From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id 35674623746 for <9fans@9fans.net>; Tue, 5 Nov 2019 11:28:24 -0500 (EST) (envelope-from szhilkin@gmail.com) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id 6AB13770B3C; Tue, 5 Nov 2019 11:28:24 -0500 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1572971304; b=baq3/GFATOd+R9+NZJtHWj/241x/N5lYs7U/TTVamCciVjp4ib B1hqTLNufwYIbRpDe8Z4bHqIX2a6ITM2G/dsBKCVVrOM2O/MrJHX/9+q3S9L+cJ3 rAhszaZA2MWuJrN3q1QT0m96+Wp0lA4LBISg8iupyMDlcsg7OKRTFffbjHY3U4Cb YaKwjhNb/BP5gNeF0NRfiizrRD1drEZaTdPQBR8ceVO5fK/Zlo3CD0jpQOVcNkwC YQcug1Ne206LjSXRIM5njlo4prdwGUbN2tyie5o9Cb8nDQHpb4DNX3KAPWc/MoHy ST0xvoXmRJhmM/Ad3Bhvb34sKEbk/TwF750g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; s=arcseal; t=1572971304; bh=8Xlids2uavZbPfVqD6ExlAQH79TqETZzUn0T9E8HG18=; b=Q8iPY09hUdHb ILWYuEoBp0fSjl6Pr2hkXH6ykIwAoHldvU2Yqmna7pAIQ44dHYPPjOvrjcEVtiDi 5C8K78OIJMVnfheNhYQRF3/97xDD5VOWMhQe9aGB3j5khpzLHaH6BRGxGlTKi/K4 MfDIqhMY1TAD85OWGv4Y1l8/imBR3AOAr2IwGQQisY5n9UK9jViusnhzVuont5ir AylJIuFuNQxcnYZPIO9UFPXNLtY21Y3TpWWjcvpG1vqNtntqhoyCdCT2h+1eqq6+ 2Li3TUQjrNyD0oa8u5PiweiaaSAFGvjpr6UCkJBmbhBSD7T32zGq3IlZXS6nUO7l 6oF9Okqbvw== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=CiMYfrE+ header.a=rsa-sha256 header.s=20161025 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.215.182 (mail-pg1-f182.google.com); spf=pass smtp.mailfrom=szhilkin@gmail.com smtp.helo=mail-pg1-f182.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=RRAhsL4V; x-ptr=pass smtp.helo=mail-pg1-f182.google.com policy.ptr=mail-pg1-f182.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Record found); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Record found); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=CiMYfrE+ header.a=rsa-sha256 header.s=20161025 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.215.182 (mail-pg1-f182.google.com); spf=pass smtp.mailfrom=szhilkin@gmail.com smtp.helo=mail-pg1-f182.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=RRAhsL4V; x-ptr=pass smtp.helo=mail-pg1-f182.google.com policy.ptr=mail-pg1-f182.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Record found); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Record found); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedufedrudduhedgkeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpeggfhgjhf ffkffuvfgtsegrtderredttdejnecuhfhrohhmpefuvghrghgvhicukghhihhlkhhinhcu oehsiihhihhlkhhinhesghhmrghilhdrtghomheqnecuffhomhgrihhnpehtohhpihgtsg hogidrtghomhenucfkphepvddtledrkeehrddvudehrddukedvnecurfgrrhgrmhepihhn vghtpedvtdelrdekhedrvdduhedrudekvddphhgvlhhopehmrghilhdqphhguddqfhduke dvrdhgohhoghhlvgdrtghomhdpmhgrihhlfhhrohhmpeeoshiihhhilhhkihhnsehgmhgr ihhlrdgtohhmqecuuffkkgfgpedutdduleegnecuvehluhhsthgvrhfuihiivgeptd X-ME-VSCategory: clean Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'szhilkin@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="szhilkin@gmail.com"; helo=mail-pg1-f182.google.com; client-ip=209.85.215.182 Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Tue, 5 Nov 2019 11:28:23 -0500 (EST) (envelope-from szhilkin@gmail.com) Received: by mail-pg1-f182.google.com with SMTP id u23so14618439pgo.0 for <9fans@9fans.net>; Tue, 05 Nov 2019 08:28:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=8Xlids2uavZbPfVqD6ExlAQH79TqETZzUn0T9E8HG18=; b=CiMYfrE+bu+EWF5mSYJUCHwrfbHjOkr2kYbLilbT0gGWqv1kyzQm+nAaA5mnhCvJdv aOwBs9m/RcIMv0LvsfYsYmik0ph+BsPwQUd5Aj3JfRE6jF7M04oGotg5Wos5HpTx8yA1 cesFhaWgVoqX8TrfzvvaufHOR/AsV2Pt9Zdro4fiuF6ht1FQdf35FU5VUCqqAAGuOxVk o5XZ1vZIS5/nRDMIHWpYVsjgobwnF+8aKF7XHMOHg0y++kfbohaEjFbEu0GfSny6mN6Q 88bdojoNgMLxH3CyRe8jrZvZOLGP+GvreDF8KqsWHTWOf7WK1CiFSW9PwoBw6PsXKTRR 6qoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=8Xlids2uavZbPfVqD6ExlAQH79TqETZzUn0T9E8HG18=; b=RRAhsL4VEjGbQ5Ghv+YUdfcou39Fe5K3gMphYXdKeMpMAZQf/EA5TzO/2qBY0Nt/DC