diff options
author | Silvino Silva <silvino@bk.ru> | 2016-10-16 23:46:29 +0100 |
---|---|---|
committer | Silvino Silva <silvino@bk.ru> | 2016-10-16 23:46:29 +0100 |
commit | 70037109e547e37525500588f6344aba37de6d07 (patch) | |
tree | b5448f31decd0ccf612081643bd662f7a8100338 /tools | |
parent | 5221508bbc3f4cb62b5d61655c1cb9e786fb40e1 (diff) | |
parent | 64f6ca67031660f60ae6251b617f0afcce16b525 (diff) | |
download | doc-70037109e547e37525500588f6344aba37de6d07.tar.gz |
merged release 0.2.6 to develop
Diffstat (limited to 'tools')
-rw-r--r-- | tools/conf/etc/dnsmasq.conf | 2 | ||||
-rwxr-xr-x | tools/conf/etc/rc.d/dnscrypt-proxy | 9 | ||||
-rw-r--r-- | tools/conf/etc/resolv.conf | 9 | ||||
-rw-r--r-- | tools/dnsmasq.html | 26 | ||||
-rw-r--r-- | tools/index.html | 28 | ||||
-rw-r--r-- | tools/lvm.html | 11 | ||||
-rw-r--r-- | tools/network.html | 4 | ||||
-rw-r--r-- | tools/scripts/system-iptables.sh | 361 | ||||
-rw-r--r-- | tools/storage.html | 23 |
9 files changed, 69 insertions, 404 deletions
diff --git a/tools/conf/etc/dnsmasq.conf b/tools/conf/etc/dnsmasq.conf index f09b6a6..dc48d99 100644 --- a/tools/conf/etc/dnsmasq.conf +++ b/tools/conf/etc/dnsmasq.conf @@ -112,6 +112,8 @@ interface=br0 # Or you can specify which interface _not_ to listen on except-interface=wlp7s0 +except-interface=enp8s0 + # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) listen-address=127.0.0.1 diff --git a/tools/conf/etc/rc.d/dnscrypt-proxy b/tools/conf/etc/rc.d/dnscrypt-proxy index 3f4feea..0874fa6 100755 --- a/tools/conf/etc/rc.d/dnscrypt-proxy +++ b/tools/conf/etc/rc.d/dnscrypt-proxy @@ -16,15 +16,10 @@ USER=nobody PATH=/usr/sbin:/usr/bin:/sbin:/bin DAEMON=/usr/sbin/dnscrypt-proxy NAME=dnscrypt-proxy +RESOLVER=dnscrypt.eu-dk ADDRESS1=77.66.84.233 -ADDRESS2=176.56.237.171 -ADDRESS3=77.66.84.233.443 PNAME1=2.dnscrypt-cert.resolver2.dnscrypt.eu -PNAME2=2.dnscrypt-cert.resolver1.dnscrypt.eu PKEY1=3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955 -PKEY2=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66 -PKEY2=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66 -PKEY2=3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955 case "$1" in start) @@ -33,7 +28,7 @@ case "$1" in --resolver-address=$ADDRESS3 \ --provider-name=$PNAME1 \ --provider-key=$PKEY3 \ - --resolver-name="dnscrypt.eu-dk" + --resolver-name=$RESOLVER ;; stop) echo "Stopping $NAME" diff --git a/tools/conf/etc/resolv.conf b/tools/conf/etc/resolv.conf new file mode 100644 index 0000000..b568a6c --- /dev/null +++ b/tools/conf/etc/resolv.conf @@ -0,0 +1,9 @@ +# Generated by dhcpcd from wlp7s0.dhcp +# /etc/resolv.conf.head can replace this line +nameserver 127.0.0.1 +# CCC server +# nameserver 213.73.91.35 +# OpenNIC Servers +# nameserver 192.71.249.83 +# nameserver 5.135.183.146 +# /etc/resolv.conf.tail can replace this line diff --git a/tools/dnsmasq.html b/tools/dnsmasq.html index ce22d76..c431c30 100644 --- a/tools/dnsmasq.html +++ b/tools/dnsmasq.html @@ -10,6 +10,9 @@ <h1>Dnscrypt and Dnsmasq</h1> + <p>Configure your resolver with a server that don't + censorship there for respect your freedom and privacy. + Read <a href="https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver/PublicDnsResolvers#PublicDNSServers">Tor Dns Resolver</a> for more information.</p> <h2 id="dnscrypt">1. Dnscrypt</h2> @@ -17,23 +20,26 @@ $ prt-get depinst dnscrypt </pre> - <p>Dnscrypt by default resolves to dnscrypt.eu-nl, file - /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv - contains list of compatible serers. Sysdoc dnscrypt-proxy port - contains init script configured to use DNSCrypt.eu resolver and - run as nobody user. Basic usage example;</p> + <p>Dnscrypt by default resolves to dnscrypt.eu-nl, check file + /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv for a list of + compatible servers. Dnscrypt-proxy port from c9-ports contains + <a href="conf/etc/rc.d/dnscrypt-proxy">dnscrypt-proxy</a> init + script configured to use dnscrypt.eu-dk resolver