about summary refs log tree commit diff stats
path: root/tools
diff options
context:
space:
mode:
authorSilvino Silva <silvino@bk.ru>2016-10-16 23:46:29 +0100
committerSilvino Silva <silvino@bk.ru>2016-10-16 23:46:29 +0100
commit70037109e547e37525500588f6344aba37de6d07 (patch)
treeb5448f31decd0ccf612081643bd662f7a8100338 /tools
parent5221508bbc3f4cb62b5d61655c1cb9e786fb40e1 (diff)
parent64f6ca67031660f60ae6251b617f0afcce16b525 (diff)
downloaddoc-70037109e547e37525500588f6344aba37de6d07.tar.gz
merged release 0.2.6 to develop
Diffstat (limited to 'tools')
-rw-r--r--tools/conf/etc/dnsmasq.conf2
-rwxr-xr-xtools/conf/etc/rc.d/dnscrypt-proxy9
-rw-r--r--tools/conf/etc/resolv.conf9
-rw-r--r--tools/dnsmasq.html26
-rw-r--r--tools/index.html28
-rw-r--r--tools/lvm.html11
-rw-r--r--tools/network.html4
-rw-r--r--tools/scripts/system-iptables.sh361
-rw-r--r--tools/storage.html23
9 files changed, 69 insertions, 404 deletions
diff --git a/tools/conf/etc/dnsmasq.conf b/tools/conf/etc/dnsmasq.conf
index f09b6a6..dc48d99 100644
--- a/tools/conf/etc/dnsmasq.conf
+++ b/tools/conf/etc/dnsmasq.conf
@@ -112,6 +112,8 @@ interface=br0
 
 # Or you can specify which interface _not_ to listen on
 except-interface=wlp7s0
+except-interface=enp8s0
+
 # Or which to listen on by address (remember to include 127.0.0.1 if
 # you use this.)
 listen-address=127.0.0.1
diff --git a/tools/conf/etc/rc.d/dnscrypt-proxy b/tools/conf/etc/rc.d/dnscrypt-proxy
index 3f4feea..0874fa6 100755
--- a/tools/conf/etc/rc.d/dnscrypt-proxy
+++ b/tools/conf/etc/rc.d/dnscrypt-proxy
@@ -16,15 +16,10 @@ USER=nobody
 PATH=/usr/sbin:/usr/bin:/sbin:/bin
 DAEMON=/usr/sbin/dnscrypt-proxy
 NAME=dnscrypt-proxy
+RESOLVER=dnscrypt.eu-dk
 ADDRESS1=77.66.84.233
-ADDRESS2=176.56.237.171
-ADDRESS3=77.66.84.233.443
 PNAME1=2.dnscrypt-cert.resolver2.dnscrypt.eu
-PNAME2=2.dnscrypt-cert.resolver1.dnscrypt.eu
 PKEY1=3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955
-PKEY2=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66
-PKEY2=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66
-PKEY2=3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955
 
 case "$1" in
   start)
@@ -33,7 +28,7 @@ case "$1" in
 	    --resolver-address=$ADDRESS3 \
 	    --provider-name=$PNAME1 \
 	    --provider-key=$PKEY3 \
-	    --resolver-name="dnscrypt.eu-dk"
+	    --resolver-name=$RESOLVER
     ;;
   stop)
     echo "Stopping $NAME"
diff --git a/tools/conf/etc/resolv.conf b/tools/conf/etc/resolv.conf
new file mode 100644
index 0000000..b568a6c
--- /dev/null
+++ b/tools/conf/etc/resolv.conf
@@ -0,0 +1,9 @@
+# Generated by dhcpcd from wlp7s0.dhcp
+# /etc/resolv.conf.head can replace this line
+nameserver 127.0.0.1
+# CCC server
+# nameserver 213.73.91.35
+# OpenNIC Servers
+# nameserver 192.71.249.83
+# nameserver 5.135.183.146
+# /etc/resolv.conf.tail can replace this line
diff --git a/tools/dnsmasq.html b/tools/dnsmasq.html
index ce22d76..c431c30 100644
--- a/tools/dnsmasq.html
+++ b/tools/dnsmasq.html
@@ -10,6 +10,9 @@
 
