about summary refs log tree commit diff stats
path: root/core/network.html
diff options
context:
space:
mode:
authorSilvino <silvino@bk.ru>2019-06-08 01:49:10 +0100
committerSilvino <silvino@bk.ru>2019-06-08 23:07:46 +0100
commitf905c797c8f2ec87a8aa641a44c49fc1d0a23ebe (patch)
treea878feb974ad47f33625a9d4b84d0b1258c0e3ec /core/network.html
parent923321515685eed09a269d5643135b7c3a4e865d (diff)
downloaddoc-f905c797c8f2ec87a8aa641a44c49fc1d0a23ebe.tar.gz
core network better iptables documentation
Diffstat (limited to 'core/network.html')
-rw-r--r--core/network.html191
1 files changed, 44 insertions, 147 deletions
diff --git a/core/network.html b/core/network.html
index 18dd220..c87acf9 100644
--- a/core/network.html
+++ b/core/network.html
@@ -9,7 +9,8 @@
 
         <h1>2.3. Network</h1>
 
-        <p>Operation of the network can be handle with init scripts;</p>
+        <p>Operation of the network can be handle with init scripts or with
+        <a href="#nm">network manager</a>;</p>
 
         <dl>
             <dt><a href="conf/rc.d/iptables">/etc/rc.d/iptables</a></dt>
@@ -24,11 +25,13 @@
             <dd>Configure Wireless interface, launch wpa_supplicant to handle
             wireless authenticationand dynamic (dhcp)
             connection to router and add as default gateway.</dd>
+            <dt><a href="conf/rc.d/wlan">/etc/rc.d/networkmanager</a></dt>
+            <dd>Use network manager to handle connections.</dd>
         </dl>
 
-        <p>Choose wireless or net as connection to outside world and configure
-        <a href="conf/rc.conf">/etc/rc.conf</a> to run at startup, example
-        connecting using wireless interface;</p>
+        <p>Choose wireless (wlan), cable network (net) or network manager in
+        <a href="conf/rc.conf">/etc/rc.conf</a> to handle configuration of the 
+        network at startup, example using network manager;</p>
 
         <pre>
         #
@@ -40,7 +43,7 @@
         TIMEZONE="Europe/Lisbon"
         HOSTNAME=machine
         SYSLOG=sysklogd
-        SERVICES=(lo iptables wlan crond)
+        SERVICES=(lo iptables networkmanager crond)
 
         # End of file
         </pre>
@@ -116,33 +119,7 @@
 
         <p>For more information about firewall systems read arch wiki
         <a href="https://wiki.archlinux.org/index.php/Iptables">iptables</a>
-        an <a href="https://wiki.archlinux.org/index.php/nftables">nftables</a>.</p>
-
-        <p>To setup iptables rules a set of scripts is used, init script
-        <a href="conf/rc.d/iptables">/etc/rc.d/iptables</a>
-        loads set of rules from file /etc/iptables/net.v4 at boot time.
-        Start option "open" option allows everything to outside
-        and blocks everything from outside, "stop" will block and log
-        everything. Setup init script and rules ;</p>
-
-        <pre>
-        # mkdir /etc/iptables
-        # cp core/conf/iptables/net.v4 /etc/iptables/
-        # cp core/conf/rc.d/iptables /etc/rc.d/
-        # chmod +x /etc/rc.d/iptables
-        </pre>
-
-        <p>Change /etc/rc.conf and add iptables;</p>
-
-        <pre>
-        SERVICES=(iptables lo net crond)
-        </pre>
-
-        <p>See current rules and packets counts;</p>
-
-        <pre>
-        # iptables -L -n -v | less
-        </pre>
+        and <a href="https://wiki.archlinux.org/index.php/nftables">nftables</a>.</p>
 
         <p>Diagram of a package route throw iptables;</p>
 
@@ -286,135 +263,42 @@
          -c, --set-counters packets bytes
         </pre>
 
-
-        <h3 id="ipt_scripts">2.3.3.1. Iptable scripts</h3>
-
-        <p><a href="conf/rc.d/iptables">/etc/rc.d/iptables</a> sources
-        host configuration and create tables with rules that later are
-        used to match packages.</p>
+        <p>See current rules and packets counts;</p>
 
         <pre>
-        source /etc/iptables/ipt-conf.sh
-        source /etc/iptables/ipt-firewall.sh
-
-        case $1 in
-            start)
-                ipt_clear
-                ipt_tables
-                case $TYPE in
-                    bridge)
-
-                    ## load bridge configuration
-                    source /etc/iptables/ipt-bridge.sh
-
-                    ## log everything else and drop
-                    ipt_log
-
-                    iptables-save &gt; /etc/iptables/bridge.v4
-                    ;;
-                    server)
-
-
-                    ## load server configuration
-                    source /etc/iptables/iptables-conf.sh
-
-                    ## log everything else and drop
-                    ipt_log
-
-                    iptables-save &gt; /etc/iptables/server.v4
-                    ;;
-                esac
-                ;;
-            stop)
-
-                ipt_clear
-                ;;
-            restart)
-                $0 stop
-                $0 start
-                ;;
-            *)
-                echo "Usage: $0 [start|stop|restart]"
-                ;;
-        esac
+        # iptables -L -n -v | less
         </pre>
 
