I have to create the following policy:
config firewall policy
edit 0
set srcintf "any"
set dstintf "interface2"
set srcaddr "all"
set dstaddr "vip1"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
end
Existing VIP is:
config firewall vip
edit "vip1"
set uuid xxxxx
set extip 10.1.0.43
set extintf "interface1"
set mappedip "x.x.70.9"
next
end
Which is mapped to:
get router info routing-table details x.x.70.9
Routing entry for x.x.70.0/27
Known via "static", distance 10, metric 0, best
10.10.70.1, via "interface2"
But when I create the policy, it only lets me put "interface1" as srcintf.
This does not work for me as I need an 'srcintf "any"' policy.
Error code is 651.
Anyone sees what I'm missing?
Thanks in advance!
Change the VIP interface to "any". Then you can chose "any" as sourceinterface in the policy as well.
In your example:
config firewall vip
edit "vip_name1"
set extip 10.1.0.43
set extintf "any" <---
set mappedip "x.x.70.9"
next
end
Related
I have a role with this permission:
path-prefix[/mydb] and (method[PUT] or method[POST] or method[GET])
I'm trying to create a collection in this database following this doc: https://restheart.org/docs/mgmt/dbs-collections/
So, I wrote using postman this:
method: PUT
url: https://myhost.mydomain/mydb/newcollection
User and password are ok. The user has this role. GET works.
But the PUT return 403 (not 401, 403).
RestHeart (v6).
Any tips to solve this?
Solved.
The version 6 changed somethings in security. Now some permissions have to be set explicitly, in this case, to allow management requests:
"mongo": {
"allowWriteMode": false,
"allowManagementRequests": true,
"allowBulkPatch": false,
"allowBulkDelete": false
}
More in: https://restheart.org/docs/upgrade-to-v6/
I am trying to set the value of the lastViewedByMeDate parameter for a file on Google drive. Setting request goes fine. When I retrieve the value of the property it is offset (delayed) from the time I set it to.
Referring to the page: https://developers.google.com/drive/v2/reference/files/update I tried this by setting the parameter updateViewedDate to false also. Setting it to false reduces the delay to like 3 seconds but it is still not what I set it to.
Is there something I am not doing right? Any help would be appreciated.
I found these instructions to turn it on:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.MySQL.html
But the Edit Parameters button is disabled:
Am I missing something?
Given the name "default.mysql5.6," it looks like you are trying to edit the default parameter group.
You cannot modify the parameter settings of a default DB parameter group; you must create your own DB parameter group to change parameter settings from their default value.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html
I have a domain mydomain.com. The DNS servers for this domain are under my control and I'm running PowerDNS there. I've set up DNSSEC for my main domain mydomain.com and I've registered the keys at registrar. Everything works fine for the main domain. However when I create subdomains (zones) with PowerAdmin GUI then I get the following error for my subdomains from DNSSEC analysis tool at http://dnssec-debugger.verisignlabs.com/:
No DS records found for subdomain.mydomain.com in the mydomain.com zone
Question: how to add that DS record to mydomain.com zone with powerdns?
Note: I haven't used PowerAdmin, so this is a PowerDNS answer.
Assuming you have also signed these subdomains/zones, you would use pdnssec show-zone to see the DS records for them. Then, insert these DS records into the parent zone (mydomain.com), with fields set like this:
domain_id = id of domain.com
name = sub.mydomain.com
type = DS
content = copy/paste from pdnssec show-zone
You also need to insert NS records (as above, but with type=NS and content=name of your server), to get a valid delegation, even if it is local!
If you don't actually care about DNSSEC for the subdomains, just insert the NS records and leave out the DS. This will tell validators that the subdomain is deliberately insecure.
Tinkering around with verifying a couple of domains and found the manual process rather tedius. My DNS controller offers API access so I figured why not script the whole thing.
Trick is I can't figure out how to access the required TXT & CNAME records for DKIMS verification from boto, when I punch in
dkims = conn.verify_domain_dkim('DOMAIN.COM')
it adds DOMAIN.COM to the list of domains pending verification but doesn't provide the needed records, the returned value of dkims is
{'VerifyDomainDkimResponse': {
'ResponseMetadata': {'RequestId': 'REQUEST_ID_STRING'},
'VerifyDomainDkimResult': {'DkimTokens': {
'member': 'DKIMS_TOKEN_STRING'}}}}
Is there some undocumented way to take the REQUEST_ID or TOKEN_STRING to pull up these records?
UPDATE
If you have an aws account you can see the records I'm after at
https://console.aws.amazon.com/ses/home?region=us-west-2#verified-senders:domain
tab: Details:: Record Type: TXT (Text)
tab: DKIM:: DNS Record 1, 2, 3
these are the records required to add to the DNS controller to validate & allow DKIM signatures to take place
This is how I do it with python.
DOMINIO = 'mydomain.com'
from boto3 import Session
session = Session(
aws_access_key_id=MY_AWS_ACCESS_KEY_ID,
aws_secret_access_key=MY_AWS_SECRET_ACCESS_KEY,
region_name=MY_AWS_REGION_NAME)
client = session.client('ses')
# gets VerificationToken for the domain, that will be used to add a TXT record to the DNS
result = client.verify_domain_identity(Domain=DOMINIO)
txt = result.get('VerificationToken')
# gets DKIM tokens that will be used to add 3 CNAME records
result = client.verify_domain_dkim(Domain=DOMINIO)
dkim_tokens = result.get('DkimTokens') # this is a list
At the end of the code, you will have "txt" and "dkim_tokens" variables, a string and a list respectively.
You will need to add a TXT record to your dns, where the host name is "_amazonses" and the value is the value of "txt" variable.
Also you will need to add 3 CNAME records to your dns, one for each token present in "dkim_tokens" list, where the host name of each record is of the form of [dkimtoken]._domainkey and the target is [dkimtoken].dkim.amazonses.com
After adding the dns records, after some minutes (maybe a couple of hours), Amazon will detect and verify the domain, and will send you an email notification. After that, you can enable Dkim signature by doing this call:
client.set_identity_dkim_enabled(Identity=DOMINIO, DkimEnabled=True)
The methods used here are verify_domain_identity, verify_domain_dkim and set_identity_dkim_enabled.
You may also want to take a look a get_identity_verification_attributes and get_identity_dkim_attributes.
I think the get_identity_dkim_attributes method will return the information you are looking for. You pass in the domain name(s) you are interested in and it returns the status for that identity as well as the DKIM tokens.