From 3ec086df28374f6433c15c060ff608eb2cb19814 Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Mon, 17 Jun 2019 15:28:45 +0100
Subject: added caching to core apparmor

---
 core/apparmor.html             | 18 ++++++++++++++++++
 core/conf/apparmor/parser.conf |  2 ++
 2 files changed, 20 insertions(+)
 create mode 100644 core/conf/apparmor/parser.conf

diff --git a/core/apparmor.html b/core/apparmor.html
index 8b7a30c..c567df8 100644
--- a/core/apparmor.html
+++ b/core/apparmor.html
@@ -165,6 +165,24 @@
         }
         </pre>
 
+        <h3>Seed up profile loading</h3>
+
+        <p>Every time apparmor loads a profile in text it needs
+        to compile into binary format, this takes some time if
+        there is many profiles to load at boot time. To optimize
+        edit /etc/apparmor/parser.conf;</p>
+
+        <pre>
+        ## Turn creating/updating of the cache on by default
+        write-cache
+        </pre>
+
+        <p>To change default location add;</p>
+
+        <pre>
+        chache-loc=/var/cache/apparmor
+        </pre>
+
         <a href="index.html">Core OS Index</a>
         <p>This is part of the Hive System Documentation.
         Copyright (C) 2019
diff --git a/core/conf/apparmor/parser.conf b/core/conf/apparmor/parser.conf
new file mode 100644
index 0000000..673d30a
--- /dev/null
+++ b/core/conf/apparmor/parser.conf
@@ -0,0 +1,2 @@
+## Turn creating/updating of the cache on by default
+write-cache
-- 
cgit 1.4.1-2-gfad0


From c89c785b301ea90290190aceeb1da0c9b7d464b3 Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Tue, 18 Jun 2019 20:38:33 +0100
Subject: added protection against sack in core sysctl

---
 core/conf/sysctl.conf | 3 +++
 core/sysctl.html      | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf
index 771112a..d50520e 100644
--- a/core/conf/sysctl.conf
+++ b/core/conf/sysctl.conf
@@ -39,6 +39,9 @@ net.core.wmem_max = 8388608
 net.core.netdev_max_backlog = 5000
 net.ipv4.tcp_window_scaling = 1
 
+#A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic.
+net.ipv4.tcp_sack = 0
+
 # Both ports linux-blob and linux-libre don't build with ipv6
 # Disable ipv6
 net.ipv6.conf.all.disable_ipv6 = 1
diff --git a/core/sysctl.html b/core/sysctl.html
index afee463..550ae6d 100644
--- a/core/sysctl.html
+++ b/core/sysctl.html
@@ -62,6 +62,9 @@
         net.core.netdev_max_backlog = 5000
         net.ipv4.tcp_window_scaling = 1
 
+        #A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic.
+        net.ipv4.tcp_sack = 0
+
         # Both ports linux-blob and linux-libre don't build with ipv6
         # Disable ipv6
         net.ipv6.conf.all.disable_ipv6 = 1
-- 
cgit 1.4.1-2-gfad0


From 89b60df59cfe793452041b5a28e01a7b2c01b60b Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Wed, 19 Jun 2019 00:54:23 +0100
Subject: fix core conf sysctl.conf

---
 core/conf/sysctl.conf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf
index d50520e..3cc54d1 100644
--- a/core/conf/sysctl.conf
+++ b/core/conf/sysctl.conf
@@ -15,6 +15,9 @@ vm.mmap_min_addr=65536
 # Allow for more PIDs (to reduce rollover problems); may break some programs 32768
 kernel.pid_max = 65536
 
+#Yama LSM by default
+kernel.yama.ptrace_scope = 1
+
 #
 # Filesystem Protections
 #
@@ -30,6 +33,8 @@ kernel.kptr_restrict = 2
 # Network Protections
 #
 
+net.core.bpf_jit_enable = 0
+
 # Increase Linux auto tuning TCP buffer limits
 # min, default, and max number of bytes to use
 # set max to at least 4MB, or higher if you use very high BDP paths
@@ -94,6 +99,7 @@ net.ipv4.conf.default.rp_filter = 1
 #net.ipv6.conf.default.rp_filter = 1
 #net.ipv6.conf.all.rp_filter = 1
 
+
 # Make sure no one can alter the routing tables
 # Act as a router, necessary for Access Point
 net.ipv4.conf.all.accept_redirects = 0
@@ -134,3 +140,4 @@ net.ipv4.tcp_keepalive_time = 1800
 net.ipv4.tcp_synack_retries = 3
 
 # End of file
+
-- 
cgit 1.4.1-2-gfad0


From 0e5a601a31840e1531f3f90ca447bf3b1e766d73 Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Wed, 19 Jun 2019 20:03:35 +0100
Subject: core re-index ports after reboot

---
 core/index.html | 27 ++++++++++++++-------------
 core/ports.html | 14 +++++++-------
 2 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/core/index.html b/core/index.html
index 20e50af..0900939 100644
--- a/core/index.html
+++ b/core/index.html
@@ -48,26 +48,27 @@
 		    <li><a href="configure.html#rcconf">1.2.6. Initialization scripts</a></li>
 		</ul>
 	    </li>
-
-	    <li><a href="ports.html">1.3. Ports</a>
+	    <li><a href="reboot.html">1.3. Boot</a>
 		<ul>
-		    <li><a href="ports.html#filesystem">1.3.1. Ports layout</a></li>
-		    <li><a href="ports.html#fakeroot">1.3.2. Build as user</a></li>
-		    <li><a href="ports.html#pkgmk">1.3.3. Configure pkgmk</a></li>
-		    <li><a href="ports.html#prtget">1.3.4. Configure prt-get</a></li>
-		    <li><a href="ports.html#distcc">1.3.5. Ccache and distcc</a></li>
+		    <li><a href="reboot.html#linux">1.3.1. Kernel</a></li>
+		    <li><a href="reboot.html#dracut">1.3.2. Dracut</a></li>
+		    <li><a href="reboot.html#grub">1.3.3. Grub</a></li>
+		    <li><a href="reboot.html#recover">1.3.4. Recover</a></li>
+		    <li><a href="reboot.html#checkup">1.3.5. Checkup</a></li>
 		</ul>
 	    </li>
 
-	    <li><a href="reboot.html">1.4. Boot</a>
+	    <li><a href="ports.html">1.4. Ports</a>
 		<ul>
-		    <li><a href="reboot.html#linux">1.4.1. Kernel</a></li>
-		    <li><a href="reboot.html#dracut">1.4.2. Dracut</a></li>
-		    <li><a href="reboot.html#grub">1.4.3. Grub</a></li>
-		    <li><a href="reboot.html#recover">1.4.4. Recover</a></li>
-		    <li><a href="reboot.html#checkup">1.4.5. Checkup</a></li>
+		    <li><a href="ports.html#filesystem">1.4.1. Ports layout</a></li>
+		    <li><a href="ports.html#fakeroot">1.4.2. Build as user</a></li>
+		    <li><a href="ports.html#pkgmk">1.4.3. Configure pkgmk</a></li>
+		    <li><a href="ports.html#prtget">1.4.4. Configure prt-get</a></li>
+		    <li><a href="ports.html#distcc">1.4.5. Ccache and distcc</a></li>
 		</ul>
 	    </li>
+
+
 	</ul>
 
 	<h2>2. System Administration</h2>
diff --git a/core/ports.html b/core/ports.html
index 9d2f989..990f6cc 100644
--- a/core/ports.html
+++ b/core/ports.html
@@ -2,18 +2,18 @@
 <html dir="ltr" lang="en">
     <head>
         <meta charset='utf-8'>
-        <title>1.3. Ports</title>
+        <title>1.4. Ports</title>
     </head>
     <body>
 
         <a href="index.html">Core OS Index</a>
 
-        <h1>1.3. Ports</h1>
+        <h1>1.4. Ports</h1>
 
         <p>This instructions are done
         <a href="configure.html#chroot">inside chroot</a>.</p>
 
-        <h2 id="filesystem">1.3.1. Ports Layout</h2>
+        <h2 id="filesystem">1.4.1. Ports Layout</h2>
 
 	<p>Make sure follow directories exist;</p>
 
@@ -22,7 +22,7 @@
 	#  mkdir -p /usr/ports/{distfiles,packages,work,pkgbuild}
 	</pre>
 
-        <h2 id="fakeroot">1.3.2. Build as user</h2>
+        <h2 id="fakeroot">1.4.2. Build as user</h2>
 
         <p>For more information read
 	<a href="https://crux.nu/Wiki/FakerootPorts">Fakeroot Ports</a>.
@@ -61,7 +61,7 @@
         pkgmk /usr/ports/work tmpfs size=30G,uid=102,defaults,mode=0750 0 0
         </pre>
 
-        <h2 id="pkgmk">1.3.3. Configure pkgmk</h2>
+        <h2 id="pkgmk">1.4.3. Configure pkgmk</h2>
 
         <p>Read <a href="https://crux.nu/Handbook3-3#ntoc22">4.5. Adjust/Configure the Package Build Process</a>
         to take advantage of your specific hardware. Packages build with
@@ -127,7 +127,7 @@
         <p>Check <a href="toolchain.html">toolchain</a> for more options on how packages
         are build.</p>
 
-        <h2 id="prtget">1.3.4. Configure prt-get</h2>
+        <h2 id="prtget">1.4.4. Configure prt-get</h2>
 
         <p>Edit /etc/prt-get.conf;</p>
 
@@ -186,7 +186,7 @@
         runscriptcommand sudo sh
         </pre>
 
-        <h2 id="distcc">1.3.5. Ccache and distcc</h2>
+        <h2 id="distcc">1.4.5. Ccache and distcc</h2>
 
         <p>Ccache avoids same code to be compiled by saving
         the output from compilers and identifying same
-- 
cgit 1.4.1-2-gfad0


From 2830b5fb96cce787ca8c7562a968effc3e57bdb1 Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Wed, 26 Jun 2019 16:58:13 +0100
Subject: dev index re-organization