         <h1>Dnscrypt and Dnsmasq</h1>
 
+        <p>Configure your resolver with a server that don't
+        censorship there for respect your freedom and privacy.
+        Read <a href="https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver/PublicDnsResolvers#PublicDNSServers">Tor Dns Resolver</a> for more information.</p>
 
         <h2 id="dnscrypt">1. Dnscrypt</h2>
 
@@ -17,23 +20,26 @@
         $ prt-get depinst dnscrypt
         </pre>
 
-        <p>Dnscrypt by default resolves to dnscrypt.eu-nl, file
-        /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
-        contains list of compatible serers. Sysdoc dnscrypt-proxy port
-        contains init script configured to use DNSCrypt.eu resolver and
-        run as nobody user. Basic usage example;</p>
+        <p>Dnscrypt by default resolves to dnscrypt.eu-nl, check file
+        /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv for a list of
+        compatible servers. Dnscrypt-proxy port from c9-ports contains
+        <a href="conf/etc/rc.d/dnscrypt-proxy">dnscrypt-proxy</a> init
+        script configured to use dnscrypt.eu-dk resolver and run as 
+        nobody user. Basic usage example;</p>
 
         <pre>
-        $ sudo  dnscrypt-proxy --daemonize --resolver-name=&lt;resolver name&gt;
+        $ sudo -u nobody  dnscrypt-proxy --daemonize --resolver-name=&lt;resolver name&gt;
         </pre>
 
         <h2 id="dnsmasq">2. Dnsmasq</h2>
 
-        <p>Edit <a href="../conf/etc/resolv.conf">resolv.conf</a>;</p>
+        <p>Edit <a href="conf/etc/resolv.conf">resolv.conf</a>;</p>
 
         <pre>
-        # Local dnsmasq server
+        # /etc/resolv.conf.head can replace this line
         nameserver 127.0.0.1
+        # CCC server
+        # nameserver 213.73.91.35
         # OpenNIC Servers
         # nameserver 192.71.249.83
         # nameserver 5.135.183.146
@@ -48,8 +54,8 @@
 
         <p>Dnsmasq provides dns caching and dhcpd, example configuration
         files:
-        <a href="../conf/etc/dnsmasq.conf">dnsmasq.conf</a> (change interface),
-        <a href="../conf/etc/hosts.dnsmasq">hosts.dnsmasq</a>.</p>
+        <a href="conf/etc/dnsmasq.conf">dnsmasq.conf</a> (change interface),
+        <a href="conf/etc/hosts.dnsmasq">hosts.dnsmasq</a>.</p>
 
         <a href="index.html">Tools Index</a>
 
diff --git a/tools/index.html b/tools/index.html
index c6fbae7..1b63a92 100644
--- a/tools/index.html
+++ b/tools/index.html
@@ -78,15 +78,17 @@
             </li>
             <li><a href="storage.html">Storage</a>
                 <ul>
-                    <li><a href="lvm.html">LVM</a>
-                        <ul>
-                            <li><a href="lvm.html#lvmpart">1. LVM partition</a></li>
-                            <li><a href="lvm.html#pv">2. Create physical volume</a></li>
-                            <li><a href="lvm.html#vg">3. Create volume group</a></li>
-                            <li><a href="lvm.html#lv">4. Create logical volume</a></li>
-                            <li><a href="lvm.html#maint">5. Maintenance</a></li>
-                        </ul>
-                    </li>
+                    <li><a href="storage.html#maint">1. Maintenance</a></li>
+                    <li><a href="storage.html#mv">2. Moving data</a></li>
+                </ul>
+            </li>
+            <li><a href="lvm.html">LVM</a>
+                <ul>
+                    <li><a href="lvm.html#lvmpart">1. LVM partition</a></li>
+                    <li><a href="lvm.html#pv">2. Create physical volume</a></li>
+                    <li><a href="lvm.html#vg">3. Create volume group</a></li>
+                    <li><a href="lvm.html#lv">4. Create logical volume</a></li>
+                    <li><a href="lvm.html#maint">5. Maintenance</a></li>
                 </ul>
             </li>
             <li><a href="syslog-ng.html">Syslog-ng</a>
@@ -97,10 +99,10 @@
                     <li><a href="syslog-ng.html#syslog-conf">Syslog-ng configuration</a></li>
                     <li><a href="logrotate.html">Logrotate</a></li>
                     <li><a href="logwatch.html">Logwatch</a>
-                    <ul>
-                        <li><a href="logwatch.html#conf">Configure Logwatch</a></li>
-                        <li><a href="logwatch.html#cron">Set cron task</a></li>
-                    </ul>
+                        <ul>
+                            <li><a href="logwatch.html#conf">Configure Logwatch</a></li>
+                            <li><a href="logwatch.html#cron">Set cron task</a></li>
+                        </ul>
                     </li>
 
