgresql/postgresql.crt: permission denied after i catch your eye some context, we used to have grafana service on specific aws ec2 instance, we in process of clean it and separate the services to multiple machine. i try to move grafana to new service, i copy all the data from all the sub folder to new aws ec2 instance and run the grafana service and start to get a error and can't find what the source cause of the error. i don't find the file in the source aws ec2 and provisioning folder are empty, one file and is all commented out '#' before you say grafana save all it's inner data in local sqlite3 database (that located in /etc/grafana/grafana.ini [database] section) i try to setup a clean Grafana instance and the error persist. i would like to hear any idea you have, i totally stuck Grafana version was the latest stable, the 12.

Setting up a new dovecot install. Docevot docs says the recommended quota driver is count. Roundcube apparently gets the quota information form the maildirsize file in the maildir directory. When using count driver, this file is not updated. Using maildir driver does update the file and things work but since count is recommended, I'm trying to evaluate my options. quota-clone is the recommended way to "export" quota information. Should I use this to write to a database? How may I tell Roundcube to read there instead of the maildirsize file?

There are zero snapshots in my zpool, and the datasets themselves occupy only 14% of the available zpool space. This used to be a functioning mirror, but recently a lot of my data has become truncated and the pool (and df) now shows 100% utility. # zfs list -o space NAME AVAIL USED USEDSNAP USEDDS USEDREFRESERV USEDCHILD pool1 0B 8.69T 0B 151K 0B 8.69T pool1/encrypted 0B 8.69T 0B 7.45T 0B 1.24T pool1/encrypted/general 0B 256K 0B 256K 0B 0B pool1/encrypted/images 0B 1.24T 0B 1.24T 0B 0B df: pool1/encrypted/images 1326699904 1326699904 0 100% /pool/1/encrypted/images pool1/encrypted/general 256 256 0 100% /pool/1/encrypted/general This just finished a scrub. Can someone help me under

I set up Redis 8.4 replication with sentinel and service registration with Hashicorp Consul on Oracle EL10.1 server stack. In order to reregister redis service with consul after failover I needed to reload consul service, what can be done with redis sentinel client-reconfig-script option. Here's the simple script: #!/bin/bash sudo systemctl reload consul.service that option was added in sudoers: Cmnd_Alias CONSUL_SERVICE = /usr/bin/systemctl reload consul.service redis ALL=NOPASSWD: CONSUL_SERVICE after testing this configuration with selinux in enforcing mode I've ended with selinux policy: module my-redisserver 1.0; require { type redis_conf_t; type redis_t; type sudo_exec_t; type system_dbusd_t; type system_dbusd_var_run_t; type systemd_systemctl_exec_t; type systemd_logind_t; type systemd_unit_file_t; type chkpwd_exec_t; t