---
 dev/c/basic.html          |  59 ++++++++++++++++
 dev/c/datatypes.html      |  17 +++--
 dev/c/hello.html          | 134 +++++++++++++++++++++++++++++++++++
 dev/c/index.html          |  72 +++++++++++++++++++
 dev/c/lib.html            |   8 +--
 dev/c/src/basic/AUTHORS   |   1 +
 dev/c/src/basic/ChangeLog |   0
 dev/c/src/basic/Makefile  |   7 ++
 dev/c/src/basic/NEWS      |   0
 dev/c/src/basic/README    |   0
 dev/c/src/basic/basic.c   |   3 +
 dev/c/src/basic/basic.h   |  27 +++++++
 dev/c/src/hello/Makefile  |   7 ++
 dev/c/src/hello/hello.c   |   6 ++
 dev/index.html            | 175 +++++-----------------------------------------
 dev/js/index.html         |  18 +++--
 dev/perl/index.html       |  16 ++++-
 dev/php/hello.html        |  83 ++++++++++++++++++++++
 dev/php/index.html        |  98 +++++++-------------------
 dev/python/hello.html     |  18 +++++
 dev/python/index.html     |  30 +++-----
 dev/shell/index.html      |  34 +++++++++
 22 files changed, 542 insertions(+), 271 deletions(-)
 create mode 100644 dev/c/basic.html
 create mode 100644 dev/c/hello.html
 create mode 100644 dev/c/src/basic/AUTHORS
 create mode 100644 dev/c/src/basic/ChangeLog
 create mode 100644 dev/c/src/basic/Makefile
 create mode 100644 dev/c/src/basic/NEWS
 create mode 100644 dev/c/src/basic/README
 create mode 100644 dev/c/src/basic/basic.c
 create mode 100644 dev/c/src/basic/basic.h
 create mode 100644 dev/c/src/hello/Makefile
 create mode 100644 dev/c/src/hello/hello.c
 create mode 100644 dev/php/hello.html
 create mode 100644 dev/python/hello.html
 create mode 100644 dev/shell/index.html

diff --git a/dev/c/basic.html b/dev/c/basic.html
new file mode 100644
index 0000000..104e59a
--- /dev/null
+++ b/dev/c/basic.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<html dir="ltr" lang="en">
+    <head>
+	<meta charset='utf-8'>
+	<title>C - Basic</title>
+    </head>
+    <body>
+        <a href="../index.html">C &amp; GDB Index</a>
+
+	<h1>C - Basic</h1>
+
+	<h2 ="sources">Multiple Sources</h2>
+
+	<p>To organize code in multiple files split above
+	example in main.c, hello.c and hello.h. Content of
+	main.c;<p>
+
+	<pre>
+	#include "hello.h"
+
+	int main() {
+	    hello("world");
+	    return 0;
+	}
+	</pre>
+
+	<p>Header file contains declaration of the function hello,
+	content of hello.h;</p>
+
+	<pre>
+	void hello(const char* name);
+	</pre>
+
+	<p>Implementation of hello function in hello.c;</p>
+
+	<pre>
+	#include &lt;stdio.h&gt;
+	#include "hello.h"
+
+	void hello(const char* name) {
+	    printf("Hello, %s!\n", name);
+	}
+	</pre>
+
+	<p>Compile;</p>
+
+	<pre>
+	$ gcc -Wall main.c hello.c -o hello
+	</pre>
+
+	<a href="../index.html">C &amp; GDB Index</a>
+	<p>
+	This is part of the Hive System Documentation.
+	Copyright (C) 2019
+	Hive Team.
+	See the file <a href="../../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
+	for copying conditions.</p>
+    </body>
+</html>
diff --git a/dev/c/datatypes.html b/dev/c/datatypes.html
index cbe19a2..77b5dbb 100644
--- a/dev/c/datatypes.html
+++ b/dev/c/datatypes.html
@@ -13,22 +13,27 @@
 
         <dl>
             <dt>char</dt>
-            <dd>Integer, one byte.</dd>
+            <dd>Integer is 1 byte.</dd>
+
             <dt>int</dt>
-            <dd>Integer.</dd>
+            <dd>Integer numbers 4 bytes (short is 2 bytes and long is 4 bytes)</dd>
+
             <dt>float</dt>
-            <dd>Single precision floating point.</dd>
+            <dd>Single precision floating point is 4 bytes.</dd>
+
             <dt>double</dt>
-            <dd>Double precision floating point.</dd>
+            <dd>Double precision floating point is 8 bytes.</dd>
+
             <dt>void</dt>
             <dd>Absence of type.</dd>
         </dl>
 
-
         <h2 id="datatypes">Data types</h2>
 
         <h2 id="int">Integer</h2>
+
         <p>Allowed <a href="elements.html#types">types</a> are char and int;</p>
+
         <dl>
             <dt>signed char</dt>
             <dd>8 bit, from -128 to 127.</dd>
@@ -93,7 +98,7 @@
 
         <pre>
         struct point {
-            int x, y;
+            int x, y, z;
         } first_point;
         struct point second_point;
         </pre>
diff --git a/dev/c/hello.html b/dev/c/hello.html
new file mode 100644
index 0000000..ff31bc9
--- /dev/null
+++ b/dev/c/hello.html
@@ -0,0 +1,134 @@
+<!DOCTYPE html>
+<html dir="ltr" lang="en">
+    <head>
+	<meta charset='utf-8'>
+	<title>C &amp; GDB</title>
+    </head>
+    <body>
+        <a href="../index.html">C &amp; GDB Index</a>
+
+	<h1>Hello World</h1>
+
+        <p>C "allows to implement" or approach to various
+        programming paradigms but due to it's characteristics
+        it's more a procedural language. C procedural programs
+        are divided in smaller procedures, or functions, and
+        data or pointers to data are passed into them or is
+        shared between them. To get started create file
+        hello.c with;</p>
+
+	<pre>
+	#include &lt;stdio.h&gt;
+
+	int main() {
+	    printf("Hello World!");
+	    return 0;
+	}
+	</pre>
+
+	<p>Compile;</p>
+
+	<pre>
+	$ gcc -Wall hello.c -o hello
+	</pre>
+
+	<p>Run;</p>
+
+	<pre>
+	$./hello
+	Hello World!
+	</pre>
+
+	<h2 id="makefile">Makefile</h2>
+
+	<p>Make reads a Makefile by default on current directory,
+	Makefile defines targets, for example executables and their
+	dependencies, for example object files and source files.<p>
+
+	<p>Create Makefile;</p>
+
+	<pre>
+	CC=gcc
+	CFLAGS=-Wall
+
+	hello: main.o hello.o
+
+	clean:
+		rm -f hello main.o hello.o
+	</pre>
+
+	<pre>
+	$ touch NEWS README AUTHORS ChangeLog
+	</pre>
+
+	<h2 id="debug">Debug</h2>
+
+	<p>To use gdb you need to compile program with -g flag. Change
+	Makefile</p>
+
+	<pre>
+	CC=gcc
+	CFLAGS=-Wall -g
+
+	hello: main.o hello.o
+
+	clean:
+		rm -f hello main.o hello.o
+	</pre>
+
+	<pre>
+	$ gdb hello
+	</pre>
+
+	<p>Set break point;</p>
+
+	<pre>
+	(gdb) break main
+	</pre>
+
+	<p>To start the program you can type run, this way gdb
+	will try to run the program until the end. If program
+	crash, gdb will stop it for debuging. Start program;</p>
+
+	<pre>
+	(gdb) run
+	</pre>
+
+	<p>Step in next line;</p>
+
+	<pre>
+	(gdb) s
+	</pre>
+
+        <p>Print variable "name" value;</p>
+
+        <pre>
+        (gdb) print name
+        $1 = 0x4005b0 "world"
+        (gdb)
+        </pre>
+
+        <p>Print variable "name" type;</p>
+
+        <pre>
+        (gdb) ptype name
+        type = const char *
+        (gdb)
+        </pre>
+
+        <p>Variable is a <a href="elements.html#const">string constant</a>.
+        Execute next line to end;</p>
+
+	<pre>
+	(gdb) n
+	</pre>
+
+        <a href="../index.html">C &amp; GDB Index</a>
+	<p>
+	This is part of the Hive System Documentation.
+	Copyright (C) 2019
+	Hive Team.
+	See the file <a href="../../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
+	for copying conditions.</p>
+    </body>
+</html>
diff --git a/dev/c/index.html b/dev/c/index.html
index 2f0c068..3c48776 100644
--- a/dev/c/index.html
+++ b/dev/c/index.html
@@ -7,6 +7,78 @@
     <body>
 	<a href="../index.html">Development Index</a>
 
+        <h1>C &amp; GDB</h1>
+
+	<ul>
+	    <li><a href="hello.html">Hello World</a>
+		<ul>
+		    <li><a href="hello.html#makefile">Makefile</a></li>
+		    <li><a href="hello.html#debug">Debug</a></li>
+		</ul>
+	    </li>
+	    <li><a href="elements.html">Elements</a>
+		<ul>
+		    <li><a href="elements.html#ident">Identifiers</a></li>
+		    <li><a href="elements.html#keywords">Keywords</a></li>
+		    <li><a href="elements.html#const">Constants</a></li>
+		    <li><a href="elements.html#op">Operators</a></li>
+		    <li><a href="elements.html#sep">Separators</a></li>
+		    <li><a href="elements.html#white">White space</a></li>
+		</ul>
+	    </li>
+	    <li><a href="datatypes.html">Datatypes</a>
+		<ul>
+		    <li><a href="datatypes.html#types">Types</a></li>
+		    <li><a href="datatypes.html#int">Integer</a></li>
+		    <li><a href="datatypes.html#double">Real number</a></li>
+		    <li><a href="datatypes.html#complex">Complex number</a></li>
+		    <li><a href="datatypes.html#enum">Enumeration</a></li>
+		    <li><a href="datatypes.html#union">Unions</a></li>
+		    <li><a href="datatypes.html#struct">Structures</a></li>
+		    <li><a href="datatypes.html#array">Arrays</a></li>
+		    <li><a href="datatypes.html#pointer">Pointers</a></li>
+		    <li><a href="datatypes.html#it">Incomplete types</a></li>
+		    <li><a href="datatypes.html#tq">Type qualifiers</a></li>
+		    <li><a href="datatypes.html#st">Storage class</a></li>
+		    <li><a href="datatypes.html#format">Format type specifiers</a></li>
+		</ul>
+	    </li>
+
+	    <li><a href="">Operators &amp; Expressions</a></li>
+	    <li><a href="">Control Flow</a></li>
+	    <li><a href="">Functions</a></li>
+	    <li><a href="">Input &amp; Output</a></li>
+            <li><a href="basic.html">Basic</a>
+		<ul>
+		    <li><a href="basic.html#sources">Multiple sources</a></li>
+		</ul>
+	    </li>
+	    <li><a href="lib.html">Libraries</a>
+		<ul>
+		    <li><a href="lib.html#basic">Basic libraries</a></li>
+		    <li><a href="lib.html#advanced">Advanced libraries</a></li>
+		    <li><a href="lib.html#random-numbers">Random Numbers</a></li>
+		    <li><a href="lib.html#signals">Signals</a></li>
+		    <li><a href="lib.html#sorting">Sorting</a></li>
+		    <li><a href="lib.html#strings">Strings</a></li>
+		    <li><a href="lib.html#inter-process-communication">Inter Process Communication</a></li>
+		    <li><a href="lib.html#file-io">File IO</a></li>
+		    <li><a href="lib.html#shared-memory">Shared Memory</a></li>
+		    <li><a href="lib.html#networking">Networking</a></li>
+		    <li><a href="lib.html#threads">Threads</a></li>
+		</ul>
+
+
+	    </li>
+	    <li><a href="c/debugging.html">Debugging</a></li>
+	    <li><a href="c/system.html">System Development</a></li>
+	</ul>
+
+	<ul>
+	    <li><a href="http://inti.sourceforge.net/tutorial/libinti/autotoolsproject.html">Autotools</a></li>
+	</ul>
+
+
 	<h1>C &amp; GDB</h1>
 