and run as + nobody user. Basic usage example;</p> <pre> - $ sudo dnscrypt-proxy --daemonize --resolver-name=<resolver name> + $ sudo -u nobody dnscrypt-proxy --daemonize --resolver-name=<resolver name> </pre> <h2 id="dnsmasq">2. Dnsmasq</h2> - <p>Edit <a href="../conf/etc/resolv.conf">resolv.conf</a>;</p> + <p>Edit <a href="conf/etc/resolv.conf">resolv.conf</a>;</p> <pre> - # Local dnsmasq server + # /etc/resolv.conf.head can replace this line nameserver 127.0.0.1 + # CCC server + # nameserver 213.73.91.35 # OpenNIC Servers # nameserver 192.71.249.83 # nameserver 5.135.183.146 @@ -48,8 +54,8 @@ <p>Dnsmasq provides dns caching and dhcpd, example configuration files: - <a href="../conf/etc/dnsmasq.conf">dnsmasq.conf</a> (change interface), - <a href="../conf/etc/hosts.dnsmasq">hosts.dnsmasq</a>.</p> + <a href="conf/etc/dnsmasq.conf">dnsmasq.conf</a> (change interface), + <a href="conf/etc/hosts.dnsmasq">hosts.dnsmasq</a>.</p> <a href="index.html">Tools Index</a> diff --git a/tools/index.html b/tools/index.html index c6fbae7..1b63a92 100644 --- a/tools/index.html +++ b/tools/index.html @@ -78,15 +78,17 @@ </li> <li><a href="storage.html">Storage</a> <ul> - <li><a href="lvm.html">LVM</a> - <ul> - <li><a href="lvm.html#lvmpart">1. LVM partition</a></li> - <li><a href="lvm.html#pv">2. Create physical volume</a></li> - <li><a href="lvm.html#vg">3. Create volume group</a></li> - <li><a href="lvm.html#lv">4. Create logical volume</a></li> - <li><a href="lvm.html#maint">5. Maintenance</a></li> - </ul> - </li> + <li><a href="storage.html#maint">1. Maintenance</a></li> + <li><a href="storage.html#mv">2. Moving data</a></li> + </ul> + </li> + <li><a href="lvm.html">LVM</a> + <ul> + <li><a href="lvm.html#lvmpart">1. LVM partition</a></li> + <li><a href="lvm.html#pv">2. Create physical volume</a></li> + <li><a href="lvm.html#vg">3. Create volume group</a></li> + <li><a href="lvm.html#lv">4. Create logical volume</a></li> + <li><a href="lvm.html#maint">5. Maintenance</a></li> </ul> </li> <li><a href="syslog-ng.html">Syslog-ng</a> @@ -97,10 +99,10 @@ <li><a href="syslog-ng.html#syslog-conf">Syslog-ng configuration</a></li> <li><a href="logrotate.html">Logrotate</a></li> <li><a href="logwatch.html">Logwatch</a> - <ul> - <li><a href="logwatch.html#conf">Configure Logwatch</a></li> - <li><a href="logwatch.html#cron">Set cron task</a></li> - </ul> + <ul> + <li><a href="logwatch.html#conf">Configure Logwatch</a></li> + <li><a href="logwatch.html#cron">Set cron task</a></li> + </ul> </li> </ul> diff --git a/tools/lvm.html b/tools/lvm.html index 8b1624a..898a8d3 100644 --- a/tools/lvm.html +++ b/tools/lvm.html @@ -127,17 +127,6 @@ <h2 id="maint">5. Maintenance</h2> - <pre> - # smartctl -t long /dev/sdb1 - # smartctl -a /dev/sdb1 | less - </pre> - - <p><a href="https://wiki.archlinux.org/index.php/Badblocks">Non Destructive Test;</a></p> - - <pre> - # badblocks -nsv /dev/sdb1 - </pre> - <h2 id="encrypt">7. Encryption</h2> <a href="index.html">Tools Index</a> diff --git a/tools/network.html b/tools/network.html index 5e4a481..43e4616 100644 --- a/tools/network.html +++ b/tools/network.html @@ -10,6 +10,10 @@ <h1>Network Tools</h1> + <p>Ethernet and wireless connections to router are configured + by <a href="../core/network.html">net and wlan</a> scripts, they + allow to connect to the internet in the most common environments.</p> + <h2 id="bridge">Bridges</h2> <p>See <a href="conf/etc/rc.d/blan">/etc/rc.d/blan</a> on diff --git a/tools/scripts/system-iptables.sh b/tools/scripts/system-iptables.sh deleted file mode 100644 index 429efde..0000000 --- a/tools/scripts/system-iptables.sh +++ /dev/null @@ -1,361 +0,0 @@ -#!