Gti4dl01IJ+Klb/0jCUqcWp6QGWk5cCFoPEHCISByOBTFEgN+xL8UBA9EtRMRe0WwGXV SXMOijHjcg7G4IiGJ/sYUxyG6tyhn3SECjyA3E5rKoZM9BkyDoj1cpaBEm+kbqAiMNvi RpyGkogabXqjIw7nyHX9No9RuKmitFHCeXLpf5sjurdT5vM+cVZccXiBa2WCLMhPnv6u qrG+2gerjQ4ygNfG3+b71Jaxsgmw9bArBNSxxgN/o4G9sa9ZJE9dD68JIvcqIHBxcZCe T4Hw== X-Gm-Message-State: APjAAAXIv0vX7PYpdYzjY1dkdPXasOAwRgJLdat9ukqJgtddgdhAtLCx hNYDLR+vckMjy/+1hLsK5m5vW40lP7tYcVUaNryn+dSll3k= X-Google-Smtp-Source: APXvYqxeLEfZ0FomUWYMCmfJjPEs9vG0+cxmASKilugsWBe0JV8M+sS91IbkTR3YBaUtNDlCJ2xNi465BmaBqVnz7mI= X-Received: by 2002:a63:a17:: with SMTP id 23mr7683213pgk.57.1572971302657; Tue, 05 Nov 2019 08:28:22 -0800 (PST) MIME-Version: 1.0 References: <03D70A3E-99D6-4734-BCC4-109B8BEC1727@quintile.net> In-Reply-To: <03D70A3E-99D6-4734-BCC4-109B8BEC1727@quintile.net> From: Sergey Zhilkin Date: Tue, 5 Nov 2019 19:28:10 +0300 Message-ID: Subject: Re: [9fans] banishment of nuisance IP addresses To: 9fans <9fans@9fans.net> Content-Type: multipart/alternative; boundary="000000000000bca65b05969beb13" Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 4d058648-ffe9-11e9-93a8-9b8ee64c7e76 --000000000000bca65b05969beb13 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable >no =E2=80=9Cfw=E2=80=9D not sure what that is. firewall :) =D0=B2=D1=82, 5 =D0=BD=D0=BE=D1=8F=D0=B1. 2019 =D0=B3. =D0=B2 13:06, Steve = Simon : > no =E2=80=9Cfw=E2=80=9D not sure what that is. > > as it happens i turned off ipv6 last night. it was causing problems with > smtp which i fail to understand, maybe tls certificate, i am not sure. > > the banishment code works fine for ipv6 > > -Steve > > > On 5 Nov 2019, at 10:02 am, Sergey Zhilkin wrote: > > =EF=BB=BF > I wonder .... if it will be system with IPv6 enabled and connected > directly to internet. > There is no fw in plan 9 .... > May be time to think about it ? > > =D0=B2=D1=82, 29 =D0=BE=D0=BA=D1=82. 2019 =D0=B3. =D0=B2 14:27, Steve Sim= on : > >> re: anyone can banish ano IP address >> >> You are quite right, not a problem for me, but not a general solution. >> >> Ok, chmod og-w /lib/ndb/banished first. >> >> I could then write a file server, envoked in cpurc as bootes and thus >> has rights to update the files in /lib/ndb/banished/*. >> >> The file server would have to ensure its /srv/xxx file is not accessable >> by others. >> >> This could be mounted by the network listners before they becomenone() s= o >> they retain access. They would also need to ensure they unmount >> the writable access to the banishment directory before starting their >> child process (if the incomming connection is successful). >> >> ugh. Even _if_ that would work its a real pain. >> >> oh well, nice idea, but no bananna. >> >> -Steve >> >> ------------------------------------------ >> 9fans: 9fans >> Permalink: >> https://9fans.topicbox.com/groups/9fans/Te00ed62cf5d85d9e-M4d3ca138d4a82= de48a303955 >> Delivery options: https://9fans.topicbox.com/groups/9fans/subscription >> > > > -- > =D0=A1 =D0=BD=D0=B0=D0=B8=D0=BB=D1=83=D1=87=D1=88=D0=B8=D0=BC=D0=B8 =D0= =BF=D0=BE=D0=B6=D0=B5=D0=BB=D0=B0=D0=BD=D0=B8=D1=8F=D0=BC=D0=B8 > =D0=96=D0=B8=D0=BB=D0=BA=D0=B8=D0=BD =D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9 > With best regards > Zhilkin Sergey > > *9fans * / 9fans / see discussions > + participants > + delivery options > Permalink > > --=20 =D0=A1 =D0=BD=D0=B0=D0=B8=D0=BB=D1=83=D1=87=D1=88=D0=B8=D0=BC=D0=B8 =D0=BF= =D0=BE=D0=B6=D0=B5=D0=BB=D0=B0=D0=BD=D0=B8=D1=8F=D0=BC=D0=B8 =D0=96=D0=B8=D0=BB=D0=BA=D0=B8=D0=BD =D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9 With best regards Zhilkin Sergey --000000000000bca65b05969beb13 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
>no =E2=80=9Cfw=E2=80=9D not sure what that is.=C2=A0= =C2=A0
firewall :)

