diff options
| author | Silvino Silva <silvino@bk.ru> | 2019-06-02 19:07:17 +0000 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2019-06-02 19:07:17 +0000 |
| commit | f5971b13ab41c1131c796b509c06165e6e8fe6bf (patch) | |
| tree | fe063fe68ae187d0dac111abd75fbd374f27c736 | |
| parent | 9d9bfe21eef76ca690f864f7757b1470d07d1301 (diff) | |
| download | doc-f5971b13ab41c1131c796b509c06165e6e8fe6bf.tar.gz | |
core and skel revision
| -rw-r--r-- | core/conf/rc.d/iptables | 7 | ||||
| -rw-r--r-- | core/network.html | 111 | ||||
| -rw-r--r-- | tools/conf/etc/skel/.gitconfig | 1 | ||||
| -rw-r--r-- | tools/conf/etc/skel/.vimrc | 6 | ||||
| -rw-r--r-- | tools/conf/etc/skel/.xinitrc | 16 |
5 files changed, 106 insertions, 35 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables index 9471f99..d4f9ebc 100644 --- a/core/conf/rc.d/iptables +++ b/core/conf/rc.d/iptables @@ -8,20 +8,25 @@ case $1 in ipt_tables case $TYPE in bridge) + + ## load bridge configuration source /etc/iptables/ipt-bridge.sh ## log everything else and drop ipt_log iptables-save > /etc/iptables/bridge.v4 + ;; server) + + ## load server configuration source /etc/iptables/iptables-conf.sh ## log everything else and drop ipt_log - iptables-save > /etc/iptables/net.v4 + iptables-save > /etc/iptables/server.v4 ;; esac ;; diff --git a/core/network.html b/core/network.html index 5913845..18dd220 100644 --- a/core/network.html +++ b/core/network.html @@ -286,52 +286,115 @@ -c, --set-counters packets bytes </pre> - <h3 id="ipt_server">2.3.3.1. Server iptables</h3> - <p>Adjust <a href="scripts/iptables.sh">iptables.sh</a> with - your network configuration then run it;</p> + <h3 id="ipt_scripts">2.3.3.1. Iptable scripts</h3> + + <p><a href="conf/rc.d/iptables">/etc/rc.d/iptables</a> sources + host configuration and create tables with rules that later are + used to match packages.</p> + + <pre> + source /etc/iptables/ipt-conf.sh + source /etc/iptables/ipt-firewall.sh + + case $1 in + start) + ipt_clear + ipt_tables + case $TYPE in + bridge) + + ## load bridge configuration + source /etc/iptables/ipt-bridge.sh + + ## log everything else and drop + ipt_log + + iptables-save > /etc/iptables/bridge.v4 + ;; + server) + + + ## load server configuration + source /etc/iptables/iptables-conf.sh + + ## log everything else and drop + ipt_log + + iptables-save > /etc/iptables/server.v4 + ;; + esac + ;; + stop) + + ipt_clear + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 [start|stop|restart]" + ;; + esac + </pre> + + <h3 id="ipt_server">2.3.3.2. Server iptables</h3> + + <p>Adjust <a href="conf/ipt-conf.sh">/etc/iptables/ipt-conf.sh</a> + with your network configuration, edit <a href="conf/ipt-server.sh">/etc/iptables/ipt-server.sh</a> matching rules with interfaces.</p> <p>Default configuration;</p> <pre> - server) + echo "setting server network..." + + # Unlimited on loopback + $IPT -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + $IPT -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT + $IPT -A INPUT -i lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT + $IPT -A OUTPUT -o lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT - echo "Setting server network..." ####### Input Chain ###### $IPT -A INPUT -j blocker - $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${DNS} -j cli_dns_in - $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_https_in - $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_ssh_in - $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_git_in - $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j cli_https_in + $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${DNS} -j cli_dns_in + $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_https_in + $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_ssh_in + $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_git_in + #$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j cli_http_in + + + $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j srv_https_in + $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j cli_https_in + $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j srv_ssh_in + $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j srv_git_in ####### Output Chain ###### $IPT -A OUTPUT -j blocker - $IPT -A OUTPUT -o ${PUB_IF} -d ${DNS} -s ${PUB_IP} -j cli_dns_out - $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_https_out - $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_ssh_out - $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_git_out - $IPT -A OUTPUT -o ${PUB_IF} -s ${PUB_IP} -j cli_https_out + $IPT -A OUTPUT -o ${PUB_IF} -d ${DNS} -s ${PUB_IP} -j cli_dns_out + #$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j cli_http_out + $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_https_out + $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_ssh_out + $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_git_out - ## log everything else and drop - iptables_log + $IPT -A OUTPUT -o ${PUB_IF} -s ${PUB_IP} -j cli_https_out + $IPT -A OUTPUT -o ${PUB_IF} -s ${PUB_IP} -j srv_https_out - iptables-save > /etc/iptables/net.v4 - exit 0 - - ;; + $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -j srv_ssh_out + $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -j srv_git_out </pre> + <pre> # bash core/scripts/iptables.sh </pre> - <h3 id="ipt_client">2.3.3.2. Client iptables </h3> + <h3 id="ipt_client">2.3.3.3. Client iptables </h3> <p></p> - <h3 id="ipt_client">2.3.3.3. Bridge iptables</h3> + <h3 id="ipt_client">2.3.3.4. Bridge iptables</h3> <pre> $IPT -A FORWARD -j blocker @@ -351,7 +414,7 @@ $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j cli_https_out $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j cli_https_in - <pre> + </pre> <h2 id="wpa">2.3.4. Wpa and dhcpd</h2> diff --git a/tools/conf/etc/skel/.gitconfig b/tools/conf/etc/skel/.gitconfig index 3af5f03..730d8d9 100644 --- a/tools/conf/etc/skel/.gitconfig +++ b/tools/conf/etc/skel/.gitconfig @@ -5,5 +5,6 @@ tool = vimdiff [merge] tool = vimdiff + conflictstyle = diff3 [difftool] prompt = false diff --git a/tools/conf/etc/skel/.vimrc b/tools/conf/etc/skel/.vimrc index 2a45faf..0a3656d 100644 --- a/tools/conf/etc/skel/.vimrc +++ b/tools/conf/etc/skel/.vimrc @@ -110,7 +110,9 @@ map <F3> :tabprevious<CR> map <F4> :tabnext<CR> " "" Show Line Numbers -set nu +"" set nu +"" Show Relative Line Numbers +set relativenumber "set complete=.,b,u,] "set wildmode=longest,list:longest "set completeopt=menu,preview @@ -145,7 +147,7 @@ autocmd BufWinLeave * call clearmatches() "" Finally, if you want an indent to correspond to a single tab, you should also use: ""set shiftwidth=4 "" For indents that consist of 4 space characters but are entered with the tab key: -set tabstop=8 softtabstop=0 expandtab shiftwidth=4 smarttab +set tabstop=4 softtabstop=0 expandtab shiftwidth=4 smarttab "set list "" set past gives problems with tabs "" set paste diff --git a/tools/conf/etc/skel/.xinitrc b/tools/conf/etc/skel/.xinitrc index 6ccd340..379a315 100644 --- a/tools/conf/etc/skel/.xinitrc +++ b/tools/conf/etc/skel/.xinitrc @@ -1,13 +1,13 @@ -## Start the window manager - -xrandr -s 1366x768 -#xrandr --dpi 100 -#xrandr --output eDP1 --mode 1366x768 +#xrandr --output eDP1 --mode 1024x768 +#xrandr -s 1366x768 +#xrandr --dpi 73 +#xrandr --dpi 96 #xgamma -gamma 0.8 -#syndaemon -d setxkbmap dvorak +#syndaemon -d +# +## Start the window manager #exec openbox-session -#exec dwm -exec spectrwm #exec start-mate +exec spectrwm |