 	<h2 id="hello">Hello World</h2>
diff --git a/dev/c/lib.html b/dev/c/lib.html
index 4b6c07e..4531d7a 100644
--- a/dev/c/lib.html
+++ b/dev/c/lib.html
@@ -5,7 +5,7 @@
         <title>Libraries</title>
     </head>
     <body>
-        <a href="../index.html">Development Index</a>
+        <a href="../index.html">C &amp; GDB Index</a>
 
 
         <h1>Libraries</h1>
@@ -13,12 +13,12 @@
         <h2 id="basic">Basic</h2>
 
         <dl>
-            <dt>include &lt;unistd.h&gt;</dt>
+            <dt>@include &lt;unistd.h&gt;</dt>
             <dd>fork, pipe and I/O primitives (read, write, close, etc.)
             + primitve types like uid_t, pid_t etc</dd>
 
             <dt>#include &lt;stdlib.h&gt;</dt>
-            <dd>Standard lib, contains primitves for number conversion
+            <dd>Standard lib, contains primitives for number conversion
             and memory allocation</dd>
             <dt>#include &lt;stdio.h&gt;</dt>
             <dd>Basic i/o lib: printf etc</dd>
@@ -243,7 +243,7 @@
         void pthread_exit(void *value_ptr);
         </pre>
 
-        <a href="../index.html">Development Index</a>
+        <a href="../index.html">C &amp; GDB Index</a>
 
         <p>
         This is part of the Hive System Documentation.
diff --git a/dev/c/src/basic/AUTHORS b/dev/c/src/basic/AUTHORS
new file mode 100644
index 0000000..dcfefd1
--- /dev/null
+++ b/dev/c/src/basic/AUTHORS
@@ -0,0 +1 @@
+Silvino Silva, silvino at bk dot ru
diff --git a/dev/c/src/basic/ChangeLog b/dev/c/src/basic/ChangeLog
new file mode 100644
index 0000000..e69de29
diff --git a/dev/c/src/basic/Makefile b/dev/c/src/basic/Makefile
new file mode 100644
index 0000000..f165c15
--- /dev/null
+++ b/dev/c/src/basic/Makefile
@@ -0,0 +1,7 @@
+CC=gcc
+CFLAGS=-Wall
+
+basic-c: main.o basic.o
+
+clean:
+	rm -f *.o basic-c
diff --git a/dev/c/src/basic/NEWS b/dev/c/src/basic/NEWS
new file mode 100644
index 0000000..e69de29
diff --git a/dev/c/src/basic/README b/dev/c/src/basic/README
new file mode 100644
index 0000000..e69de29
diff --git a/dev/c/src/basic/basic.c b/dev/c/src/basic/basic.c
new file mode 100644
index 0000000..744b739
--- /dev/null
+++ b/dev/c/src/basic/basic.c
@@ -0,0 +1,3 @@
+#include "basic.h"
+
+
diff --git a/dev/c/src/basic/basic.h b/dev/c/src/basic/basic.h
new file mode 100644
index 0000000..6eef13f
--- /dev/null
+++ b/dev/c/src/basic/basic.h
@@ -0,0 +1,27 @@
+enum operations{deposit, redraw}
+
+union u_account {
+    int id;
+    int value;
+    char *client_name;
+    int *log_head;
+    union u_account *next;
+}
+
+struct s_accounts {
+    int total_accounts;
+    int total_value;
+    union u_account *head_account;
+}
+
+struct s_operation {
+    int time, amount;
+    enum operations op;
+    struct s_operation *next;
+}
+
+struct s_log {
+    int number;
+    struct s_operation *operation;
+    struct s_log *next;
+}
diff --git a/dev/c/src/hello/Makefile b/dev/c/src/hello/Makefile
new file mode 100644
index 0000000..a6d9f07
--- /dev/null
+++ b/dev/c/src/hello/Makefile
@@ -0,0 +1,7 @@
+CC=gcc
+CFLAGS=-Wall
+
+hello: hello.o
+
+clean:
+	rm -f *.o hello
diff --git a/dev/c/src/hello/hello.c b/dev/c/src/hello/hello.c
new file mode 100644
index 0000000..df66493
--- /dev/null
+++ b/dev/c/src/hello/hello.c
@@ -0,0 +1,6 @@
+#include <stdio.h>
+
+int main() {
+    printf("hello World!");
+    return 0;
+}
diff --git a/dev/index.html b/dev/index.html
index 576cada..5c55583 100644
--- a/dev/index.html
+++ b/dev/index.html
@@ -11,171 +11,28 @@
 
 	<p>Tools for development and debugging</p>
 
-	<h2>Git</h2>
+        <dl>
+            <dt><a href="git/index.html">Git</a></dt>
+            <dd>Git is a distributed version control system, for example this document is meant to be distributed using git.</dd>
+            <dt><a href="c/index.html">C &amp; GDB</a></dt>
+            <dd>C is compiled language created by Dennis Ritchie. BSD, Linux and Minix kernels use this language as primary language.</dd>
 
-	<p>Git is a distributed version control system, for example this document is meant to be distributed using git.</p>
-	<ul>
-            <li><a href="git/install.html">1. Install and configure</a></li>
-	    <li><a href="git/work.html">2. Work.</a>
-		<ul>
-	            <li><a href="git/work.html#local">2.1. Local workflow</a>
-		    <li><a href="git/work.html#logdiff">2.2. Logs and commits</a></li>
-		    <li><a href="git/work.html#remote">2.3. Working with remotes</a></li>
-		</ul>
-	    </li>
+            <dt><a href="shell/index.html">Shell scriptiong</a></dt>
+	    <dd>Script files that start with "#!/bin/sh" use dash (in crux), /bin/sh is a link to dash, while files that start with "#!/bin/bash" use bash;</dd>
+            <dt><a href="python/index.html">Python</a></dt>
 
-	    <li><a href="git/branch.html">3. Branches</a>
-		<ul>
-		    <li><a href="git/branch.html#teamwork">3.1. Team workflow</a></li>
-		    <li><a href="git/branch.html#feature">3.2. Feature</a></li>
-		    <li><a href="git/branch.html#release">3.3. Release</a></li>
-		    <li><a href="git/branch.html#tags">3.4. Tags</a></li>
-		    <li><a href="git/branch.html#hotfix">3.5. Hotfix</a></li>
-		</ul>
-	    </li>
-	</ul>
+            <dd>Python is an interpreted, interactive, object-oriented programming language.</dd>
 
+            <dt><a href="perl/index.html">Perl</a></dt>
+            <dd>Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages. "Perl" usually refers to Perl 5, but it may also refer to its redesigned "sister language", Perl 6.</dd>
 
-	<h2 id="c">C &amp; GDB</h2>
+            <dt><a href="javascript/index.html">JavaScript</a></dt>
+            <dd>JavaScript is a high-level, interpreted programming language that conforms to the ECMAScript specification. JavaScript has curly-bracket syntax, dynamic typing, prototype-based object-orientation, and first-class functions.</dd>
 