-        <h3 id="ipt_server">2.3.3.2. Server iptables</h3>
+        <h3 id="ipt_scripts">2.3.3.1. Iptable scripts</h3>
 
-        <p>Adjust <a href="conf/ipt-conf.sh">/etc/iptables/ipt-conf.sh</a>
-        with your network configuration, edit <a href="conf/ipt-server.sh">/etc/iptables/ipt-server.sh</a> matching rules with interfaces.</p>
+        <p>Scripts help to setup iptables rules so they can be saved using iptables-save
+        and later restored using iptables-restore utilities. Init script
+        <a href="conf/rc.d/iptables">/etc/rc.d/iptables</a>
+        loads set of rules from /etc/iptables folder at boot time.
+        Start option "open" option allows everything to outside
+        and blocks new connections from outside, "stop" will block and log
+        everything.</p>
 
-        <p>Default configuration;</p>
+        <p>Setup init script and rules;</p>
 
         <pre>
-        echo "setting server network..."
-
-        # Unlimited on loopback
-        $IPT -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-        $IPT -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-        $IPT -A INPUT -i lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT
-        $IPT -A OUTPUT -o lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT
-
-        ####### Input Chain ######
-        $IPT -A INPUT -j blocker
-
-        $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${DNS} -j cli_dns_in
-        $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_https_in
-        $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_ssh_in
-        $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_git_in
-        #$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j cli_http_in
-
-
-        $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j srv_https_in
-        $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j cli_https_in
-        $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j srv_ssh_in
-        $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j srv_git_in
-
-        ####### Output Chain ######
-        $IPT -A OUTPUT -j blocker
-
-        $IPT -A OUTPUT -o ${PUB_IF} -d ${DNS} -s ${PUB_IP} -j cli_dns_out
-        #$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j cli_http_out
-        $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_https_out
-        $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_ssh_out
-        $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_git_out
-
-        $IPT -A OUTPUT -o ${PUB_IF} -s ${PUB_IP} -j cli_https_out
-        $IPT -A OUTPUT -o ${PUB_IF} -s ${PUB_IP} -j srv_https_out
-
-        $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -j srv_ssh_out
-        $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -j srv_git_out
+        # mkdir /etc/iptables
+        # cp core/conf/iptables/net.v4 /etc/iptables/
+        # cp core/conf/rc.d/iptables /etc/rc.d/
+        # chmod +x /etc/rc.d/iptables
         </pre>
 
+        <p>Change /etc/rc.conf and add iptables;</p>
 
         <pre>
-        # bash core/scripts/iptables.sh
+        SERVICES=(iptables lo net crond)
         </pre>
 
-        <h3 id="ipt_client">2.3.3.3. Client iptables </h3>
-
-        <p></p>
-        <h3 id="ipt_client">2.3.3.4. Bridge iptables</h3>
-
-        <pre>
-        $IPT -A FORWARD -j blocker
-        $IPT -A FORWARD -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-        $IPT -A FORWARD -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -d ${BR_NET} -j srv_ssh_in
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_ssh_out
+        <p>Change <a href="conf/rc.d/iptables">/etc/rc.d/iptables</a> and define type; server, bridge or open.</p>
 
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_https_in
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_https_out
-
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_rip
-
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_dhcp
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_dhcp
-
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j cli_https_out
-        $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j cli_https_in
-       </pre>
+        <p>Adjust <a href="conf/ipt-conf.sh">/etc/iptables/ipt-conf.sh</a>
+        with your network configuration, and adjust
+        <a href="conf/ipt-server.sh">/etc/iptables/ipt-server.sh</a>, <a href="conf/ipt-bridge.sh">/etc/iptables/ipt-bridge.sh</a>, <a href="conf/ipt-open.sh">/etc/iptables/ipt-open.sh</a> according with host necessities.</p>
 
         <h2 id="wpa">2.3.4. Wpa and dhcpd</h2>
 
@@ -503,11 +387,24 @@
         &gt; save_config
         </pre>
 
+        <h2 id="nm">2.3.5. Network Manager</h2>
+
+        <p>List wifi networks;</p>
+
+        <pre>
+        nmcli device wifi list
+        </pre>
+
+        <p>Connect to a wifi network;</p>
+
+        <pre>
+        nmcli device wifi connect "network name" password "network password"
+        </pre>
 
         <a href="index.html">Core OS Index</a>
         <p>
         This is part of the Hive System Documentation.
-        Copyright (C) 2018
+        Copyright (C) 2019
         Hive Team.
         See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
         for copying conditions.</p>