diff options
Diffstat (limited to 'tools/conf/etc/rc.d')
| -rwxr-xr-x | tools/conf/etc/rc.d/blan | 14 | ||||
| -rwxr-xr-x | tools/conf/etc/rc.d/dnscrypt-proxy | 5 | ||||
| -rwxr-xr-x | tools/conf/etc/rc.d/git-daemon | 42 | ||||
| -rwxr-xr-x | tools/conf/etc/rc.d/iptables | 81 |
4 files changed, 138 insertions, 4 deletions
diff --git a/tools/conf/etc/rc.d/blan b/tools/conf/etc/rc.d/blan index f3ea322..56d1809 100755 --- a/tools/conf/etc/rc.d/blan +++ b/tools/conf/etc/rc.d/blan @@ -4,10 +4,10 @@ # DEV="br0" +PHY="enp8s0" -ADDR=10.0.0.254 +ADDR=10.0.0.1 NET=10.0.0.0 -GW=192.168.1.254 MASK=24 # one tap for each cpu core @@ -20,6 +20,16 @@ case $1 in /sbin/ip link set dev ${DEV} up /bin/sleep 0.2s + /sbin/ip link set dev ${PHY} down + /bin/sleep 0.1s + /sbin/ip route flush dev ${PHY} + /sbin/ip addr flush dev ${PHY} + /sbin/ip link set dev ${PHY} up + /bin/sleep 0.2s + + /sbin/ip link set dev ${PHY} master ${DEV} + #/sbin/ip route add default via ${GW} + for i in `/usr/bin/seq $NTAPS` do TAP="tap$i" diff --git a/tools/conf/etc/rc.d/dnscrypt-proxy b/tools/conf/etc/rc.d/dnscrypt-proxy index 0874fa6..db8cd77 100755 --- a/tools/conf/etc/rc.d/dnscrypt-proxy +++ b/tools/conf/etc/rc.d/dnscrypt-proxy @@ -12,7 +12,7 @@ # Authors: https://github.com/simonclausen/dnscrypt-autoinstall/graphs/contributors # Project site: https://github.com/simonclausen/dnscrypt-autoinstall -USER=nobody +USER=net PATH=/usr/sbin:/usr/bin:/sbin:/bin DAEMON=/usr/sbin/dnscrypt-proxy NAME=dnscrypt-proxy @@ -24,7 +24,8 @@ PKEY1=3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A case "$1" in start) echo "Starting $NAME" - $DAEMON --daemonize --ephemeral-keys --user=nobody --local-address=127.0.0.1:40 \ + $DAEMON --daemonize --ephemeral-keys --user=nobody \ + --local-address=127.0.0.1:40 \ --resolver-address=$ADDRESS3 \ --provider-name=$PNAME1 \ --provider-key=$PKEY3 \ diff --git a/tools/conf/etc/rc.d/git-daemon b/tools/conf/etc/rc.d/git-daemon new file mode 100755 index 0000000..8aa9d81 --- /dev/null +++ b/tools/conf/etc/rc.d/git-daemon @@ -0,0 +1,42 @@ +#!/bin/sh + +SSD=/sbin/start-stop-daemon +NAME=git-daemon +PROG=$(git --exec-path)/${NAME} +USER=www +GROUP=www +PIDFILE=/var/run/git-daemon.pid +OPTS="--verbose --reuseaddr --base-path=/srv/gitolite/repositories" + +case $1 in + start) + echo "Starting ${NAME}..." + $SSD --start \ + --pidfile ${PIDFILE} \ + --exec ${PROG} -- ${OPTS} \ + --detach --pid-file=${PIDFILE} \ + --user=${USER} --group=${GROUP} + + ;; + stop) + echo "Stopping ${NAME}..." + $SSD --stop --quiet --name git-daemon \ + --pidfile ${PIDFILE} + ;; + restart) + echo "Restarting ${NAME}..." + $0 stop + $0 start + ;; + status) + $SSD --status --pidfile $PIDFILE + case $? in + 0) echo "$PROG is running with pid $(cat $PIDFILE )" ;; + 3) echo "$PROG is not running" ;; + 4) echo "Unable to determine the program status" ;; + esac + ;; + *) + echo "usage: $0 [start|stop|restart|status]" + ;; +esac diff --git a/tools/conf/etc/rc.d/iptables b/tools/conf/etc/rc.d/iptables new file mode 100755 index 0000000..23f5485 --- /dev/null +++ b/tools/conf/etc/rc.d/iptables @@ -0,0 +1,81 @@ +#!/bin/sh +# +# /etc/rc.d/iptables: load/unload iptable rules +# + +#rules=rules.v4 +rules=vlan.v4 + +iptables_clear () { + echo "clear all iptables tables" + iptables -F + iptables -X + iptables -t nat -F + iptables -t nat -X + iptables -t mangle -F + iptables -t mangle -X + iptables -t raw -F + iptables -t raw -X + iptables -t security -F + iptables -t security -X +} + +case $1 in + start) + iptables_clear + echo "starting IPv4 firewall filter table..." + /usr/sbin/iptables-restore < /etc/iptables/${rules} + ;; + stop) + iptables_clear + echo "stopping firewall and deny everyone..." + /usr/sbin/iptables -P INPUT DROP + /usr/sbin/iptables -P FORWARD DROP + /usr/sbin/iptables -P OUTPUT DROP + + # Unlimited on local + /usr/sbin/iptables -A INPUT -i lo -j ACCEPT + /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT + + # log everything else and drop + /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " + /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " + /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " + + ;; + open) + iptables_clear + echo "outgoing Open firewall and deny everyone..." + + /usr/sbin/iptables -P INPUT DROP + /usr/sbin/iptables -P FORWARD DROP + /usr/sbin/iptables -P OUTPUT ACCEPT + + /usr/sbin/iptables -A OUTPUT -j ACCEPT + + # Unlimited on local + /usr/sbin/iptables -A INPUT -i lo -j ACCEPT + /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT + + # Accept passive + /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT + /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT + + # log everything else and drop + /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " + /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " + /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " + + ;; + + restart) + $0 stop + $0 start + ;; + *) + + echo "usage: $0 [start|stop|restart]" + ;; +esac + +# End of file |