Adrian Cornish's questions

我试图阻止网络上的一些主机外出/打电话回家。

所以我有2个区域。

[root@eagle ~]# firewall-cmd --get-active-zones 
external
  interfaces: enp2s0
internal
  interfaces: eno1

伪装成external

[root@eagle ~]# firewall-cmd --zone=internal --query-masquerade
no
[root@eagle ~]# firewall-cmd --zone=external --query-masquerade
yes

而且我有一个丰富的规则来删除我想要的 MAC 地址的数据

[root@eagle ~]# firewall-cmd --zone=external --list-rich-rules 
rule source mac="40:16:3B:63:72:E0" drop

但这似乎不起作用。我检查的明显事情是将它们添加为永久并确保我重新加载了规则。

任何帮助表示赞赏

我用谷歌搜索了这个错误，但我读过/尝试过的任何东西都没有——任何人都知道它是什么

错误日志：

Feb 23 22:35:36 localhost postfix/smtpd[5278]: connect from localhost.localdomain[127.0.0.1]
Feb 23 22:35:36 localhost postfix/smtpd[5278]: warning: SASL: Connect to smtpd failed: No such file or directory
Feb 23 22:35:36 localhost postfix/smtpd[5278]: fatal: no SASL authentication mechanisms
Feb 23 22:35:37 localhost postfix/master[5214]: warning: process /usr/libexec/postfix/smtpd pid 5278 exit status 1
Feb 23 22:35:37 localhost postfix/master[5214]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

后缀/main.cf：

queue_directory = /var/spool/postfix
smtpd_sasl_type = dovecot
smptd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes

dovecot/conf.d/10-master.conf：

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

Dovecot 在后缀中可用：

[root@localhost ~]# postconf -a
cyrus
dovecot

插座：

[root@localhost conf.d]# ls -l /var/spool/postfix/private/auth
srw-rw-rw-. 1 postfix postfix 0 Feb 23 22:46 /var/spool/postfix/private/auth

Telnet 立即超时：

[root@localhost ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

授权工作：

[root@localhost ~]# doveadm auth adrian
Password:
passdb: adrian auth succeeded
extra fields:
  user=adrian

操作系统：Centos 6.4 Dovecot：2.1.17 后缀：2.6.6

postconf -n 的编辑结果：

[root@localhost ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 192.168.124.0/24 168.100.189.0/28, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = hash:/etc/postfix/relay_domains
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks        permit_sasl_authenticated        reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = dovecot
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550

我有一个 linux box，它被设置为网络的防火墙/网关。只是想知道为什么 ss 和其他 iproute2 工具显示的内容比 iptables conntrack 少得多。是因为路由器功能仅在内核中发生吗？

ss -na

仅显示两个已建立的连接，其中作为

conntrack -L -n

显示 18 已建立的连接。