thank you for your attention
donald wrote: ↑19 Nov 2023, 04:48
And then there is the # ssh? rule (posted above) applied to all of them,even to those
where ssh is not allowed eg.'block all' -- why?
just an oversight, same with the icmp
donald wrote: ↑18 Nov 2023, 07:40
and b) does not make sense at all.What is this rule supposed to do?
There are rules for SSH if the firewall is in normal mode.
If you want to allow outgoing SSH connections — initiating an SSH connection to another server:
iptables -A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
should do it and start a SSH connection from within to the outside;
The input for SSH would be handled by the established / related rule.
except what you posted doesn't appear to work, at least, not with the one sftp connection i use.. whereas the other one does.. don't remember where i found it :p, not saying there isn't a better way.
anyways.. here's a patch to try:
firewall_patch.xzm
contains:
Code: Select all
firewall_patch
├── etc
│ └── rc.d
│ └── rc.FireWall
└── opt
└── porteus-scripts
└── gtk-firewall
changes:
no icmp, tcp(ssh?) with block all
icmp, tcp(ssh?) allowed with normal
only icmp allowed with strict
..didn't actually need to include rc.FireWall, didn't end up changing it
anything ipv6 remains unfinished, suggestions welcome
donald wrote: ↑14 Nov 2023, 06:33
5.01 - xfce 4.16 > paper icon theme incomplete, even xzm modules
do not have 'their' icon.
partly why fulalas chose to use the elementary theme i presume.. xfce4 seems to be a bit strange with icons.. why it's not picking up the hicolor icon with Paper but does with elementary is a mystery to me.
a workaround for the xzm icon
Code: Select all
cd /usr/share/icons/Paper/32x32/mimetypes
ln -s /usr/share/icons/hicolor/32x32/mimetypes/cdr.png application-x-xzm.png
not seeing any others, what am i missing?