-	<p>C is functional compiled language created by Dennis Ritchie. BSD, Linux and Minix kernels use this language
-	as primary language.</p>
-
-	<ul>
-	    <li><a href="c/index.html">Hello World</a>
-		<ul>
-		    <li><a href="c/index.html#sources">Multiple sources</a></li>
-		    <li><a href="c/index.html#makefile">Makefile</a></li>
-		    <li><a href="c/index.html#debug">Debug</a></li>
-		</ul>
-	    </li>
-	    <li><a href="c/elements.html">Elements</a>
-		<ul>
-		    <li><a href="c/elements.html#ident">Identifiers</a></li>
-		    <li><a href="c/elements.html#keywords">Keywords</a></li>
-		    <li><a href="c/elements.html#const">Constants</a></li>
-		    <li><a href="c/elements.html#op">Operators</a></li>
-		    <li><a href="c/elements.html#sep">Separators</a></li>
-		    <li><a href="c/elements.html#white">White space</a></li>
-		</ul>
-	    </li>
-	    <li><a href="c/datatypes.html">Datatypes</a>
-		<ul>
-		    <li><a href="c/datatypes.html#types">Types</a></li>
-		    <li><a href="c/datatypes.html#int">Integer</a></li>
-		    <li><a href="c/datatypes.html#double">Real number</a></li>
-		    <li><a href="c/datatypes.html#complex">Complex number</a></li>
-		    <li><a href="c/datatypes.html#enum">Enumeration</a></li>
-		    <li><a href="c/datatypes.html#union">Unions</a></li>
-		    <li><a href="c/datatypes.html#struct">Structures</a></li>
-		    <li><a href="c/datatypes.html#array">Arrays</a></li>
-		    <li><a href="c/datatypes.html#pointer">Pointers</a></li>
-		    <li><a href="c/datatypes.html#it">Incomplete types</a></li>
-		    <li><a href="c/datatypes.html#tq">Type qualifiers</a></li>
-		    <li><a href="c/datatypes.html#st">Storage class</a></li>
-		    <li><a href="c/datatypes.html#format">Format type specifiers</a></li>
-		</ul>
-	    </li>
-
-	    <li><a href="">Operators &amp; Expressions</a></li>
-	    <li><a href="">Control Flow</a></li>
-	    <li><a href="">Functions</a></li>
-	    <li><a href="">Input &amp; Output</a></li>
-	    <li><a href="c/lib.html">Libraries</a>
-		<ul>
-		    <li><a href="c/lib.html#basic">Basic libraries</a></li>
-		    <li><a href="c/lib.html#advanced">Advanced libraries</a></li>
-		    <li><a href="c/lib.html#random-numbers">Random Numbers</a></li>
-		    <li><a href="c/lib.html#signals">Signals</a></li>
-		    <li><a href="c/lib.html#sorting">Sorting</a></li>
-		    <li><a href="c/lib.html#strings">Strings</a></li>
-		    <li><a href="c/lib.html#inter-process-communication">Inter Process Communication</a></li>
-		    <li><a href="c/lib.html#file-io">File IO</a></li>
-		    <li><a href="c/lib.html#shared-memory">Shared Memory</a></li>
-		    <li><a href="c/lib.html#networking">Networking</a></li>
-		    <li><a href="c/lib.html#threads">Threads</a></li>
-		</ul>
-
-
-	    </li>
-	    <li><a href="c/debugging.html">Debugging</a></li>
-	    <li><a href="c/system.html">System Development</a></li>
-	</ul>
-
-	<ul>
-	    <li><a href="http://inti.sourceforge.net/tutorial/libinti/autotoolsproject.html">Autotools</a></li>
-	</ul>
-
-	<h2>Shell Script</h2>
-
-	<p>Script files that start with "#!/bin/sh" use dash (in crux),
-	/bin/sh is a link to dash, while files that start with "#!/bin/bash"
-	use bash;</p>
-
-	<ul>
-	    <li><a href="shell/dash.html">Dash - Scripting</a>
-		<ul>
-		    <li><a href="shell/dash.html#hello">Hello World</a></li>
-		    <li><a href="shell/dash.html#var">Types &amp; Variables</a></li>
-		    <li><a href="">Operators &amp; Expressions</a></li>
-		    <li><a href="shell/dash.html#if">Control Flow</a></li>
-		    <li><a href="">Functions</a></li>
-		    <li><a href="shell/dash.html#io">Input &amp; Output</a></li>
-		</ul>
-	    </li>
-	</ul>
-
-	<h2>Python</h2>
-	<ul>
-	    <li><a href="python/index.html">Hello World</a></li>
-	    <li><a href="">Types &amp; Variables</a></li>
-	    <li><a href="">Operators &amp; Expressions</a></li>
-	    <li><a href="">Control Flow</a></li>
-	    <li><a href="">Functions</a></li>
-	    <li><a href="">Input &amp; Output</a></li>
-	</ul>
-
-	<h2>Perl</h2>
-	<ul>
-	    <li><a href="perl/index.html">Hello World</a></li>
-	    <li><a href="">Types &amp; Variables</a></li>
-	    <li><a href="">Operators &amp; Expressions</a></li>
-	    <li><a href="">Control Flow</a></li>
-	    <li><a href="">Functions</a></li>
-	    <li><a href="">Input &amp; Output</a></li>
-	</ul>
-
-
-	<h2>JavaScript</h2>
-	<ul>
-	    <li><a href="js/index.html">Hello World</a></li>
-	    <li><a href="">Types &amp; Variables</a></li>
-	    <li><a href="">Operators &amp; Expressions</a></li>
-	    <li><a href="">Control Flow</a></li>
-	    <li><a href="">Functions</a></li>
-	    <li><a href="">Input &amp; Output</a></li>
-	</ul>
-
-	<h2>PHP</h2>
-	<ul>
-	    <li><a href="php/index.html">Hello World</a>
-                <ul>
-                    <li><a href="php/index.html#profiling">Profiling</a></li>
-                    <li><a href="php/index.html#testing">Testing</a></li>
-                </ul>
-            </li>
-	    <li><a href="">Types &amp; Variables</a></li>
-	    <li><a href="">Operators &amp; Expressions</a></li>
-	    <li><a href="">Control Flow</a></li>
-	    <li><a href="">Functions</a></li>
-	    <li><a href="">Input &amp; Output</a></li>
-	</ul>
-
-	<ul>
-	    <li><a href="php/laravel.html">Laravel Framework</a></li>
-	    <li>PHP Unit</li>
-	</ul>
+            <dt><a href="php/index.html">PHP</a></dt>
 
+            <dd>PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.</dd>
+        </dl>
 	<a href="../index.html">Documentation Index</a>
 	<p>
 	This is part of the Hive System Documentation.
diff --git a/dev/js/index.html b/dev/js/index.html
index 66c0be1..ad746fd 100644
--- a/dev/js/index.html
+++ b/dev/js/index.html
@@ -2,23 +2,27 @@
 <html dir="ltr" lang="en">
     <head>
         <meta charset='utf-8'>
-        <title>c9 JavaScript</title>
+        <title>JavaScript</title>
     </head>
     <body>
         <a href="../index.html">Development Index</a>
 
-        <h1>c9 JavaScript</h1>
+        <h1>JavaScript</h1>
+	<ul>
+	    <li><a href="js/index.html">Hello World</a></li>
+	    <li><a href="">Types &amp; Variables</a></li>
+	    <li><a href="">Operators &amp; Expressions</a></li>
+	    <li><a href="">Control Flow</a></li>
+	    <li><a href="">Functions</a></li>
+	    <li><a href="">Input &amp; Output</a></li>
+	</ul>
 
         <a href="../index.html">Development Index</a>
         <p>
         This is part of the Hive System Documentation.
-        Copyright (C) 2018
+        Copyright (C) 2019
         Hive Team.
         See the file <a href="../../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
         for copying conditions.</p>
-
-
     </body>
-
 </html>
-
diff --git a/dev/perl/index.html b/dev/perl/index.html
index dbef1e1..9fe7ad3 100644
--- a/dev/perl/index.html
+++ b/dev/perl/index.html
@@ -2,17 +2,27 @@
 <html dir="ltr" lang="en">
     <head>
         <meta charset='utf-8'>
-        <title>c9 Perl</title>
+        <title>Perl</title>
     </head>
     <body>
         <a href="../index.html">Development Index</a>
 
-        <h1>c9 Perl</h1>
+        <h1>Perl</h1>
+
+	<ul>
+	    <li><a href="perl/index.html">Hello World</a></li>
+	    <li><a href="">Types &amp; Variables</a></li>
+	    <li><a href="">Operators &amp; Expressions</a></li>
+	    <li><a href="">Control Flow</a></li>
+	    <li><a href="">Functions</a></li>
+	    <li><a href="">Input &amp; Output</a></li>
+	</ul>
+
 
         <a href="../index.html">Development Index</a>
         <p>
         This is part of the Hive System Documentation.
-        Copyright (C) 2018
+        Copyright (C) 2019
         Hive Team.
         See the file <a href="../../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
         for copying conditions.</p>
diff --git a/dev/php/hello.html b/dev/php/hello.html
new file mode 100644
index 0000000..cc0f82a
--- /dev/null
+++ b/dev/php/hello.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html dir="ltr" lang="en">
+    <head>
+        <meta charset='utf-8'>
+        <title>PHP - Hello</title>
+    </head>
+    <body>
+        <a href="../index.html">PHP Index</a>
+
+        <h1>Hello World</h1>
+
+        <p>PHP comes with a built in server that helps to speed up
+        developing by not having to configure a system web server,
+        first create file index.php;</p>
+
+        <pre>
+        &lt;?php
+           echo "Hello World";
+        </pre>
+
+        <p>Now run the server;</p>
+
+        <pre>
+        $ php -S localhost:8000
+        </pre>
+
+        <p>Open your browser and browse http://localhost:8000,
+        you should see "Hello World".</p>
+
+        <h2 id="profiling">Profiling</h2>
+
+        <h2 id="testing">Testing</h2>
+
+        <p>Create folder tests for phpunit files with settings, inside
+        create another called tests to create tests to be performed on
+        the code.</p>
+
+        <pre>
+        $ mkdir -p tests/tests
+        $ cd tests
+        </pre>
+
+        <p>Create a test tests/EngineTest.php;</p>
+
+       <pre>
+       &lt;?php
+        declare(strict_types=1);
+
+        use PHPUnit\Framework\TestCase;
+
+        final class EngineTest extends TestCase {
+
+            public function testCanBeCreated(){
+
+                   $engine = new engine();
+
+                   $this-&gt;assertInstanceOf(engine::class, $engine);
+
+            }
+        }
+       </pre>
+
+        <p>Create phpunit.xml;</p>
+
+       <pre>
+       $ phpunit --generate-configuration
+       </pre>
+
+       <p>Run the test;</p>
+
+       <pre>
+       $ phpunit
+       </pre>
+
+        <a href="../index.html">PHP Index</a>
+        <p>
+        This is part of the Hive System Documentation.
+        Copyright (C) 2018
+        Hive Team.
+        See the file <a href="../../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
+        for copying conditions.</p>
+    </body>
+</html>
diff --git a/dev/php/index.html b/dev/php/index.html
index fdb2b09..fb25bcf 100644
--- a/dev/php/index.html
+++ b/dev/php/index.html
@@ -2,89 +2,41 @@
 <html dir="ltr" lang="en">
     <head>
         <meta charset='utf-8'>
-        <title>c9 PHP</title>
+        <title>PHP</title>
     </head>
     <body>
         <a href="../index.html">Development Index</a>
 