                 </ul>
diff --git a/tools/lvm.html b/tools/lvm.html
index 8b1624a..898a8d3 100644
--- a/tools/lvm.html
+++ b/tools/lvm.html
@@ -127,17 +127,6 @@
 
         <h2 id="maint">5. Maintenance</h2>
 
-        <pre>
-        # smartctl -t long /dev/sdb1
-        # smartctl -a /dev/sdb1 | less
-        </pre>
-
-        <p><a href="https://wiki.archlinux.org/index.php/Badblocks">Non Destructive Test;</a></p>
-
-        <pre>
-        # badblocks -nsv /dev/sdb1
-        </pre>
-
         <h2 id="encrypt">7. Encryption</h2>
 
         <a href="index.html">Tools Index</a>
diff --git a/tools/network.html b/tools/network.html
index 5e4a481..43e4616 100644
--- a/tools/network.html
+++ b/tools/network.html
@@ -10,6 +10,10 @@
 
         <h1>Network Tools</h1>
 
+        <p>Ethernet and wireless connections to router are configured
+        by <a href="../core/network.html">net and wlan</a> scripts, they
+        allow to connect to the internet in the most common environments.</p>
+
         <h2 id="bridge">Bridges</h2>
 
         <p>See <a href="conf/etc/rc.d/blan">/etc/rc.d/blan</a> on
diff --git a/tools/scripts/system-iptables.sh b/tools/scripts/system-iptables.sh
deleted file mode 100644
index 429efde..0000000
--- a/tools/scripts/system-iptables.sh
+++ /dev/null
@@ -1,361 +0,0 @@
-#!/bin/sh
-
-#
-#                                XXXXXXXXXXXXXXXXX
-#                                XXXX Network XXXX
-#                                XXXXXXXXXXXXXXXXX
-#                                        +
-#                                        |
-#                                        v
-#  +-------------+              +------------------+
-#  |table: filter| <---+        | table: nat       |
-#  |chain: INPUT |     |        | chain: PREROUTING|
-#  +-----+-------+     |        +--------+---------+
-#        |             |                 |
-#        v             |                 v
-#  [local process]     |           ****************          +--------------+
-#        |             +---------+ Routing decision +------> |table: filter |
-#        v                         ****************          |chain: FORWARD|
-# ****************                                           +------+-------+
-# Routing decision                                                  |
-# ****************                                                  |
-#        |                                                          |
-#        v                        ****************                  |
-# +-------------+       +------>  Routing decision  <---------------+
-# |table: nat   |       |         ****************
-# |chain: OUTPUT|       |               +
-# +-----+-------+       |               |
-#       |               |               v
-#       v               |      +-------------------+
-# +--------------+      |      | table: nat        |
-# |table: filter | +----+      | chain: POSTROUTING|
-# |chain: OUTPUT |             +--------+----------+
-# +--------------+                      |
-#                                       v
-#                               XXXXXXXXXXXXXXXXX
-#                               XXXX Network XXXX
-#                               XXXXXXXXXXXXXXXXX
-#
-# iptables [-t table] {-A|-C|-D} chain rule-specification
-#
-# iptables [-t table] {-A|-C|-D} chain  rule-specification
-#
-# iptables  [-t table] -I chain [rulenum] rule-specification
-#
-# iptables [-t table] -R chain rulenum  rule-specification
-#
-# iptables [-t table] -D chain rulenum
-#
-# iptables [-t table] -S [chain [rulenum]]
-#
-# iptables  [-t  table]  {-F|-L|-Z} [chain [rulenum]] [options...]
-#
-# iptables [-t table] -N chain
-#
-# iptables [-t table] -X [chain]
-#
-# iptables [-t table] -P chain target
-#
-# iptables [-t table]  -E  old-chain-name  new-chain-name
