From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1])
	by tb-mx0.topicbox.com (Postfix) with ESMTP id 25427671460
	for <9fans@9fans.net>; Tue,  5 Nov 2019 05:06:03 -0500 (EST)
	(envelope-from steve@quintile.net)
Received: from tb-mx0.topicbox.com (localhost [127.0.0.1])
    by tb-mx0.topicbox.com (Authentication Milter) with ESMTP
    id D527A2EDA93;
    Tue, 5 Nov 2019 05:06:03 -0500
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t=
    1572948363; b=ZfTyRdHhurTaoWRVjEyxoh6YPK1oMe07rEK+A8mJqy3aoCVwC0
    J+npGniQqE2VQZG5PzCeDv1w8Ti3fWMknNxtvg6FrVTZKgeoVm5Gh+gSv5/PrJGy
    TJb3HNR/fx15K8VX2p8kNZvnz6HDdjKh5cfS82cA6QP3zfzWqz1SYf21NGwx2kq3
    TmSr3MXo/1xIBGmxiGs+u9QNeiDveFZ1dZDQPvNRmtKINcirxhb8Tj9uKURIIVzY
    Ts+SHnbrL0wGdoxy0ctXRqOoraoy/BDyla0X2tMhQOSPPaQg8l47oHA1QCnG29sr
    /LGSCoGrBTb3WCJe4XIJe2i85zJfJblOF1pw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
    topicbox.com; h=content-type:content-transfer-encoding:from
    :mime-version:subject:date:message-id:references:in-reply-to:to;
    s=arcseal; t=1572948363; bh=NEUSeLhxuXyqsrq0bdIAXmMNWoR450WiwzE
    oQCC1J58=; b=a3iECmX5FyJpRPbwqyDdDX4DJZHlvBFAf4CjPGYYpcsZZsUBk6R
    1cPwfbiNga8LjkoKIkkGGcXAu5EftxECn1IRgv0f39PijstbXqxLx1ystu7TOGeB
    XZE6s5UtjhghkOTsDcdjU0LOVDEl9th1Kha4G3EDNv/bv0FatNXsurqQUreHmhxe
    cGEB7N9vo3SwaiKsJmpIlGftWtj0RZW9+Jn/+xs25m0pczq0C+AT22VSgToHji/E
    xYUVK2DHTvxmFV62gYMnyZOrWx7p8czeTnye4nRiBvd5dIXJkjgQpeC12wzqjUw7
    B2h/YGY9ZSG3ls6Fz3aFdIeqm6vOiJILCMQ==
ARC-Authentication-Results: i=1; tb-mx0.topicbox.com; arc=none (no signatures found);
    dkim=none (no signatures found);
    dmarc=none policy.published-domain-policy=none
    policy.applied-disposition=none policy.evaluated-disposition=none
    (p=none,d=none,d.eval=none) policy.policy-from=p
    header.from=quintile.net;
    iprev=pass smtp.remote-ip=81.187.30.52 (b-painless.mh.aa.net.uk);
    spf=pass smtp.mailfrom=steve@quintile.net
    smtp.helo=b-painless.mh.aa.net.uk;
    x-aligned-from=pass (Address match);
    x-ptr=pass smtp.helo=b-painless.mh.aa.net.uk
    policy.ptr=b-painless.mh.aa.net.uk;
    x-return-mx=pass header.domain=quintile.net policy.is_org=yes
    (MX Record found);
    x-return-mx=pass smtp.domain=quintile.net policy.is_org=yes
    (MX Record found);
    x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384
    smtp.bits=256/256;
    x-vs=clean score=0 state=0
Authentication-Results: tb-mx0.topicbox.com;
    arc=none (no signatures found);
    dkim=none (no signatures found);
    dmarc=none policy.published-domain-policy=none
      policy.applied-disposition=none policy.evaluated-disposition=none
      (p=none,d=none,d.eval=none) policy.policy-from=p
      header.from=quintile.net;
    iprev=pass smtp.remote-ip=81.187.30.52 (b-painless.mh.aa.net.uk);
    spf=pass smtp.mailfrom=steve@quintile.net
      smtp.helo=b-painless.mh.aa.net.uk;
    x-aligned-from=pass (Address match);
    x-ptr=pass smtp.helo=b-painless.mh.aa.net.uk
      policy.ptr=b-painless.mh.aa.net.uk;
    x-return-mx=pass header.domain=quintile.net policy.is_org=yes
      (MX Record found);
    x-return-mx=pass smtp.domain=quintile.net policy.is_org=yes
      (MX Record found);
    x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384
      smtp.bits=256/256;
    x-vs=clean score=0 state=0
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedufedrudduhedguddvucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
    rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpegtgffhgg
    fufffkfhgjvffosegrjehmrehhtdejnecuhfhrohhmpefuthgvvhgvucfuihhmohhnuceo
    shhtvghvvgesqhhuihhnthhilhgvrdhnvghtqeenucffohhmrghinhepthhophhitggsoh
    igrdgtohhmnecukfhppeekuddrudekjedrfedtrdehvddpkeefrddvudelrdeguddrudei
    geenucfrrghrrghmpehinhgvthepkedurddukeejrdeftddrhedvpdhhvghlohepsgdqph
    grihhnlhgvshhsrdhmhhdrrggrrdhnvghtrdhukhdpmhgrihhlfhhrohhmpeeoshhtvghv
    vgesqhhuihhnthhilhgvrdhnvghtqecuuffkkgfgpeekuddtleenucevlhhushhtvghruf
    hiiigvpedt
X-ME-VSCategory: clean
Received-SPF: pass
    (quintile.net: 81.187.30.52 is authorized to use 'steve@quintile.net' in 'mfrom' identity (mechanism 'ip4:81.187.30.52' matched))
    receiver=tb-mx0.topicbox.com;
    identity=mailfrom;
    envelope-from="steve@quintile.net";
    helo=b-painless.mh.aa.net.uk;
    client-ip=81.187.30.52
Received: from b-painless.mh.aa.net.uk (b-painless.mh.aa.net.uk [81.187.30.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by tb-mx0.topicbox.com (Postfix) with ESMTPS
	for <9fans@9fans.net>; Tue,  5 Nov 2019 05:06:02 -0500 (EST)
	(envelope-from steve@quintile.net)
Received: from 132.198.187.81.in-addr.arpa ([81.187.198.132] helo=quintile.net)
	by b-painless.mh.aa.net.uk with esmtp (Exim 4.92)
	(envelope-from <steve@quintile.net>)
	id 1iRvir-000354-LZ
	for 9fans@9fans.net; Tue, 05 Nov 2019 10:06:01 +0000
Received: from [172.24.208.233] ([83.219.41.164]) by quintile.net; Tue Nov  5 10:05:59 GMT 2019
Content-Type: multipart/alternative; boundary=Apple-Mail-DC6123BA-28D6-4E7C-B733-154F8F276895
Content-Transfer-Encoding: 7bit
From: Steve Simon <steve@quintile.net>
Mime-Version: 1.0 (1.0)
Subject: Re: [9fans] banishment of nuisance IP addresses
Date: Tue, 5 Nov 2019 10:05:58 +0000
Message-Id: <03D70A3E-99D6-4734-BCC4-109B8BEC1727@quintile.net>
References: <CAOFTvPL==8uXG=v3nREJb+tpt+5ZcJsaYX65fW-4Y3X4jq9rtA@mail.gmail.com>
In-Reply-To: <CAOFTvPL==8uXG=v3nREJb+tpt+5ZcJsaYX65fW-4Y3X4jq9rtA@mail.gmail.com>
To: 9fans <9fans@9fans.net>
X-Mailer: iPhone Mail (17B84)
Topicbox-Policy-Reasoning: allow: sender is a member
Topicbox-Message-UUID: e3630a88-ffb3-11e9-a6ed-8c2c84fe63d5