-        <h1>c9 PHP</h1>
-
-
-        <h2>Hello World</h2>
-
-        <p>PHP comes with a built in server that helps to speed up
-        developing by not having to configure a system web server,
-        first create file index.php;</p>
-
-        <pre>
-        &lt;?php
-           echo "Hello World";
-        </pre>
-
-        <p>Now run the server;</p>
-
-        <pre>
-        $ php -S localhost:8000
-        </pre>
-
-        <p>Open your browser and browse http://localhost:8000,
-        you should see "Hello World".</p>
-
-        <h2 id="profiling">Profiling</h2>
-
-        <h2 id="testing">Testing</h2>
-
-        <p>Create folder tests for phpunit files with settings, inside
-        create another called tests to create tests to be performed on
-        the code.</p>
-
-        <pre>
-        $ mkdir -p tests/tests
-        $ cd tests
-        </pre>
-
-        <p>Create a test tests/EngineTest.php;</p>
-
-       <pre>
-       &lt;?php
-        declare(strict_types=1);
-
-        use PHPUnit\Framework\TestCase;
-
-        final class EngineTest extends TestCase {
-
-            public function testCanBeCreated(){
-
-                   $engine = new engine();
-
-                   $this-&gt;assertInstanceOf(engine::class, $engine);
-
-            }
-        }
-       </pre>
-
-        <p>Create phpunit.xml;</p>
-
-       <pre>
-       $ phpunit --generate-configuration
-       </pre>
-
-       <p>Run the test;</p>
-
-       <pre>
-       $ phpunit
-       </pre>
+        <h1>PHP</h1>
+
+	<ul>
+	    <li><a href="hello.html">Hello World</a>
+                <ul>
+                    <li><a href="hello.html#profiling">Profiling</a></li>
+                    <li><a href="hello.html#testing">Testing</a></li>
+                </ul>
+            </li>
+	    <li><a href="">Types &amp; Variables</a></li>
+	    <li><a href="">Operators &amp; Expressions</a></li>
+	    <li><a href="">Control Flow</a></li>
+	    <li><a href="">Functions</a></li>
+	    <li><a href="">Input &amp; Output</a></li>
+	</ul>
+
+	<ul>
+	    <li><a href="laravel.html">Laravel Framework</a></li>
+	</ul>
+        <ul>
+            
+	    <li>PHP Unit</li>
+        </ul>
 
         <a href="../index.html">Development Index</a>
         <p>
         This is part of the Hive System Documentation.
-        Copyright (C) 2018
+        Copyright (C) 2019
         Hive Team.
         See the file <a href="../../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
         for copying conditions.</p>
-
-
     </body>
-
 </html>
-
diff --git a/dev/python/hello.html b/dev/python/hello.html
new file mode 100644
index 0000000..8636452
--- /dev/null
+++ b/dev/python/hello.html
@@ -0,0 +1,18 @@
+        <h1>c9 Python</h1>
+
+        <pre>
+        test="/root/data"
+        dir= test + "/other"
+        print(dir)
+        </pre>
+
+        <p>Debugging;</p>
+
+        <pre>
+        import pdb
+        pdb.set_trace()
+        </pre>
+
+        <p>Run your program;</p>
+
+
diff --git a/dev/python/index.html b/dev/python/index.html
index 814e3f2..687df20 100644
--- a/dev/python/index.html
+++ b/dev/python/index.html
@@ -2,37 +2,29 @@
 <html dir="ltr" lang="en">
     <head>
         <meta charset='utf-8'>
-        <title>c9 Python</title>
+        <title>Python</title>
     </head>
     <body>
         <a href="../index.html">Development Index</a>
 
-        <h1>c9 Python</h1>
-
-        <pre>
-        test="/root/data"
-        dir= test + "/other"
-        print(dir)
-        </pre>
-
-        <p>Debugging;</p>
-
-        <pre>
-        import pdb
-        pdb.set_trace()
-        </pre>
-
-        <p>Run your program;</p>
+        <h1>Python</h1>
+	<ul>
+	    <li><a href="hello.html">Hello World</a></li>
+	    <li><a href="">Types &amp; Variables</a></li>
+	    <li><a href="">Operators &amp; Expressions</a></li>
+	    <li><a href="">Control Flow</a></li>
+	    <li><a href="">Functions</a></li>
+	    <li><a href="">Input &amp; Output</a></li>
+	</ul>
 
         <a href="../index.html">Development Index</a>
         <p>
         This is part of the Hive System Documentation.
-        Copyright (C) 2018
+        Copyright (C) 2019
         Hive Team.
         See the file <a href="../../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
         for copying conditions.</p>
 
-
     </body>
 
 </html>
diff --git a/dev/shell/index.html b/dev/shell/index.html
new file mode 100644
index 0000000..f41d691
--- /dev/null
+++ b/dev/shell/index.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html dir="ltr" lang="en">
+    <head>
+	<meta charset='utf-8'>
+	<title>Shell scripting</title>
+    </head>
+    <body>
+	<a href="../index.html">Development Index</a>
+
+        <h1>Shell scripting</h1>
+
+	<ul>
+	    <li><a href="shell/dash.html">Dash - Scripting</a>
+		<ul>
+		    <li><a href="shell/dash.html#hello">Hello World</a></li>
+		    <li><a href="shell/dash.html#var">Types &amp; Variables</a></li>
+		    <li><a href="">Operators &amp; Expressions</a></li>
+		    <li><a href="shell/dash.html#if">Control Flow</a></li>
+		    <li><a href="">Functions</a></li>
+		    <li><a href="shell/dash.html#io">Input &amp; Output</a></li>
+		</ul>
+	    </li>
+	</ul>
+
+	<a href="../index.html">Documentation Index</a>
+	<p>
+	This is part of the Hive System Documentation.
+	Copyright (C) 2019
+	Hive Team.
+	See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
+	for copying conditions.</p>
+    </body>
+
+</html>
-- 
cgit 1.4.1-2-gfad0


From eddfa5ed593e67c9b2e6c53382b4fe044663451a Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Wed, 26 Jun 2019 17:10:12 +0100
Subject: core iptables revision

---
 core/conf/iptables/bridge.v4     | 220 +++++++++++++++++++++++++++++++++++++++
 core/conf/iptables/client.v4     | 211 +++++++++++++++++++++++++++++++++++++
 core/conf/iptables/ipt-bridge.sh |   4 +-
 core/conf/iptables/ipt-client.sh |  48 +++++++++
 core/conf/iptables/ipt-conf.sh   |  16 +--
 core/conf/iptables/ipt-open.sh   |  47 ---------
 core/conf/iptables/ipt-server.sh |   2 +-
 core/conf/iptables/open.v4       | 210 -------------------------------------
 core/conf/rc.d/iptables          |  86 ++++++++++-----
 core/conf/skel/.bashrc           |   4 +-
 10 files changed, 556 insertions(+), 292 deletions(-)
 create mode 100644 core/conf/iptables/bridge.v4
 create mode 100644 core/conf/iptables/client.v4
 create mode 100644 core/conf/iptables/ipt-client.sh
 delete mode 100644 core/conf/iptables/ipt-open.sh
 delete mode 100644 core/conf/iptables/open.v4

