swinog January 2019

swinog@lists.swinog.ch

11 participants
5 discussions

by Viktor Steinmann

Dear SwiNOGers I'm new to JunOS. I like this OS so far, but I'm having a hard time, securing this stuff... Something's wrong in my JunOS filters... Basically I want to block everyone from accessing the interface on the router itself, but I want to allow traffic to pass the interface. Somehow that doesn't work. See below the (relevant) configuration parts: interfaces { xe-0/1/2 { description blabla; vlan-tagging; } unit 100 { description Blabla; vlan-id 100; family inet { filter { input INTERFACE-INCOMING; } address 192.168.1.1/24 } } } policy-options { prefix-list MYINTERFACE { 192.168.1.1/32; } } firewall { family inet { filter INTERFACE-INCOMING { term WAN-ADDRESS { from { destination-prefix-list { MYINTERFACE; } } then { discard; } } term ALLOW-ALL { then accept; } } } } Anybody with a hint, why this filter doesn't actually block traffic to 192.168.1.1? I can still ping it. Kind regards, Viktor

4 years, 1 month

Weird Bluewin Server Problem (occasional 550 5.1.1)

by Benoit Panizzon

Dear List Has anyone else experienced this problem? According to our customer, it occurred a couple of times in the last days: Sender and Destinations are the same in all examples: Our customer is sending an email to bluewin: Jan 23 13:32:42 obelix postfix-submit.obelix/smtp[28721 C5015C0CE5: to=<****(a)bluewin.ch>, relay=mxbw.lb.bluewin.ch[195.186.120.50]:25, delay=57, delays=1.6/0.01/44/11, dsn=2.0.0, status=sent (250 2.0.0 mHh5gTobfzOqbmHhngLDSm mail accepted for delivery) Bluewin Customer replies: Jan 23 17:10:17 obelix milter-greylist: (unknown id): skipping greylist because address 195.186.120.132 is in DNSRBL, (from=<****(a)bluewin.ch>, rcpt=<****(a)breitband.ch>, addr=vimdzmsp-sfwd03.bluewin.ch[195.186.120.132]) ACL 196 Our customer replies: Jan 23 17:24:38 obelix postfix-submit.obelix/smtp[12583 D0AE7C10EE: to=<****(a)bluewin.ch>, relay=mxbw.lb.bluewin.ch[195.186.120.50]:25, delay=101, delays=0.27/0.01/66/35, dsn=5.1.1, status=bounced (host mxbw.lb.bluewin.ch[195.186.120.50] said: 550 5.1.1 <*****(a)bluewin.ch> recipient rejected, address unknown (in reply to RCPT TO command)) Same IP Address of same bluewin server as before, not replies the destination does not exist. I can assure you, it is the same address as before. Our customer tries again: Jan 23 17:32:23 obelix postfix-submit.obelix/smtp[26676 C9470C1271: to=<*****(a)bluewin.ch>, relay=mxbw.lb.bluewin.ch[195.186.227.50]:25, delay=3, delays=0.24/0.02/0.59/2.1, dsn=2.0.0, status=sent (250 2.0.0 mJApg3d9Gp4S3mJAqgsUex mail accepted for delivery) Now the email is getting through! Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

4 years, 2 months

Beginning of the year beers

by Massimiliano Stucchi

Hi everyone! Since there is no one organising any more beer events, I think the beginning of the year could be a good opportunity to try to meet. I suggest to meet Thursday, 24th of January at Kennedy's, near Zurich HB, around 18. I created an event on eventbrite: https://www.eventbrite.it/e/swiss-netops-new-year-beer-registration-5492147… so I can keep track of who's supposed to come. I will proceed with booking the venue at the beginning of next week, when I expect to have a rough idea of the number of participants. I hope to see many of you there! Ciao! -- Massimiliano Stucchi MS16801-RIPE

4 years, 2 months

New BÜPF / VÜPF: Technical, Organisational and Administrative Requirements, March 1, 2019

by Fredy Kuenzler

Did anyone notice and read the new BÜPF / VÜPF Technical, Organisational and Administrative Requirements, valid from March 1, 2019? To my understanding FDAs with reduced requirements don't have to do anything. Press release in DE/FR/IT DE https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-7… FR https://www.admin.ch/gov/fr/accueil/documentation/communiques.msg-id-73716.… IT https://www.admin.ch/gov/it/pagina-iniziale/documentazione/comunicati-stamp… -- Fredy Kuenzler Init7 (Switzerland) Ltd. AS13030 Technoparkstrasse 5 CH-8406 Winterthur Twitter: @init7 / @kuenzler http://www.init7.net/

4 years, 2 months

mail.protection.outlook.com - dns issues?

by Tobias Goeller

Hi All, Anyone else having problems with customers using mail.protection.outlook.com or spf.protection.outlook.com in their SPF Records? Just asking (both records seem to be not resolvable at the moment...) Tobias -- E = M * C^2 +/- 3.2db

4 years, 2 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog January 2019