-#
-# rule-specification = [matches...] [target]
-#
-# match = -m matchname [per-match-options]
-#
-#
-# Targets
-#
-# can be a user defined chain
-#
-# ACCEPT - accepts the packet
-# DROP   - drop the packet on the floor
-# QUEUE  - packet will be stent to queue
-# RETURN - stop traversing this chain and
-#          resume ate the next rule in the
-#          previeus (calling) chain.
-#
-# if packet reach the end of the chain or
-# a target RETURN, default policy for that
-# chain is applayed.
-#
-# Target Extensions
-#
-# AUDIT
-# CHECKSUM
-# CLASSIFY
-# DNAT
-# DSCP
-# LOG
-#     Torn on kernel logging, will print some
-#     some information on all matching packets.
-#     Log data can be read with dmesg or syslogd.
-#     This is a non-terminating target and a rule
-#     should be created with matching criteria.
-#
-#     --log-level level
-#           Level of logging (numeric or see sys-
-#           log.conf(5)
-#
-#     --log-prefix prefix
-#           Prefix log messages with specified prefix
-#           up to 29 chars log
-#
-#     --log-uid
-#           Log the userid of the process with gener-
-#           ated the packet
-# NFLOG
-#     This target pass the packet to loaded logging
-#     backend to log the packet. One or more userspace
-#     processes may subscribe to the group to receive
-#     the packets.
-#
-# ULOG
-#     This target provides userspace logging of maching
-#     packets. One or more userspace processes may then
-#     then subscribe to various multicast groups and
-#     then receive the packets.
-#
-#
-# Commands
-#
-# -A, --append chain rule-specification
-# -C, --check chain rule-specification
-# -D, --delete chain rule-specification
-# -D, --delete chain rulenum
-# -I, --insert chain [rulenum] rule-specification
-# -R, --replace chain rulenum rule-specification
-# -L, --list [chain]
-# -P, --policy chain target
-#
-# Parameters
-#
-# -p, --protocol protocol
-#       tcp, udp, udplite, icmp, esp, ah, sctp, all
-# -s, --source address[/mask][,...]
-# -d, --destination address[/mask][,...]
-# -j, --jump target
-# -g, --goto chain
-# -i, --in-interface name
-# -o, --out-interface name
-# -f, --fragment
-# -m, --match options module-name
-#       iptables can use extended packet matching
-#       modules.
-# -c, --set-counters packets bytes
-
-IPT="/usr/sbin/iptables"
-SPAMLIST="blockedip"
-SPAMDROPMSG="BLOCKED IP DROP"
-
-PUB_IF="wlp7s0"
-#PRIV_IF="wlp3s0"
-
-BRIDGE="br0"
-BNET=10.0.0.0
-BMSK=24
-
-DHCP_IP="192.168.1.254"
-PUB_IP=$(ip addr show dev ${PUB_IF} | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
-
-modprobe ip_conntrack
-modprobe ip_conntrack_ftp
-
-echo "Stopping ipv4 firewall and deny everyone..."
-
-iptables -F
-iptables -X
-iptables -t nat -F
-iptables -t nat -X
-iptables -t mangle -F
-iptables -t mangle -X
-iptables -t raw -F
-iptables -t raw -X
-iptables -t security -F
-iptables -t security -X
-
-
-echo "Starting ipv4 firewall filter table..."
-
-# Set Default Rules
-iptables -P INPUT DROP
-iptables -P FORWARD DROP
-iptables -P OUTPUT DROP
-
-
-# Unlimited on local
-$IPT -A INPUT -i lo -j ACCEPT
-$IPT -A OUTPUT -o lo -j ACCEPT
-
-$IPT -A INPUT -i $BRIDGE -j ACCEPT
-$IPT -A OUTPUT -o $BRIDGE -j ACCEPT
-
-# Block sync
-$IPT -A INPUT -p tcp ! --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 7 --log-prefix "iptables: drop sync: "
-$IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
-
-# Block Fragments
-$IPT -A INPUT -f -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop frag: "
-$IPT -A INPUT -f -j DROP
-
-# Block bad stuff
-$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
-$IPT -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
-
-$IPT -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop null: "
-$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # NULL packets