/bin/sh - -# -# XXXXXXXXXXXXXXXXX -# XXXX Network XXXX -# XXXXXXXXXXXXXXXXX -# + -# | -# v -# +-------------+ +------------------+ -# |table: filter| <---+ | table: nat | -# |chain: INPUT | | | chain: PREROUTING| -# +-----+-------+ | +--------+---------+ -# | | | -# v | v -# [local process] | **************** +--------------+ -# | +---------+ Routing decision +------> |table: filter | -# v **************** |chain: FORWARD| -# **************** +------+-------+ -# Routing decision | -# **************** | -# | | -# v **************** | -# +-------------+ +------> Routing decision <---------------+ -# |table: nat | | **************** -# |chain: OUTPUT| | + -# +-----+-------+ | | -# | | v -# v | +-------------------+ -# +--------------+ | | table: nat | -# |table: filter | +----+ | chain: POSTROUTING| -# |chain: OUTPUT | +--------+----------+ -# +--------------+ | -# v -# XXXXXXXXXXXXXXXXX -# XXXX Network XXXX -# XXXXXXXXXXXXXXXXX -# -# iptables [-t table] {-A|-C|-D} chain rule-specification -# -# iptables [-t table] {-A|-C|-D} chain rule-specification -# -# iptables [-t table] -I chain [rulenum] rule-specification -# -# iptables [-t table] -R chain rulenum rule-specification -# -# iptables [-t table] -D chain rulenum -# -# iptables [-t table] -S [chain [rulenum]] -# -# iptables [-t table] {-F|-L|-Z} [chain [rulenum]] [options...] -# -# iptables [-t table] -N chain -# -# iptables [-t table] -X [chain] -# -# iptables [-t table] -P chain target -# -# iptables [-t table] -E old-chain-name new-chain-name -# -# rule-specification = [matches...] [target] -# -# match = -m matchname [per-match-options] -# -# -# Targets -# -# can be a user defined chain -# -# ACCEPT - accepts the packet -# DROP - drop the packet on the floor -# QUEUE - packet will be stent to queue -# RETURN - stop traversing this chain and -# resume ate the next rule in the -# previeus (calling) chain. -# -# if packet reach the end of the chain or -# a target RETURN, default policy for that -# chain is applayed. -# -# Target Extensions -# -# AUDIT -# CHECKSUM -# CLASSIFY -# DNAT -# DSCP -# LOG -# Torn on kernel logging, will print some -# some information on all matching packets. -# Log data can be read with dmesg or syslogd. -# This is a non-terminating target and a rule -# should be created with matching criteria. -# -# --log-level level -# Level of logging (numeric or see sys- -# log.conf(5) -# -# --log-prefix prefix -# Prefix log messages with specified prefix -# up to 29 chars log -# -# --log-uid -# Log the userid of the process with gener- -# ated the packet -# NFLOG -# This target pass the packet to loaded logging -# backend to log the packet. One or more userspace -# processes may subscribe to the group to receive -# the packets. -# -# ULOG -# This target provides userspace logging of maching -# packets. One or more userspace processes may then -# then subscribe to various multicast groups and -# then receive the packets. -# -# -# Commands -# -# -A, --append chain rule-specification -# -C, --check chain rule-specification -# -D, --delete chain rule-specification -# -D, --delete chain rulenum -# -I, --insert chain [rulenum] rule-specification -# -R, --replace chain rulenum rule-specification -# -L, --list [chain] -# -P, --policy chain target -# -# Parameters -# -# -p, --protocol protocol -# tcp, udp, udplite, icmp, esp, ah, sctp, all -# -s, --source address[/mask][,...] -# -d, --destination address[/mask][,...] -# -j, --jump target -# -g, --goto chain -# -i, --in-interface name -# -o, --out-interface name -# -f, --fragment -# -m, --match options module-name -# iptables can use extended packet matching -# modules. -# -c, --set-counters packets bytes - -IPT="/usr/sbin/iptables" -SPAMLIST="blockedip" -SPAMDROPMSG="BLOCKED IP DROP" - -PUB_IF="wlp7s0" -#PRIV_IF="wlp3s0" - -BRIDGE="br0" -BNET=10.0.0.0 -BMSK=24 - -DHCP_IP="192.168.1.254" -PUB_IP=$(ip addr show dev ${PUB_IF} | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') - -modprobe ip_conntrack -modprobe ip_conntrack_ftp - -echo "Stopping ipv4 firewall and deny everyone..." - -iptables -F -iptables -X -iptables -t nat -F -iptables -t nat -X -iptables -t mangle -F -iptables -t mangle -X -iptables -t raw -F -iptables -t raw -X -iptables -t security -F -iptables -t security -X - - -echo "Starting ipv4 firewall filter table..." - -# Set