diff options
Diffstat (limited to 'core/conf')
| -rw-r--r-- | core/conf/fstab | 2 | ||||
| -rw-r--r-- | core/conf/hosts | 22 | ||||
| -rw-r--r-- | core/conf/rc.d/iptables | 111 |
3 files changed, 74 insertions, 61 deletions
diff --git a/core/conf/fstab b/core/conf/fstab index b579488..67bc4e4 100644 --- a/core/conf/fstab +++ b/core/conf/fstab @@ -15,7 +15,7 @@ #/dev/floppy/0 /floppy vfat user,noauto,unhide 0 0 #devpts /dev/pts devpts noexec,nosuid,gid=tty,mode=0620 0 0 #tmp /tmp tmpfs defaults 0 0 -#shm /dev/shm tmpfs defaults 0 0 +shm /dev/shm tmpfs defaults 0 0 #usb /proc/bus/usb usbfs defaults 0 0 devpts /dev/pts devpts noexec,nosuid,gid=tty,mode=0620 0 0 diff --git a/core/conf/hosts b/core/conf/hosts index ee776e2..449949b 100644 --- a/core/conf/hosts +++ b/core/conf/hosts @@ -1,13 +1,27 @@ # # /etc/hosts: static lookup table for host names # - -# IPv4 +# IPv4 LocalHosts 127.0.0.1 localhost.localdomain localhost -127.0.0.1 c9.localdomain c9 +127.0.0.1 c9.core c9 + +127.0.0.1 wiki.localhost +127.0.0.1 git.localhost +127.0.0.1 doc.localhost +127.0.0.1 ports.localhost + +# IPv4 Intranet +#<ip-address> <hostname.domain.org> <aliases> + +10.0.0.254 c9.core +10.0.0.254 wiki.c9.core +10.0.0.254 git.c9.core +10.0.0.254 doc.c9.core +10.0.0.254 ports.c9.core +# IPv4 Internet #<ip-address> <hostname.domain.org> <aliases> -192.168.1.9 core.privat-network.net c9.core +10.0.0.254 core.privat-network.net # IPv6 #::1 ip6-localhost ip6-loopback diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables index 3f29928..bb5cf91 100644 --- a/core/conf/rc.d/iptables +++ b/core/conf/rc.d/iptables @@ -3,80 +3,79 @@ # /etc/rc.d/iptables: load/unload iptable rules # -case $1 in -start) - echo "Starting IPv4 firewall filter table..." - /usr/sbin/iptables-restore < /etc/iptables/rules.v4 - ;; -stop) - echo "Stopping firewall and deny everyone..." - iptables -F - iptables -X - iptables -t nat -F - iptables -t nat -X - iptables -t mangle -F - iptables -t mangle -X - iptables -t raw -F - iptables -t raw -X - iptables -t security -F - iptables -t security -X +rules=rules.v4 +#rules=vlan.v4 + +iptables_clear () { + echo "clear all iptables tables" + iptables -F + iptables -X + iptables -t nat -F + iptables -t nat -X + iptables -t mangle -F + iptables -t mangle -X + iptables -t raw -F + iptables -t raw -X + iptables -t security -F + iptables -t security -X +} +case $1 in + start) + iptables_clear + echo "starting IPv4 firewall filter table..." + /usr/sbin/iptables-restore < /etc/iptables/${rules} + ;; + stop) + iptables_clear + echo "stopping firewall and deny everyone..." /usr/sbin/iptables -P INPUT DROP /usr/sbin/iptables -P FORWARD DROP /usr/sbin/iptables -P OUTPUT DROP - # Unlimited on local - /usr/sbin/iptables -A INPUT -i lo -j ACCEPT - /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT + # Unlimited on local + /usr/sbin/iptables -A INPUT -i lo -j ACCEPT + /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT - # log everything else and drop - /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " - /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " - /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " + # log everything else and drop + /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " + /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " + /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " - ;; -open) - echo "Outgoing Open firewall and deny everyone..." - iptables -F - iptables -X - iptables -t nat -F - iptables -t nat -X - iptables -t mangle -F - iptables -t mangle -X - iptables -t raw -F - iptables -t raw -X - iptables -t security -F - iptables -t security -X + ;; + open) + iptables_clear + echo "outgoing Open firewall and deny everyone..." /usr/sbin/iptables -P INPUT DROP /usr/sbin/iptables -P FORWARD DROP /usr/sbin/iptables -P OUTPUT ACCEPT - # Unlimited on local - /usr/sbin/iptables -A INPUT -i lo -j ACCEPT - /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT - - # Accept passive - /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT + /usr/sbin/iptables -A OUTPUT -j ACCEPT - /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT + # Unlimited on local + /usr/sbin/iptables -A INPUT -i lo -j ACCEPT + /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT + # Accept passive + /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT + /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT - # log everything else and drop - /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " - #/usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " - /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " + # log everything else and drop + /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " + /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " + /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " - ;; + ;; -restart) - $0 stop - $0 start - ;; -*) + restart) + $0 stop + $0 start + ;; + *) - echo "usage: $0 [start|stop|restart]" - ;; + echo "usage: $0 [start|stop|restart]" + ;; esac # End of file |