diff options
| author | Silvino Silva <silvino@bk.ru> | 2016-09-11 01:13:16 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2016-09-11 01:13:16 +0100 |
| commit | d4f02214d7262e85e42cacc25c2ba77d8dd89c19 (patch) | |
| tree | c58c1d674a4e0974565185239b2ceb18e9cfdeee /core | |
| parent | f7994fd3e7ed3d00838022f7ab63b9f849528f04 (diff) | |
| download | doc-d4f02214d7262e85e42cacc25c2ba77d8dd89c19.tar.gz | |
network iptables and resolver revision
Diffstat (limited to 'core')
| -rw-r--r-- | core/conf/rc.d/iptables | 31 | ||||
| -rw-r--r-- | core/conf/resolv.conf | 3 | ||||
| -rw-r--r-- | core/network.html | 34 |
3 files changed, 63 insertions, 5 deletions
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables new file mode 100644 index 0000000..d3bbc9b --- /dev/null +++ b/core/conf/rc.d/iptables @@ -0,0 +1,31 @@ +#!/bin/sh +# +# /etc/rc.d/iptables: load/unload iptable rules +# + +case $1 in +start) + echo "Starting IPv4 firewall filter table..." + /usr/sbin/iptables-restore < /etc/iptables/rules.v4 + ;; +stop) + echo "Stopping firewall and deny everyone..." + /usr/sbin/iptables -F + /usr/sbin/iptables -X + /usr/sbin/iptables -t nat -F + /usr/sbin/iptables -t nat -X + /usr/sbin/iptables -t mangle -F + /usr/sbin/iptables -t mangle -X + /usr/sbin/iptables -P FORWARD DROP + /usr/sbin/iptables -P OUTPUT DROP + ;; +restart) + $0 stop + $0 start + ;; +*) + echo "usage: $0 [start|stop|restart]" + ;; +esac + +# End of file diff --git a/core/conf/resolv.conf b/core/conf/resolv.conf new file mode 100644 index 0000000..8a85b42 --- /dev/null +++ b/core/conf/resolv.conf @@ -0,0 +1,3 @@ +# /etc/resolv.conf.head can replace this line +nameserver 213.73.91.35 +# /etc/resolv.conf.tail can replace this line diff --git a/core/network.html b/core/network.html index e17f5c4..e463ac5 100644 --- a/core/network.html +++ b/core/network.html @@ -7,7 +7,7 @@ <body> <a href="index.html">Core Doc Index</a> - <h1>4. Network</h1> + <h1>2. Network</h1> <p>Examples describe a network that will be configured with two interfaces Ethernet and Wireless. Ethernet interface will @@ -27,7 +27,7 @@ one of above described scripts then proceed to upgrade your system.</p> - <h2 id="iptables">4.1. Iptables</h2> + <h2 id="iptables">2.1.1. Iptables</h2> <p>You can use <a href="scripts/iptables.sh">iptables script</a> @@ -51,17 +51,41 @@ let drop when you call stop.</p> <pre> - # cp /home/user/sysdoc/conf/etc/rc.d/iptables /etc/rc.d/ + # cp c9-doc/core/conf/rc.d/iptables /etc/rc.d/ # vim /etc/rc.d/iptables # chmod +x /etc/rc.d/iptables </pre> - <h2 id="resolv">4.2. Resolver</h2> + <p>Re-configure your rc.conf and add iptables before (w)lan is up;</p> + + <pre> + SERVICES=(lo iptables net crond) + </pre> + + <h2 id="resolv">2.1.2. Resolver</h2> + + <p>Configure your resolver with a server that don't censorship there for + respect your freedom and privacy. Read + <a href="https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver/PublicDnsResolvers#PublicDNSServers">Tor Dns Resolver</a> + for more information. This example will use + <a href="http://www.chaoscomputerclub.de/en/censorship/dns-howto">Chaos Computer Club</a> + server, edit /etc/resolv.conf and make it immutable;</p> + + <pre> + # /etc/resolv.conf.head can replace this line + nameserver 213.73.91.35 + # /etc/resolv.conf.tail can replace this line + </pre> + + <pre> + # chattr +i /etc/resolv.conf + </pre> <h2 id="wpa">4.3. Wpa and dhcpd</h2> <p>There is more information on - <a href="http://crux.nu/Wiki/WifiStartScripts">Wiki Wifi Start Scripts</a>.</p> + <a href="http://crux.nu/Wiki/WifiStartScripts">Wiki Wifi Start Scripts</a> and + see <a href="conf/rc.d/wlan">conf/rc.d/wlan</a>. Manual or first time configuration;</p> <pre> # ip link |