diff --git a/core/conf/iptables/bridge.v4 b/core/conf/iptables/bridge.v4
new file mode 100644
index 0000000..35bfef4
--- /dev/null
+++ b/core/conf/iptables/bridge.v4
@@ -0,0 +1,220 @@
+# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019
+*security
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+# Completed on Wed Jun 26 15:44:59 2019
+# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019
+*raw
+:PREROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+# Completed on Wed Jun 26 15:44:59 2019
+# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+COMMIT
+# Completed on Wed Jun 26 15:44:59 2019
+# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019
+*mangle
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+COMMIT
+# Completed on Wed Jun 26 15:44:59 2019
+# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT DROP [0:0]
+:blocker - [0:0]
+:cli_dns_in - [0:0]
+:cli_dns_out - [0:0]
+:cli_ftp_in - [0:0]
+:cli_ftp_out - [0:0]
+:cli_git_in - [0:0]
+:cli_git_out - [0:0]
+:cli_gpg_in - [0:0]
+:cli_gpg_out - [0:0]
+:cli_http_in - [0:0]
+:cli_http_out - [0:0]
+:cli_https_in - [0:0]
+:cli_https_out - [0:0]
+:cli_irc_in - [0:0]
+:cli_irc_out - [0:0]
+:cli_pops_in - [0:0]
+:cli_pops_out - [0:0]
+:cli_smtps_in - [0:0]
+:cli_smtps_out - [0:0]
+:cli_ssh_in - [0:0]
+:cli_ssh_out - [0:0]
+:srv_db_in - [0:0]
+:srv_db_out - [0:0]
+:srv_dhcp - [0:0]
+:srv_dns_in - [0:0]
+:srv_dns_out - [0:0]
+:srv_git_in - [0:0]
+:srv_git_out - [0:0]
+:srv_http_in - [0:0]
+:srv_http_out - [0:0]
+:srv_https_in - [0:0]
+:srv_https_out - [0:0]
+:srv_icmp - [0:0]
+:srv_rip - [0:0]
+:srv_ssh_in - [0:0]
+:srv_ssh_out - [0:0]
+-A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
+-A INPUT -s 10.0.0.254/32 -d 10.0.0.254/32 -i lo -j ACCEPT
+-A INPUT -j blocker
+-A INPUT -d 10.0.0.254/32 -i br0 -p tcp -m tcp --sport 3030 --dport 1024:65535 -j DROP
+-A INPUT -i br0 -j srv_dhcp
+-A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i br0 -j srv_dns_in
+-A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i br0 -j srv_icmp
+-A INPUT -s 10.0.0.0/8 -d 10.0.0.254/32 -i br0 -j srv_ssh_in
+-A INPUT -s 212.55.154.174/32 -d 10.0.0.254/32 -i br0 -j cli_dns_in
+-A INPUT -d 10.0.0.254/32 -i br0 -j cli_https_in
+-A INPUT -d 10.0.0.254/32 -i br0 -j cli_git_in
+-A INPUT -d 10.0.0.254/32 -i br0 -j cli_ssh_in
+-A INPUT -j LOG --log-prefix "iptables: INPUT: " --log-level 7
+-A FORWARD -s 10.0.0.0/8 -d 10.0.0.0/8 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 0.0.0.0/32 -d 255.255.255.255/32 -i br0 -o br0 -j srv_dhcp
+-A FORWARD -s 10.0.0.0/8 -i br0 -o br0 -j ACCEPT
+-A FORWARD -s 212.55.154.174/32 -d 10.0.0.254/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j cli_dns_in
+-A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_http_in
+-A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_https_in
+-A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_ssh_in
+-A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_git_in
+-A FORWARD -i br0 -o br0 -p tcp -m physdev --physdev-in enp8s0 -m tcp --sport 443 --dport 1024:65535 -j ACCEPT
+-A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7
+-A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -o lo -j ACCEPT
+-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.254/32 -o lo -j ACCEPT
+-A OUTPUT -s 10.0.0.254/32 -o br0 -p tcp -m tcp --sport 1024:65535 --dport 3030 -j DROP
+-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j srv_dhcp
+-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j srv_dns_out
+-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j srv_ssh_out
+-A OUTPUT -s 10.0.0.254/32 -o br0 -j srv_git_out
+-A OUTPUT -o br0 -j srv_icmp
+-A OUTPUT -s 10.0.0.254/32 -d 212.55.154.174/32 -o br0 -j cli_dns_out
+-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j cli_ssh_out
+-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j cli_git_out
+-A OUTPUT -s 10.0.0.254/32 -d 10.0.0.0/8 -o br0 -j cli_http_out
+-A OUTPUT -s 10.0.0.254/32 -o br0 -j cli_https_out
+-A OUTPUT -s 10.0.0.254/32 -o br0 -j cli_git_out
+-A OUTPUT -s 10.0.0.254/32 -o br0 -j cli_http_out
+-A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7
+-A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop sync: " --log-level 7
+-A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
+-A blocker -f -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop frag: "
+-A blocker -f -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop null: "
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
+-A blocker -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop syn rst syn rs"
+-A blocker -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop xmas: "
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop fin scan: "
+-A blocker -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
+-A blocker -j RETURN
+-A cli_dns_in -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT
+-A cli_dns_in -j RETURN
+-A cli_dns_out -p udp -m udp --sport 1024:65535 --dport 53 -j ACCEPT
+-A cli_dns_out -j RETURN
+-A cli_ftp_in -p tcp -m tcp --sport 21 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_ftp_in -p tcp -m tcp --sport 20 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A cli_ftp_in -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_ftp_in -j RETURN
+-A cli_ftp_out -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_ftp_out -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT
+-A cli_ftp_out -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A cli_ftp_out -j RETURN
+-A cli_git_in -p tcp -m tcp --sport 9418 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_git_in -j RETURN
+-A cli_git_out -p tcp -m tcp --sport 1024:65535 --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_git_out -j RETURN
+-A cli_gpg_in -p tcp -m tcp --sport 11371 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_gpg_in -j RETURN
+-A cli_gpg_out -p tcp -m tcp --sport 1024:65535 --dport 11371 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_gpg_out -j RETURN
+-A cli_http_in -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_http_in -p udp -m udp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_http_in -j RETURN
+-A cli_http_out -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_http_out -p udp -m udp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_http_out -j RETURN
+-A cli_https_in -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_https_in -p udp -m udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_https_in -j RETURN
+-A cli_https_out -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_https_out -p udp -m udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_https_out -j RETURN
+-A cli_irc_in -p tcp -m tcp --sport 6667 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_irc_in -j RETURN
+-A cli_irc_out -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_irc_out -j RETURN
+-A cli_pops_in -p tcp -m tcp --sport 995 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_pops_in -j RETURN
+-A cli_pops_out -p tcp -m tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_pops_out -j RETURN
+-A cli_smtps_in -p tcp -m tcp --sport 465 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_smtps_in -j RETURN
+-A cli_smtps_out -p tcp -m tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_smtps_out -j RETURN
+-A cli_ssh_in -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_ssh_in -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_ssh_in -j RETURN
+-A cli_ssh_out -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_ssh_out -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_ssh_out -j RETURN
+-A srv_db_in -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_db_in -j RETURN
+-A srv_db_out -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A srv_db_out -j RETURN
+-A srv_dhcp -p udp -m udp --sport 68 --dport 67 -j ACCEPT
+-A srv_dhcp -p udp -m udp --sport 67 --dport 68 -j ACCEPT
+-A srv_dhcp -p udp -m udp --sport 67 --dport 67 -j ACCEPT
+-A srv_dhcp -j RETURN
+-A srv_dns_in -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_dns_in -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_dns_in -j RETURN
+-A srv_dns_out -p udp -m udp --sport 53 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_dns_out -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_dns_out -j RETURN
+-A srv_git_in -p tcp -m tcp --sport 1024:65535 --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_git_in -j RETURN
+-A srv_git_out -p tcp -m tcp --sport 9418 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_git_out -j RETURN
+-A srv_http_in -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_http_in -j RETURN
+-A srv_http_out -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_http_out -j RETURN
+-A srv_https_in -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_https_in -j RETURN
+-A srv_https_out -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_https_out -j RETURN
+-A srv_icmp -p icmp -j ACCEPT
+-A srv_icmp -j RETURN
+-A srv_rip -p udp -m udp --sport 520 --dport 520 -j ACCEPT
+-A srv_rip -j RETURN
+-A srv_ssh_in -p tcp -m tcp --dport 2222 -m state --state NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource -j ACCEPT
+-A srv_ssh_in -p tcp -m tcp --dport 2222 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j LOG --log-prefix "BLOCKED IP DROP SSH"
+-A srv_ssh_in -p tcp -m tcp --dport 2222 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j DROP
+-A srv_ssh_in -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state ESTABLISHED -j ACCEPT
+-A srv_ssh_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource -j ACCEPT
+-A srv_ssh_in -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j LOG --log-prefix "BLOCKED IP DROP SSH"
+-A srv_ssh_in -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j DROP
+-A srv_ssh_in -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state ESTABLISHED -j ACCEPT
+-A srv_ssh_in -j RETURN
+-A srv_ssh_out -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A srv_ssh_out -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A srv_ssh_out -j RETURN
+COMMIT
+# Completed on Wed Jun 26 15:44:59 2019
diff --git a/core/conf/iptables/client.v4 b/core/conf/iptables/client.v4
new file mode 100644
index 0000000..91b564d
--- /dev/null
+++ b/core/conf/iptables/client.v4
@@ -0,0 +1,211 @@
+# Generated by iptables-save v1.8.3 on Thu Jun 20 20:34:21 2019
+*security
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+# Completed on Thu Jun 20 20:34:21 2019
+# Generated by iptables-save v1.8.3 on Thu Jun 20 20:34:21 2019
+*raw
+:PREROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+# Completed on Thu Jun 20 20:34:21 2019
+# Generated by iptables-save v1.8.3 on Thu Jun 20 20:34:21 2019
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+COMMIT
+# Completed on Thu Jun 20 20:34:21 2019
+# Generated by iptables-save v1.8.3 on Thu Jun 20 20:34:21 2019
+*mangle
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+COMMIT
+# Completed on Thu Jun 20 20:34:21 2019
+# Generated by iptables-save v1.8.3 on Thu Jun 20 20:34:21 2019
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT DROP [0:0]
+:blocker - [0:0]
+:cli_dns_in - [0:0]
+:cli_dns_out - [0:0]
+:cli_ftp_in - [0:0]
+:cli_ftp_out - [0:0]
+:cli_git_in - [0:0]
+:cli_git_out - [0:0]
+:cli_gpg_in - [0:0]
+:cli_gpg_out - [0:0]
+:cli_http_in - [0:0]
+:cli_http_out - [0:0]
+:cli_https_in - [0:0]
+:cli_https_out - [0:0]
+:cli_irc_in - [0:0]
+:cli_irc_out - [0:0]
+:cli_pops_in - [0:0]
+:cli_pops_out - [0:0]
+:cli_smtps_in - [0:0]
+:cli_smtps_out - [0:0]
+:cli_ssh_in - [0:0]
+:cli_ssh_out - [0:0]
+:srv_db_in - [0:0]
+:srv_db_out - [0:0]
+:srv_dhcp - [0:0]
+:srv_dns_in - [0:0]
+:srv_dns_out - [0:0]
+:srv_git_in - [0:0]
+:srv_git_out - [0:0]
+:srv_http_in - [0:0]
+:srv_http_out - [0:0]
+:srv_https_in - [0:0]
+:srv_https_out - [0:0]
+:srv_icmp - [0:0]
+:srv_rip - [0:0]
+:srv_ssh_in - [0:0]
+:srv_ssh_out - [0:0]
+-A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
+-A INPUT -j blocker
+-A INPUT -i wlp9s0 -j cli_dns_in
+-A INPUT -i wlp9s0 -j cli_http_in
+-A INPUT -i wlp9s0 -j cli_https_in
+-A INPUT -i wlp9s0 -j cli_git_in
+-A INPUT -i wlp9s0 -j cli_ssh_in
+-A INPUT -i wlp9s0 -j srv_icmp
+-A INPUT -i wlp9s0 -j cli_pops_in
+-A INPUT -i wlp9s0 -j cli_smtps_in
+-A INPUT -i wlp9s0 -j cli_irc_in
+-A INPUT -i wlp9s0 -j cli_ftp_in
+-A INPUT -i wlp9s0 -j cli_gpg_in
+-A INPUT -j LOG --log-prefix "iptables: INPUT: " --log-level 7
+-A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7
+-A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -o lo -j ACCEPT
+-A OUTPUT -j blocker
+-A OUTPUT -o wlp9s0 -j cli_dns_out
+-A OUTPUT -o wlp9s0 -j cli_https_out
+-A OUTPUT -o wlp9s0 -j cli_ssh_out
+-A OUTPUT -o wlp9s0 -j cli_git_out
+-A OUTPUT -o wlp9s0 -j cli_git_out
+-A OUTPUT -o wlp9s0 -j srv_icmp
+-A OUTPUT -o wlp9s0 -j cli_pops_out
+-A OUTPUT -o wlp9s0 -j cli_smtps_out
+-A OUTPUT -o wlp9s0 -j cli_irc_out
+-A OUTPUT -o wlp9s0 -j cli_ftp_out
+-A OUTPUT -o wlp9s0 -j cli_gpg_out
+-A OUTPUT -o wlp9s0 -p udp -m udp --sport 1024:65511 --dport 1024:65535 -j ACCEPT
+-A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7
+-A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop sync: " --log-level 7
+-A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
+-A blocker -f -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop frag: "
+-A blocker -f -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop null: "
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
+-A blocker -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop syn rst syn rs"
+-A blocker -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop xmas: "
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop fin scan: "
+-A blocker -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
+-A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
+-A blocker -j RETURN
+-A cli_dns_in -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT
+-A cli_dns_in -j RETURN
+-A cli_dns_out -p udp -m udp --sport 1024:65535 --dport 53 -j ACCEPT
+-A cli_dns_out -j RETURN
+-A cli_ftp_in -p tcp -m tcp --sport 21 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_ftp_in -p tcp -m tcp --sport 20 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A cli_ftp_in -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_ftp_in -j RETURN
+-A cli_ftp_out -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_ftp_out -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT
+-A cli_ftp_out -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A cli_ftp_out -j RETURN
+-A cli_git_in -p tcp -m tcp --sport 9418 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_git_in -j RETURN
+-A cli_git_out -p tcp -m tcp --sport 1024:65535 --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_git_out -j RETURN
+-A cli_gpg_in -p tcp -m tcp --sport 11371 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_gpg_in -j RETURN
+-A cli_gpg_out -p tcp -m tcp --sport 1024:65535 --dport 11371 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_gpg_out -j RETURN
+-A cli_http_in -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_http_in -p udp -m udp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_http_in -j RETURN
+-A cli_http_out -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_http_out -p udp -m udp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_http_out -j RETURN
+-A cli_https_in -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_https_in -p udp -m udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_https_in -j RETURN
+-A cli_https_out -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_https_out -p udp -m udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_https_out -j RETURN
+-A cli_irc_in -p tcp -m tcp --sport 6667 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_irc_in -j RETURN
+-A cli_irc_out -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_irc_out -j RETURN
+-A cli_pops_in -p tcp -m tcp --sport 995 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_pops_in -j RETURN
+-A cli_pops_out -p tcp -m tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_pops_out -j RETURN
+-A cli_smtps_in -p tcp -m tcp --sport 465 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_smtps_in -j RETURN
+-A cli_smtps_out -p tcp -m tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_smtps_out -j RETURN
+-A cli_ssh_in -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_ssh_in -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A cli_ssh_in -j RETURN
+-A cli_ssh_out -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_ssh_out -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A cli_ssh_out -j RETURN
+-A srv_db_in -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_db_in -j RETURN
+-A srv_db_out -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A srv_db_out -j RETURN
+-A srv_dhcp -p udp -m udp --sport 68 --dport 67 -j ACCEPT
+-A srv_dhcp -p udp -m udp --sport 67 --dport 68 -j ACCEPT
+-A srv_dhcp -p udp -m udp --sport 67 --dport 67 -j ACCEPT
+-A srv_dhcp -j RETURN
+-A srv_dns_in -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_dns_in -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_dns_in -j RETURN
+-A srv_dns_out -p udp -m udp --sport 53 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_dns_out -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_dns_out -j RETURN
+-A srv_git_in -p tcp -m tcp --sport 1024:65535 --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_git_in -j RETURN
+-A srv_git_out -p tcp -m tcp --sport 9418 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_git_out -j RETURN
+-A srv_http_in -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_http_in -j RETURN
+-A srv_http_out -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_http_out -j RETURN
+-A srv_https_in -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A srv_https_in -j RETURN
+-A srv_https_out -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A srv_https_out -j RETURN
+-A srv_icmp -p icmp -j ACCEPT
+-A srv_icmp -j RETURN
+-A srv_rip -p udp -m udp --sport 520 --dport 520 -j ACCEPT
+-A srv_rip -j RETURN
+-A srv_ssh_in -p tcp -m tcp --dport 2222 -m state --state NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource -j ACCEPT
+-A srv_ssh_in -p tcp -m tcp --dport 2222 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j LOG --log-prefix "BLOCKED IP DROP SSH"
+-A srv_ssh_in -p tcp -m tcp --dport 2222 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j DROP
+-A srv_ssh_in -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state ESTABLISHED -j ACCEPT
+-A srv_ssh_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource -j ACCEPT
+-A srv_ssh_in -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j LOG --log-prefix "BLOCKED IP DROP SSH"
+-A srv_ssh_in -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j DROP
+-A srv_ssh_in -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state ESTABLISHED -j ACCEPT
+-A srv_ssh_in -j RETURN
+-A srv_ssh_out -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A srv_ssh_out -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A srv_ssh_out -j RETURN
+COMMIT
+# Completed on Thu Jun 20 20:34:21 2019
diff --git a/core/conf/iptables/ipt-bridge.sh b/core/conf/iptables/ipt-bridge.sh
index cd93687..6dbeb87 100644
--- a/core/conf/iptables/ipt-bridge.sh
+++ b/core/conf/iptables/ipt-bridge.sh
@@ -67,12 +67,12 @@ $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -p tcp  --sport 3030 --dport 1024:65535 -
 $IPT -A INPUT -i ${BR_IF} -j srv_dhcp
 $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_dns_in
 $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_icmp
+$IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_ssh_in
 
