Sampsa Laine wrote:
I just downloaded the cn.zone and it had like 5800 entries in it.. > >
Sampsa > > > On 16 Sep 2015, at 15:22, Brian Schenkenberger, VAXman-
<system at TMESIS.COM> wrote: > >> Johnny Billquist <bqt at
softjar.se>
writes: >> >>> On 2015-09-16 16:03, Sampsa Laine wrote: >>>>
>>>> On 16
Sep 2015, at 15:01, Johnny Billquist <bqt at softjar.se> wrote: >>>>
>>>>>
>>>> But this would also require that I
have a separate network for
this setup. We're talking about a machine that are
on the internet
today... On a well known, static ip address. >>>>> >>>>
>>>> Then you're
unfortunately pretty out of luck unless - AFAIK VMS doesn't have
anything like iptables to help you filter out the connections. >>> >>>
Well, you are trying to suggest ways to prevent this from happening. And
>> no, VMS do not have iptables, as far as I
know. >>> When you are
looking for is essentially a way to block some
ranges of >>> addresses.
That can be done in a router, or sometimes switch. Quite >>> possible
I'll look into that. But that don't answer my current question, >>> how
to fix the current state on the VMS system. And no, I do not >>>
consider "reboot" to be the solution. :-) >>> >>>> A really
crappy
solution would be to restart the IP stack every so often but there are
of course issues with that as well.. >>> >>> Yeah... No... Not going
there. >>> >> >> At hospital typing on my tablet... >> >>
You are
correct, no iptables... that's because it's VMS; not ewwwnix! >> >>
RTFM, and look for: ACCEPT NETS, ACCEPT HOSTS,REJECT NETS, REJECT HOSTS.
> >> -- >> VAXman- A Bored Certified VMS
Kernel Mode Hacker
VAXman(at)TMESIS(dot)ORG >> >> I speak to machines
with the voice of
humanity. >
Sounds like a plan. I put my ipfire firewall up as a "dmz" machine in
what the "so-called home router/firewall/."
They just recently added block-by-country to the gui management as well
as the block by ports, etc.
I wonder how hard it would be to get a hole punched in it for the
ethernet bridge... or to have the ethernet bridge run
inside an tunnel or VPN. IPFire supports both OpenVPN and standard
IPSEC VPN connectiviity.
Perhaps putting DECnet on it is possible... I'll have to look. The
kernel could support it but I'd have to see how to pass it through the
firewall.
Bill
--
Digital had it then. Don't you wish you could buy it now!
pechter-at-gmail.com http://xkcd.com/705/