=D0=B2=D1=82, 5 =D0=BD=D0=BE=D1=8F=D0=B1. 2= 019 =D0=B3. =D0=B2 13:06, Steve Simon <steve@quintile.net>:
no =E2=80=9Cfw=E2=80=9D= not sure what that is.

as= it happens i turned off ipv6 last night. it was causing problems with smtp= which i fail to understand, maybe tls certificate, i am not sure.

the banishment code works fine for= ipv6

-Steve


On 5 Nov = 2019, at 10:02 am, Sergey Zhilkin <szhilkin@gmail.com> wrote:

=EF=BB=BF
I wonder .... if it will be system with IPv6 enabled and c= onnected directly to internet.=C2=A0
There is no fw in plan 9 ....=C2= =A0
May be time to think about it ?

=D0=B2=D1=82, 29 =D0=BE= =D0=BA=D1=82. 2019 =D0=B3. =D0=B2 14:27, Steve Simon <steve@quintile.net>:
=
re: anyone can banish ano= IP address

You are quite right, not a problem for me, but not a general solution.
<= br> Ok, chmod og-w /lib/ndb/banished first.

I could then write a file server, envoked in cpurc as bootes and thus
has rights to update the files in /lib/ndb/banished/*.

The file server would have to ensure its /srv/xxx file is not accessable by others.

This could be mounted by the network listners before they becomenone() so they retain access. They would also need to ensure they unmount
the writable access to the banishment directory before starting their
child process (if the incomming connection is successful).

ugh. Even _if_ that would work its a real pain.

oh well, nice idea, but no bananna.

-Steve

------------------------------------------
9fans: 9fans
Permalink: https:= //9fans.topicbox.com/groups/9fans/Te00ed62cf5d85d9e-M4d3ca138d4a82de48a3039= 55
Delivery options: https://9fans.topicbox.com/gro= ups/9fans/subscription

--
=D0=A1 =D0=BD=D0=B0=D0=B8=D0=BB=D1=83=D1=87= =D1=88=D0=B8=D0=BC=D0=B8 =D0=BF=D0=BE=D0=B6=D0=B5=D0=BB=D0=B0=D0=BD=D0=B8= =D1=8F=D0=BC=D0=B8
=D0=96=D0=B8=D0=BB=D0=BA=D0=B8=D0=BD =D0=A1=D0=B5=D1= =80=D0=B3=D0=B5=D0=B9
With best regards
Zhilkin Sergey


--
=D0=A1 =D0=BD=D0=B0=D0=B8=D0=BB=D1=83=D1= =87=D1=88=D0=B8=D0=BC=D0=B8 =D0=BF=D0=BE=D0=B6=D0=B5=D0=BB=D0=B0=D0=BD=D0= =B8=D1=8F=D0=BC=D0=B8
=D0=96=D0=B8=D0=BB=D0=BA=D0=B8=D0=BD =D0=A1=D0=B5= =D1=80=D0=B3=D0=B5=D0=B9
With best regards
Zhilkin Sergey
--000000000000bca65b05969beb13--