Default Rules -iptables -P INPUT DROP -iptables -P FORWARD DROP -iptables -P OUTPUT DROP - - -# Unlimited on local -$IPT -A INPUT -i lo -j ACCEPT -$IPT -A OUTPUT -o lo -j ACCEPT - -$IPT -A INPUT -i $BRIDGE -j ACCEPT -$IPT -A OUTPUT -o $BRIDGE -j ACCEPT - -# Block sync -$IPT -A INPUT -p tcp ! --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 7 --log-prefix "iptables: drop sync: " -$IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP - -# Block Fragments -$IPT -A INPUT -f -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop frag: " -$IPT -A INPUT -f -j DROP - -# Block bad stuff -$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP -$IPT -A INPUT -p tcp --tcp-flags ALL ALL -j DROP - -$IPT -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop null: " -$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # NULL packets - -$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop syn rst syn rst: " -$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP - -$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop xmas: " -$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS - -$IPT -A INPUT -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop fin scan: " -$IPT -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans - -$IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP - -##### Add your virtual rules below ###### - -#echo 1 > /proc/sys/net/ipv4/ip_forward -#$IPT -t nat -A POSTROUTING -o ${PUB_IF} -j SNAT --to ${PUB_IP} -##$IPT -t nat -A POSTROUTING -s 10.0.2.0/24 -o ${PUB_IF} -j MASQUERADE -#$IPT -A FORWARD -i ${TAP_IF} -o ${PUB_IF} -j ACCEPT -#$IPT -A FORWARD -i ${PUB_IF} -o ${TAP_IF} -j ACCEPT -# -#$IPT -A INPUT -i ${TAP_IF} -j ACCEPT -#$IPT -A OUTPUT -o ${TAP_IF} -j ACCEPT - -##### Add your AP rules below ###### - -#echo 1 > /proc/sys/net/ipv4/ip_forward -#$IPT -t nat -A POSTROUTING -o ${PUB_IF} -j SNAT --to ${PUB_IP} -#$IPT -A FORWARD -i ${PRIV_IF} -o ${PUB_IF} -j ACCEPT -#$IPT -A FORWARD -i ${PUB_IF} -o ${PRIV_IF} -j ACCEPT - -#$IPT -A INPUT -i ${PRIV_IF} -j ACCEPT -#$IPT -A OUTPUT -o ${PRIV_IF} -j ACCEPT - -##### Server rules below ###### - -#echo "Allow ICMP" -#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 0 -s 192.168.0.0/16 -j ACCEPT -#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 0 -d 192.168.0.0/16 -j ACCEPT -#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 8 -s 192.168.0.0/16 -j ACCEPT -#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 8 -d 192.168.0.0/16 -j ACCEPT - -#echo "Allow DNS Server" -#$IPT -A INPUT -i ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT -#$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -d 192.168.0.0/16 -j ACCEPT - -#echo "Allow HTTP and HTTPS server" -#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT -#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT -#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT -#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT - -#echo "Allow ssh server" -#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT -#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 22 -m state --state ESTABLISHED -j ACCEPT -#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT - -##### Add your rules below ###### - -echo "Allow DNS Client" - -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -$IPT -A INPUT -i ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT - -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 53 -m state --state NEW -j LOG --log-level 7 --log-prefix "iptables: DNS TCP: " -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT - -$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW -j ACCEPT -j LOG --log-level 7 --log-prefix "iptables: DNS UDP: " -$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT - -echo "Allow Whois Client" - -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 43 -m state --state ESTABLISHED -j ACCEPT -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 43 -m state --state NEW,ESTABLISHED -j ACCEPT - -echo "Allow HTTP