 $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${DNS} -j cli_dns_in
 $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_https_in
 $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_git_in
 $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -j cli_ssh_in
-$IPT -A INPUT -i ${BR_IF} -m physdev --physdev-in tap3 -d ${PUB_IP} -j srv_ssh_in
 
 #$IPT -A INPUT -i ${BR_IF} -m physdev --physdev-in ${WIFI_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_icmp
 #$IPT -A INPUT -i ${WIFI_IF} -d ${PUB_IP} -s ${WIFI_NET} -j srv_dns_in
@@ -133,4 +133,4 @@ $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_http_out
 ## log everything else and drop
 ipt_log
 
-iptables-save > bridge.v4
+iptables-save > /etc/iptables/bridge.v4
diff --git a/core/conf/iptables/ipt-client.sh b/core/conf/iptables/ipt-client.sh
new file mode 100644
index 0000000..65df9e4
--- /dev/null
+++ b/core/conf/iptables/ipt-client.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+echo "setting client network..."
+source ipt-conf.sh
+source ipt-firewall.sh
+ipt_clear
+ipt_tables
+
+# Unlimited on loopback
+$IPT -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
+$IPT -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
+
+####### Input Chain ######
+$IPT -A INPUT -j blocker
+
+$IPT -A INPUT -i ${PUB_IF} -j cli_dns_in
+$IPT -A INPUT -i ${PUB_IF} -j cli_http_in
+$IPT -A INPUT -i ${PUB_IF} -j cli_https_in
+$IPT -A INPUT -i ${PUB_IF} -j cli_git_in
+$IPT -A INPUT -i ${PUB_IF} -j cli_ssh_in
+$IPT -A INPUT -i ${PUB_IF} -j srv_icmp
+$IPT -A INPUT -i ${PUB_IF} -j cli_pops_in
+$IPT -A INPUT -i ${PUB_IF} -j cli_smtps_in
+$IPT -A INPUT -i ${PUB_IF} -j cli_irc_in
+$IPT -A INPUT -i ${PUB_IF} -j cli_ftp_in
+$IPT -A INPUT -i ${PUB_IF} -j cli_gpg_in
+$IPT -A INPUT -i ${PUB_IF} -p udp --sport 520 --dport 520 -j ACCEPT
+
+
+####### Output Chain ######
+$IPT -A OUTPUT -j blocker
+
+$IPT -A OUTPUT -o ${PUB_IF} -j cli_dns_out
+$IPT -A OUTPUT -o ${PUB_IF} -j cli_https_out
+$IPT -A OUTPUT -o ${PUB_IF} -j cli_ssh_out
+$IPT -A OUTPUT -o ${PUB_IF} -j cli_git_out
+$IPT -A OUTPUT -o ${PUB_IF} -j cli_git_out
+$IPT -A OUTPUT -o ${PUB_IF} -j srv_icmp
+$IPT -A OUTPUT -o ${PUB_IF} -j cli_pops_out
+$IPT -A OUTPUT -o ${PUB_IF} -j cli_smtps_out
+$IPT -A OUTPUT -o ${PUB_IF} -j cli_irc_out
+$IPT -A OUTPUT -o ${PUB_IF} -j cli_ftp_out
+$IPT -A OUTPUT -o ${PUB_IF} -j cli_gpg_out
+$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:655335 --dport 1024:65535 -j ACCEPT
+
+## log everything else and drop
+ipt_log
+iptables-save > /etc/iptables/client.v4
diff --git a/core/conf/iptables/ipt-conf.sh b/core/conf/iptables/ipt-conf.sh
index c3dac16..dcea837 100644
--- a/core/conf/iptables/ipt-conf.sh
+++ b/core/conf/iptables/ipt-conf.sh
@@ -5,19 +5,23 @@ IPT="/usr/sbin/iptables"
 SPAMLIST="blockedip"
 SPAMDROPMSG="BLOCKED IP DROP"
 
-# public interface to network/internet
+# bridge interface with interface facing gateway
 BR_IF="br0"
+# bridge ip network address
 BR_NET="10.0.0.0/8"
+# network gateway
 GW="10.0.0.1"
-#GW="10.0.0.2"
-#DNS="10.0.0.254"
+# external dns
 DNS="212.55.154.174"
-#DNS="8.8.8.8"
 
+# static machine ip address
 PUB_IP="10.0.0.254"
+
+# public interface facing gateway
 PUB_IF="enp8s0"
 
