Re: warning to EFW users: you may be abusing malwaredomains.com site

I do not have that file in the 2.5.1 release. 

Med vänliga hälsningar,

Johan Ljunggren
+46 70 585 29 44
johan.ljunggren <at> shamn.se


31 aug 2012 kl. 03:07 skrev "AJ Weber" <aweber <at> comcast.net>:

> I _did_ have these listed in /var/efw/dnsmasq/default/settings
> 
> Changed them to loopback and the malwaredomains.zones entry.  (I may be 
> running 2.5...could be they changed this in the .1 release?)
> 
> Thanks for the heads-up!  I would hate to abuse a site that's obviously 
> trying to help.
> 
> -AJ
> 
> 
> On 8/30/2012 3:48 PM, compdoc wrote:
>> By opening either of these urls, you will indeed be sent the blackhole list:
>> 
>> http://mirror1.malwaredomains.com/files/spywaredomains.zones

>> 
>> or
>> 
>> http://mirror1.malwaredomains.com/files/malwaredomains.zones

[EFW 2.5.1] System Access Rules not working

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

Re: [EFW 2.5.1] System Access Rules not working

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

Re: [EFW 2.5.1] System Access Rules not working

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

Re: [EFW 2.5.1] System Access Rules not working

Hi,

Are you setting this under Firewall > System Access ?  This is remembered after restart for me.

Sam.

On 04/09/2012, at 7:06 PM, Ahmed Morgan <akha666@...> wrote:

> I did you setps with no luck
> I can access to server if add to iptables from ssh to EFW Server
> #> iptables -A INPUT -p TCP -i eth1 --dport 10443 -j ACCEPT
> but how can I add to startup to load when EFW booting ?
> 
> On Mon, Sep 3, 2012 at 3:50 PM, compdoc <compdoc@...> wrote:
> > I like EFW and I have 2.5.1 , but my problem with System Access is now working
> 
> >When I add rule
> 
>  
> 
> >Source Address:   blank
> 
> >Source Interface:  Any
> 
> >service:                User define
> 
> >protocol:              TCP : 10443
> 
> >policy action:        allow
> 
> >enabled:              checked
> 
>  
> 
>  
> 
> Mine works when set this way:
> 
>  
> 
> Source Address:   blank
> 
> Source Interface:  RED
> 
> service:                <ANY>
> 
> protocol:              TCP : 10443
> 
> policy action:        allow with IPS
> 
> Position              First
> 
> enabled:              checked
> 
>  
> 
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Efw-user mailing list
> Efw-user@...
> https://lists.sourceforge.net/lists/listinfo/efw-user
> 
> 
> 
> 
> -- 
>    ____  _                        _   __  __                             
>   / __ \| |__  _ __ ___   ___  __| | |  \/  | ___  _ __ __ _  __ _ _ __  
>  / / _` | '_ \| '_ ` _ \ / _ \/ _` | | |\/| |/ _ \| '__/ _` |/ _` | '_ \ 
> | | (_| | | | | | | | | |  __/ (_| | | |  | | (_) | | | (_| | (_| | | | |
>  \ \__,_|_| |_|_| |_| |_|\___|\__,_| |_|  |_|\___/|_|  \__, |\__,_|_| |_|
>   \____/                                               |___/             
> 
>  _     _                       _       _           _       
> | |   (_)_ __  _   ___  __    / \   __| |_ __ ___ (_)_ __  
> | |   | | '_ \| | | \ \/ /   / _ \ / _` | '_ ` _ \| | '_ \ 
> | |___| | | | | |_| |>  <   / ___ \ (_| | | | | | | | | | |
> |_____|_|_| |_|\__,_/_/\_\ /_/   \_\__,_|_| |_| |_|_|_| |_|
>                                                            
> 
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
> Efw-user mailing list
> Efw-user@...
> https://lists.sourceforge.net/lists/listinfo/efw-user

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

acpi shutdown?

Hi.
I'm using EFW in a virtual machine, but when I issue hypervisor's shutdown EFW remains running. 
I see there is no acpid daemon running, is it available somewhere?

I found a thread on efwsupport (http://www.efwsupport.com/index.php?topic=548.0) but doesn't work
with 2.5.1.

How do you cope with hardware shutdown?
thanks
-- 
Lorenzo Milesi - lorenzo.milesi@...

YetOpen S.r.l. - http://www.yetopen.it/
Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222

GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it

-------- D.Lgs. 196/2003 --------

Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Re: Unstable VPN

> I.e. when I try to downoad "lots" of data, like opening a remote file
> with vi, the connection drops, screen freezes and won't go further,
> while if I open a new connection everything is fast and working!

"Usual" MTU problem. Setting to 1492 solved.
-- 
Lorenzo Milesi - lorenzo.milesi@...

YetOpen S.r.l. - http://www.yetopen.it/
Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222

GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it

-------- D.Lgs. 196/2003 --------

Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

AUTO: Yasar Ozkul is out of the office (returning 23.09.2012)

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

Re: [EFW 2.5.1] System Access Rules not working

------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html

_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user

EFW 5.1 NTP daemon not auto starting

Problem:  NTP not running on efw startup.  Can use command line to start... " ntpd " but still shows under
"Status" menu as  "stopped".   Will work once I use command "ntpd" and seems to work as
normal, but still shows as "stopped" under menu "Status" menu.  This is on Endian 5.1 Community.

History of how problem happened:

I had an EFW 4.1 installation that I wanted to upgrade to 5.1.  I had so many ip address reservations that I did
not want to  re-build all the configurations.  I exported the configuration from the old EFW 4.1 and saved
it.  Then, I installed fresh onto  different hardware EFW 5.1.  I exported and saved the configuration for
the now new EFW 5.1, extracted the necessary  config files, and copied-and-pasted the ip address
assignments for static ip addresses from the 4.1 configuration into the 5.1  configuration.  I re-gzipped
it all up and imported into the new hardware (the EFW 5.1).  That's when I noticed this problem.

I have since taken the EFW 5.1 configuration from this machine and exported it, and re-imported it into
different hardware  (minus the businfotab trick) so I can restore to different hardware.  The problem is
the same.  So in an attempt to fix it, I  exported this same EFW 5.1 config and then re-imported it just to see if
maybe some permissions problem would be  automatically resolved this way.  But, the ntp problem is the same.

It is possible that I accidentally imported into the EFW 5.1 some
files from the EFW 4.1 configuration export.

I also compared the contents of a fresh, clean EFW 5.1 configuration export with the contents of the
problematic EFW 5.1  configuration files to see the differences.   They were remarkably similar and with my
limited knowledge (but growing) of Linux  I could not find any differences.

I also used the command "vi" in the console of the problematic EFW 5.1 to check configuration files related
to ntp and they all  seemed fine.  I noticed that the file "drift" was nonexistent so I created it, but that did
not solve the problem.  I used another  efw 5.1 that I know to be clean and working to compare.

So, long explanation, probably there is a short solution? :)

Any thoughts, anyone?

Thanks to Endian, as always, I personally appreciate the work you do.

- Chad May

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/