--Apple-Mail-DC6123BA-28D6-4E7C-B733-154F8F276895
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

no =E2=80=9Cfw=E2=80=9D not sure what that is.

as it happens i turned off ipv6 last night. it was causing problems with smt=
p which i fail to understand, maybe tls certificate, i am not sure.

the banishment code works fine for ipv6

-Steve


> On 5 Nov 2019, at 10:02 am, Sergey Zhilkin <szhilkin@gmail.com> wrote:
>=20
> =EF=BB=BF
> I wonder .... if it will be system with IPv6 enabled and connected directl=
y to internet.=20
> There is no fw in plan 9 ....=20
> May be time to think about it ?
>=20
> =D0=B2=D1=82, 29 =D0=BE=D0=BA=D1=82. 2019 =D0=B3. =D0=B2 14:27, Steve Simo=
n <steve@quintile.net>:
>> re: anyone can banish ano IP address
>>=20
>> You are quite right, not a problem for me, but not a general solution.
>>=20
>> Ok, chmod og-w /lib/ndb/banished first.
>>=20
>> I could then write a file server, envoked in cpurc as bootes and thus
>> has rights to update the files in /lib/ndb/banished/*.
>>=20
>> The file server would have to ensure its /srv/xxx file is not accessable
>> by others.
>>=20
>> This could be mounted by the network listners before they becomenone() so=

>> they retain access. They would also need to ensure they unmount
>> the writable access to the banishment directory before starting their
>> child process (if the incomming connection is successful).
>>=20
>> ugh. Even _if_ that would work its a real pain.
>>=20
>> oh well, nice idea, but no bananna.
>>=20
>> -Steve
>>=20
>> ------------------------------------------
>> 9fans: 9fans
>> Permalink: https://9fans.topicbox.com/groups/9fans/Te00ed62cf5d85d9e-M4d3=
ca138d4a82de48a303955
>> Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
>=20
>=20
> --=20
> =D0=A1 =D0=BD=D0=B0=D0=B8=D0=BB=D1=83=D1=87=D1=88=D0=B8=D0=BC=D0=B8 =D0=BF=
=D0=BE=D0=B6=D0=B5=D0=BB=D0=B0=D0=BD=D0=B8=D1=8F=D0=BC=D0=B8
> =D0=96=D0=B8=D0=BB=D0=BA=D0=B8=D0=BD =D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9
> With best regards
> Zhilkin Sergey
> 9fans / 9fans / see discussions + participants + delivery options Permalin=
k