-
-$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop syn rst syn rst: "
-$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
-
-$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop xmas: "
-$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS
-
-$IPT -A INPUT -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop fin scan: "
-$IPT -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans
-
-$IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
-
-##### Add your virtual rules below ######
-
-#echo 1 > /proc/sys/net/ipv4/ip_forward
-#$IPT -t nat -A POSTROUTING -o ${PUB_IF} -j SNAT --to ${PUB_IP}
-##$IPT -t nat -A POSTROUTING -s 10.0.2.0/24 -o ${PUB_IF} -j MASQUERADE
-#$IPT -A FORWARD -i ${TAP_IF} -o ${PUB_IF} -j ACCEPT
-#$IPT -A FORWARD -i ${PUB_IF} -o ${TAP_IF} -j ACCEPT
-#
-#$IPT -A INPUT -i ${TAP_IF} -j ACCEPT
-#$IPT -A OUTPUT -o ${TAP_IF} -j ACCEPT
-
-##### Add your AP rules below ######
-
-#echo 1 > /proc/sys/net/ipv4/ip_forward
-#$IPT -t nat -A POSTROUTING -o ${PUB_IF} -j SNAT --to ${PUB_IP}
-#$IPT -A FORWARD -i ${PRIV_IF} -o ${PUB_IF} -j ACCEPT
-#$IPT -A FORWARD -i ${PUB_IF} -o ${PRIV_IF} -j ACCEPT
-
-#$IPT -A INPUT -i ${PRIV_IF} -j ACCEPT
-#$IPT -A OUTPUT -o ${PRIV_IF} -j ACCEPT
-
-##### Server rules below ######
-
-#echo "Allow ICMP"
-#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 0 -s 192.168.0.0/16 -j ACCEPT
-#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 0 -d 192.168.0.0/16 -j ACCEPT
-#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 8 -s 192.168.0.0/16 -j ACCEPT
-#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 8 -d 192.168.0.0/16 -j ACCEPT
-
-#echo "Allow DNS Server"
-#$IPT -A INPUT -i ${PUB_IF} -p udp --sport 1024:65535 --dport 53  -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT
-#$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -d 192.168.0.0/16 -j ACCEPT
-
-#echo "Allow HTTP and HTTPS server"
-#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT
-#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT
-#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT
-#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT
-
-#echo "Allow ssh server"
-#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
-#$IPT -A INPUT  -i ${PUB_IF} -p tcp --dport 22 -m state --state ESTABLISHED -j ACCEPT
-#$IPT -A INPUT  -i ${PUB_IF} -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
-
-##### Add your rules below ######
-
-echo "Allow DNS Client"
-
-$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-$IPT -A INPUT -i ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 53 -m state --state NEW -j LOG --log-level 7 --log-prefix "iptables: DNS TCP: "
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-
-$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW -j ACCEPT -j LOG --log-level 7 --log-prefix "iptables: DNS UDP: "
-$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-
-echo "Allow Whois Client"
-
-$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 43 -m state --state ESTABLISHED -j ACCEPT
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 43 -m state --state NEW,ESTABLISHED -j ACCEPT
-
-echo "Allow HTTP Client"
-
-$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-
-$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-$IPT -A INPUT -i ${PUB_IF} -p udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-
-
-echo "Allow Rsync Client"
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT
-$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT
-
-echo "Allow POP3S Client"
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
-$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 995 -m state --state ESTABLISHED -j ACCEPT
-
-echo "Allow SMTPS Client"
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT
-$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 465 -m state --state ESTABLISHED -j ACCEPT
-
-echo "Allow NTP Client"
-$IPT -A OUTPUT -o ${PUB_IF} -p udp --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT
-$IPT -A INPUT -i ${PUB_IF} -p udp --sport 123 -m state --state ESTABLISHED -j ACCEPT
-
-$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
-
-echo "Allow IRC Client"
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 6667 -m state --state NEW -j ACCEPT
-
-echo "Allow Active FTP Client"
-$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 20 -m state --state ESTABLISHED -j ACCEPT
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT
-
-echo "Allow Git"
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9418 -m state --state NEW -j ACCEPT
-
-echo "Allow ssh client"
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-$IPT -A INPUT  -i ${PUB_IF} -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
-
-#echo "Allow Passive Connections"
-$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
-$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024:  -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-# echo "Allow FairCoin"
-# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 46392 -m state --state NEW,ESTABLISHED -j ACCEPT
-# $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 46392 -m state --state ESTABLISHED -j ACCEPT
-#
-# echo "Allow Dashcoin"
-# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 29080 -m state --state NEW,ESTABLISHED -j ACCEPT
-# $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 29080 -m state --state ESTABLISHED -j ACCEPT
-#
-# echo "Allow warzone2100"
-# $IPT -A INPUT -i ${PUB_IF} -p tcp --dport 2100 -s 192.168.0.0/16 -j ACCEPT
-# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2100 -j ACCEPT
-# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 2100 -j ACCEPT
-# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9990 -j ACCEPT
-#
- echo "Allow wesnoth"
- $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT
- $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT
-
-##### END your rules ############
-# Less log of known traffic
-
-# RIP protocol
-$IPT -A INPUT -i ${PUB_IF} -p udp --sport 520 --dport 520 -s 192.168.0.0/16 -j DROP
-
-# DHCP
-$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 68 --dport 67 -d $DHCP_IP -j ACCEPT
-$IPT -A INPUT -i ${PUB_IF} -p udp --sport 68 --dport 67 -s $DHCP_IP -j ACCEPT
-
-# log everything else and drop
-$IPT -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
-$IPT -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
-$IPT -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
-
-exit 0
diff --git a/tools/storage.html b/tools/storage.html
index 97b73b0..894873b 100644
--- a/tools/storage.html
+++ b/tools/storage.html
@@ -5,14 +5,33 @@
         <title>Storage</title>
     </head>
     <body>
-
         <a href="index.html">Tools Index</a>
 
         <h1>Storage</h1>
 
-        <h2 id="mv">1. Moving partitions</h2>
+        <h2 id="maint">1. Maintenance</h2>
+
+        <p>SMART provides statistics of disk firmware, this system
+        handle errors has their occur. Badblocks detect bad blocks
+        by writing and reading from disk in a destructive test.
+        Example of how to view SMART statistics of a disk;</p>
+
+        <pre>
+        # smartctl -t long /dev/sdb1
+        # smartctl -a /dev/sdb1 | less
+        </pre>
+
+        <p>Search for bad blocks using
+        <a href="https://wiki.archlinux.org/index.php/Badblocks">non destructive test;</a></p>
+
+        <pre>
+        # badblocks -nsv /dev/sdb1
+        </pre>
+
+        <h2 id="mv">2. Moving data</h2>
 
         <p>Reboot into single-user mode where services aren't started and networking is offline.<p>
+
         <pre>
         # init 1
         </pre>