<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Just a reminder that it is time to learn the new packet filter: nftables replaces iptables, ip6tables, ebtables, etc and works with the whole stack and is more efficient. (I myself need to spend a few days working with it.)</div><div><br></div><div>There is a compatibility shim (xtables) but it generates rules that are less efficient than direct usage. <br><br>Sent from my iPad</div><div><br>On Jan 20, 2015, at 11:11 AM, James Sumners <<a href="mailto:james.sumners@gmail.com">james.sumners@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Since another thread is asking how to get it done, here's the quick rundown:<div><br></div><div>On the destination system, create a /etc/rsyncd.conf file and add some contents similar to:</div><div><br></div><div>#####</div><div><div>max connections = 5</div><div>log file = /var/log/rsync.log</div><div>timeout = 300</div><div><br></div><div>[webroot]</div><div> comment = Static web resources root</div><div> path = /opt/webroot</div><div> read only = no</div><div> list = yes</div><div> uid = nobody</div><div> gid = webeditors</div><div>#####</div><div><br></div><div>Then create a inetd configuration (the following is for xinetd):</div><div><br></div><div>#####</div><div><div>service rsync</div><div>{</div><div> disable = no</div><div> socket_type = stream</div><div> wait = no</div><div> user = root</div><div> server = /usr/bin/rsync</div><div> server_args = --daemon</div><div> log_on_failure += USERID</div><div>}</div></div><div>#####</div><div><br></div><div>Done. Now you can rsync some stuff over to that server. I highly recommend doing the following extra configuration on said server:</div><div><br></div><div>`iptables -A INPUT -p tcp -m tcp --dport 873 --src 10.0.0.15 -j ACCEPT\</div><div>iptables -A INPUT -p tcp -m tcp --dport 873 -j DROP`</div><div><br></div><div>Where "10.0.0.15" is the client machine that will be sending data over rsync.</div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>James Sumners<br><a href="http://james.sumners.info/" target="_blank">http://james.sumners.info/</a> (technical profile)</div><div><a href="http://jrfom.com/" target="_blank">http://jrfom.com/</a> (personal site)</div><div><a href="http://haplo.bandcamp.com/" target="_blank">http://haplo.bandcamp.com/</a> (band page)</div></div></div></div></div>
</div></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Ale mailing list</span><br><span><a href="mailto:Ale@ale.org">Ale@ale.org</a></span><br><span><a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a></span><br><span>See JOBS, ANNOUNCE and SCHOOLS lists at</span><br><span><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a></span><br></div></blockquote></body></html>