Client" - -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT - -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -$IPT -A INPUT -i ${PUB_IF} -p udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT -$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT - - -echo "Allow Rsync Client" -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT - -echo "Allow POP3S Client" -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 995 -m state --state ESTABLISHED -j ACCEPT - -echo "Allow SMTPS Client" -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 465 -m state --state ESTABLISHED -j ACCEPT - -echo "Allow NTP Client" -$IPT -A OUTPUT -o ${PUB_IF} -p udp --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT -$IPT -A INPUT -i ${PUB_IF} -p udp --sport 123 -m state --state ESTABLISHED -j ACCEPT - -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT - -echo "Allow IRC Client" -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 6667 -m state --state NEW -j ACCEPT - -echo "Allow Active FTP Client" -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 20 -m state --state ESTABLISHED -j ACCEPT -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT - -echo "Allow Git" -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9418 -m state --state NEW -j ACCEPT - -echo "Allow ssh client" -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT - -#echo "Allow Passive Connections" -$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT -$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT - -# echo "Allow FairCoin" -# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 46392 -m state --state NEW,ESTABLISHED -j ACCEPT -# $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 46392 -m state --state ESTABLISHED -j ACCEPT -# -# echo "Allow Dashcoin" -# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 29080 -m state --state NEW,ESTABLISHED -j ACCEPT -# $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 29080 -m state --state ESTABLISHED -j ACCEPT -# -# echo "Allow warzone2100" -# $IPT -A INPUT -i ${PUB_IF} -p tcp --dport 2100 -s 192.168.0.0/16 -j ACCEPT -# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2100 -j ACCEPT -# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 2100 -j ACCEPT -# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9990 -j ACCEPT -# - echo "Allow wesnoth" - $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT - $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT - -##### END your rules ############ -# Less log of known traffic - -# RIP protocol -$IPT -A INPUT -i ${PUB_IF} -p udp --sport 520 --dport 520 -s 192.168.0.0/16 -j DROP - -# DHCP -$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 68 --dport 67 -d $DHCP_IP -j ACCEPT -$IPT -A INPUT -i ${PUB_IF} -p udp --sport 68 --dport 67 -s $DHCP_IP -j ACCEPT - -# log everything else and drop -$IPT -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " -$IPT -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " -$IPT -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " - -exit 0 diff --git a/tools/storage.html b/tools/storage.html index 97b73b0..894873b 100644 --- a/tools/storage.html +++ b/tools/storage.html @@ -5,14 +5,33 @@ <title>Storage</title> </head> <body> - <a href="index.html">Tools Index</a> <h1>Storage</h1> - <h2 id="mv">1. Moving partitions</h2> + <h2 id="maint">1. Maintenance</h2> + + <p>SMART provides statistics of disk firmware, this system + handle errors has their occur. Badblocks detect bad blocks + by writing and reading from disk in a destructive test. + Example of how to view SMART statistics of a disk;</p> + + <pre> + # smartctl -t long /dev/sdb1 + # smartctl -a /dev/sdb1 | less + </pre> + + <p>Search for bad blocks using + <a href="https://wiki.archlinux.org/index.php/Badblocks">non destructive test;</a></p> + + <pre> + # badblocks -nsv /dev/sdb1 + </pre> + + <h2 id="mv">2. Moving data</h2> <p>Reboot into single-user mode where services aren't started and networking is offline.<p> + <pre> # init 1 </pre> |