--Apple-Mail-DC6123BA-28D6-4E7C-B733-154F8F276895
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div dir=3D"ltr">no =E2=80=9Cfw=E2=80=9D no=
t sure what that is.</div><div dir=3D"ltr"><br></div><div dir=3D"ltr">as it h=
appens i turned off ipv6 last night. it was causing problems with smtp which=
 i fail to understand, maybe tls certificate, i am not sure.</div><div dir=3D=
"ltr"><br></div><div dir=3D"ltr">the banishment code works fine for ipv6</di=
v><div dir=3D"ltr"><br></div><div dir=3D"ltr">-Steve</div><div dir=3D"ltr"><=
br></div><div dir=3D"ltr"><br><blockquote type=3D"cite">On 5 Nov 2019, at 10=
:02 am, Sergey Zhilkin &lt;szhilkin@gmail.com&gt; wrote:<br><br></blockquote=
></div><blockquote type=3D"cite"><div dir=3D"ltr">=EF=BB=BF
<div dir=3D"ltr">I wonder .... if it will be system with IPv6 enabled and co=
nnected directly to internet.&nbsp;<div>There is no fw in plan 9 ....&nbsp;<=
/div><div>May be time to think about it ?</div></div><br><div class=3D"gmail=
_quote"><div class=3D"gmail_attr" dir=3D"ltr">=D0=B2=D1=82, 29 =D0=BE=D0=BA=D1=
=82. 2019 =D0=B3. =D0=B2 14:27, Steve Simon &lt;<a href=3D"mailto:steve@quin=
tile.net">steve@quintile.net</a>&gt;:<br></div><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204=
);padding-left:1ex">re: anyone can banish ano IP address<br><br>
You are quite right, not a problem for me, but not a general solution.<br><b=
r>
Ok, chmod og-w /lib/ndb/banished first.<br><br>
I could then write a file server, envoked in cpurc as bootes and thus<br>
has rights to update the files in /lib/ndb/banished/*.<br><br>
The file server would have to ensure its /srv/xxx file is not accessable<br>=

by others.<br><br>
This could be mounted by the network listners before they becomenone() so<br=
>
they retain access. They would also need to ensure they unmount<br>
the writable access to the banishment directory before starting their<br>
child process (if the incomming connection is successful).<br><br>
ugh. Even _if_ that would work its a real pain.<br><br>
oh well, nice idea, but no bananna.<br><br>
-Steve<br><br>
------------------------------------------<br>
9fans: 9fans<br>
Permalink: <a href=3D"https://9fans.topicbox.com/groups/9fans/Te00ed62cf5d85=
d9e-M4d3ca138d4a82de48a303955" rel=3D"noreferrer" target=3D"_blank">https://=
9fans.topicbox.com/groups/9fans/Te00ed62cf5d85d9e-M4d3ca138d4a82de48a303955<=
/a><br>
Delivery options: <a href=3D"https://9fans.topicbox.com/groups/9fans/subscri=
ption" rel=3D"noreferrer" target=3D"_blank">https://9fans.topicbox.com/group=
s/9fans/subscription</a><br></blockquote></div><br clear=3D"all"><div><br></=
div>-- <br><div class=3D"gmail_signature" dir=3D"ltr">=D0=A1 =D0=BD=D0=B0=D0=
=B8=D0=BB=D1=83=D1=87=D1=88=D0=B8=D0=BC=D0=B8 =D0=BF=D0=BE=D0=B6=D0=B5=D0=BB=
=D0=B0=D0=BD=D0=B8=D1=8F=D0=BC=D0=B8<br>=D0=96=D0=B8=D0=BB=D0=BA=D0=B8=D0=BD=
 =D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9<br>With best regards<br>Zhilkin Sergey=
</div><div id=3D"topicbox-footer" style=3D"margin:10px 0 0;border-top:1px so=
lid #ddd;border-color:rgba(0,0,0,.15);padding:7px 0;">

<strong><a href=3D"https://9fans.topicbox.com/latest" style=3D"color:inherit=
;text-decoration:none">9fans</a></strong>
  / 9fans / see
<a href=3D"https://9fans.topicbox.com/groups/9fans">discussions</a>
  +
<a href=3D"https://9fans.topicbox.com/groups/9fans/members">participants</a>=

  +
<a href=3D"https://9fans.topicbox.com/groups/9fans/subscription">delivery op=
tions</a>
<a href=3D"https://9fans.topicbox.com/groups/9fans/Te00ed62cf5d85d9e-Mbea512=
5da6cac3f4eec91f09" style=3D"float:right">Permalink</a>
</div>

</div></blockquote></body></html>=

--Apple-Mail-DC6123BA-28D6-4E7C-B733-154F8F276895--