-# private interface for virtual/internal
+# wifi interface
 WIFI_IF="wlp7s0"
-#WIFI_NET="192.168.1.0/24"
+
+# static wifi ip network address
 WIFI_NET="10.0.0.0/8"
diff --git a/core/conf/iptables/ipt-open.sh b/core/conf/iptables/ipt-open.sh
deleted file mode 100644
index 3ef1254..0000000
--- a/core/conf/iptables/ipt-open.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/bash
-
-echo "setting client network..."
-source ipt-conf.sh
-source ipt-firewall.sh
-ipt_clear
-ipt_tables
-
-# Unlimited on loopback
-$IPT -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-$IPT -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-
-####### Input Chain ######
-$IPT -A INPUT -j blocker
-
-$IPT -A INPUT -i ${PUB_IF} -j cli_dns_in
-$IPT -A INPUT -i ${PUB_IF} -j cli_http_in
-$IPT -A INPUT -i ${PUB_IF} -j cli_https_in
-$IPT -A INPUT -i ${PUB_IF} -j cli_git_in
-$IPT -A INPUT -i ${PUB_IF} -j cli_ssh_in
-$IPT -A INPUT -i ${PUB_IF} -j srv_icmp
-$IPT -A INPUT -i ${PUB_IF} -j cli_pops_in
-$IPT -A INPUT -i ${PUB_IF} -j cli_smtps_in
-$IPT -A INPUT -i ${PUB_IF} -j cli_irc_in
-$IPT -A INPUT -i ${PUB_IF} -j cli_ftp_in
-$IPT -A INPUT -i ${PUB_IF} -j cli_gpg_in
-
-
-####### Output Chain ######
-$IPT -A OUTPUT -j blocker
-
-$IPT -A OUTPUT -o ${PUB_IF} -j cli_dns_out
-$IPT -A OUTPUT -o ${PUB_IF} -j cli_https_out
-$IPT -A OUTPUT -o ${PUB_IF} -j cli_ssh_out
-$IPT -A OUTPUT -o ${PUB_IF} -j cli_git_out
-$IPT -A OUTPUT -o ${PUB_IF} -j cli_git_out
-$IPT -A OUTPUT -o ${PUB_IF} -j srv_icmp
-$IPT -A OUTPUT -o ${PUB_IF} -j cli_pops_out
-$IPT -A OUTPUT -o ${PUB_IF} -j cli_smtps_out
-$IPT -A OUTPUT -o ${PUB_IF} -j cli_irc_out
-$IPT -A OUTPUT -o ${PUB_IF} -j cli_ftp_out
-$IPT -A OUTPUT -o ${PUB_IF} -j cli_gpg_out
-
-## log everything else and drop
-ipt_log
-
-iptables-save > open.v4
diff --git a/core/conf/iptables/ipt-server.sh b/core/conf/iptables/ipt-server.sh
index 370db60..e557193 100644
--- a/core/conf/iptables/ipt-server.sh
+++ b/core/conf/iptables/ipt-server.sh
@@ -43,4 +43,4 @@ $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -j srv_git_out
 ## log everything else and drop
 ipt_log
 
-iptables-save > server.v4
+iptables-save > /etc/iptables/server.v4
diff --git a/core/conf/iptables/open.v4 b/core/conf/iptables/open.v4
deleted file mode 100644
index 30e476d..0000000
--- a/core/conf/iptables/open.v4
+++ /dev/null
@@ -1,210 +0,0 @@
-# Generated by iptables-save v1.8.2 on Sat Jun  8 23:05:15 2019
-*security
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-# Completed on Sat Jun  8 23:05:15 2019
-# Generated by iptables-save v1.8.2 on Sat Jun  8 23:05:15 2019
-*raw
-:PREROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-# Completed on Sat Jun  8 23:05:15 2019
-# Generated by iptables-save v1.8.2 on Sat Jun  8 23:05:15 2019
-*nat
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-COMMIT
-# Completed on Sat Jun  8 23:05:15 2019
-# Generated by iptables-save v1.8.2 on Sat Jun  8 23:05:15 2019
-*mangle
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-COMMIT
-# Completed on Sat Jun  8 23:05:15 2019
-# Generated by iptables-save v1.8.2 on Sat Jun  8 23:05:15 2019
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT DROP [0:0]
-:blocker - [0:0]
-:cli_dns_in - [0:0]
-:cli_dns_out - [0:0]
-:cli_ftp_in - [0:0]
-:cli_ftp_out - [0:0]
-:cli_git_in - [0:0]
-:cli_git_out - [0:0]
-:cli_gpg_in - [0:0]
-:cli_gpg_out - [0:0]
-:cli_http_in - [0:0]
-:cli_http_out - [0:0]
-:cli_https_in - [0:0]
-:cli_https_out - [0:0]
-:cli_irc_in - [0:0]
-:cli_irc_out - [0:0]
-:cli_pops_in - [0:0]
-:cli_pops_out - [0:0]
-:cli_smtps_in - [0:0]
-:cli_smtps_out - [0:0]
-:cli_ssh_in - [0:0]
-:cli_ssh_out - [0:0]
-:srv_db_in - [0:0]
-:srv_db_out - [0:0]
-:srv_dhcp - [0:0]
-:srv_dns_in - [0:0]
-:srv_dns_out - [0:0]
-:srv_git_in - [0:0]
-:srv_git_out - [0:0]
-:srv_http_in - [0:0]
-:srv_http_out - [0:0]
-:srv_https_in - [0:0]
-:srv_https_out - [0:0]
-:srv_icmp - [0:0]
-:srv_rip - [0:0]
-:srv_ssh_in - [0:0]
-:srv_ssh_out - [0:0]
--A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
--A INPUT -j blocker
--A INPUT -i wlp9s0 -j cli_dns_in
--A INPUT -i wlp9s0 -j cli_http_in
--A INPUT -i wlp9s0 -j cli_https_in
--A INPUT -i wlp9s0 -j cli_git_in
--A INPUT -i wlp9s0 -j cli_ssh_in
--A INPUT -i wlp9s0 -j srv_icmp
--A INPUT -i wlp9s0 -j cli_pops_in
--A INPUT -i wlp9s0 -j cli_smtps_in
--A INPUT -i wlp9s0 -j cli_irc_in
--A INPUT -i wlp9s0 -j cli_ftp_in
--A INPUT -i wlp9s0 -j cli_gpg_in
--A INPUT -j LOG --log-prefix "iptables: INPUT: " --log-level 7
--A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7
--A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -o lo -j ACCEPT
--A OUTPUT -j blocker
--A OUTPUT -o wlp9s0 -j cli_dns_out
--A OUTPUT -o wlp9s0 -j cli_https_out
--A OUTPUT -o wlp9s0 -j cli_ssh_out
--A OUTPUT -o wlp9s0 -j cli_git_out
--A OUTPUT -o wlp9s0 -j cli_git_out
--A OUTPUT -o wlp9s0 -j srv_icmp
--A OUTPUT -o wlp9s0 -j cli_pops_out
--A OUTPUT -o wlp9s0 -j cli_smtps_out
--A OUTPUT -o wlp9s0 -j cli_irc_out
--A OUTPUT -o wlp9s0 -j cli_ftp_out
--A OUTPUT -o wlp9s0 -j cli_gpg_out
--A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7
--A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop sync: " --log-level 7
--A blocker -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
--A blocker -f -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop frag: "
--A blocker -f -j DROP
--A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
--A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
--A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop null: "
--A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
--A blocker -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop syn rst syn rs"
--A blocker -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
--A blocker -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop xmas: "
--A blocker -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
--A blocker -p tcp -m tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop fin scan: "
--A blocker -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
--A blocker -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
--A blocker -j RETURN
--A cli_dns_in -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT
--A cli_dns_in -j RETURN
--A cli_dns_out -p udp -m udp --sport 1024:65535 --dport 53 -j ACCEPT
--A cli_dns_out -j RETURN
--A cli_ftp_in -p tcp -m tcp --sport 21 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_ftp_in -p tcp -m tcp --sport 20 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A cli_ftp_in -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_ftp_in -j RETURN
--A cli_ftp_out -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_ftp_out -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT
--A cli_ftp_out -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A cli_ftp_out -j RETURN
--A cli_git_in -p tcp -m tcp --sport 9418 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_git_in -j RETURN
--A cli_git_out -p tcp -m tcp --sport 1024:65535 --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_git_out -j RETURN
--A cli_gpg_in -p tcp -m tcp --sport 11371 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_gpg_in -j RETURN
--A cli_gpg_out -p tcp -m tcp --sport 1024:65535 --dport 11371 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_gpg_out -j RETURN
--A cli_http_in -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_http_in -p udp -m udp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_http_in -j RETURN
--A cli_http_out -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_http_out -p udp -m udp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_http_out -j RETURN
--A cli_https_in -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_https_in -p udp -m udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_https_in -j RETURN
--A cli_https_out -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_https_out -p udp -m udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_https_out -j RETURN
--A cli_irc_in -p tcp -m tcp --sport 6667 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_irc_in -j RETURN
--A cli_irc_out -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_irc_out -j RETURN
--A cli_pops_in -p tcp -m tcp --sport 995 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_pops_in -j RETURN
--A cli_pops_out -p tcp -m tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_pops_out -j RETURN
--A cli_smtps_in -p tcp -m tcp --sport 465 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_smtps_in -j RETURN
--A cli_smtps_out -p tcp -m tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_smtps_out -j RETURN
--A cli_ssh_in -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_ssh_in -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A cli_ssh_in -j RETURN
--A cli_ssh_out -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_ssh_out -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
--A cli_ssh_out -j RETURN
--A srv_db_in -p tcp -m tcp --sport 1024:65535 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
--A srv_db_in -j RETURN
--A srv_db_out -p tcp -m tcp --sport 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A srv_db_out -j RETURN
--A srv_dhcp -p udp -m udp --sport 68 --dport 67 -j ACCEPT
--A srv_dhcp -p udp -m udp --sport 67 --dport 68 -j ACCEPT
--A srv_dhcp -p udp -m udp --sport 67 --dport 67 -j ACCEPT
--A srv_dhcp -j RETURN
--A srv_dns_in -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
--A srv_dns_in -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
--A srv_dns_in -j RETURN
--A srv_dns_out -p udp -m udp --sport 53 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A srv_dns_out -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A srv_dns_out -j RETURN
--A srv_git_in -p tcp -m tcp --sport 1024:65535 --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT
--A srv_git_in -j RETURN
--A srv_git_out -p tcp -m tcp --sport 9418 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A srv_git_out -j RETURN
--A srv_http_in -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
--A srv_http_in -j RETURN
--A srv_http_out -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A srv_http_out -j RETURN
--A srv_https_in -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
--A srv_https_in -j RETURN
--A srv_https_out -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A srv_https_out -j RETURN
--A srv_icmp -p icmp -j ACCEPT
--A srv_icmp -j RETURN
--A srv_rip -p udp -m udp --sport 520 --dport 520 -j ACCEPT
--A srv_rip -j RETURN
--A srv_ssh_in -p tcp -m tcp --dport 2222 -m state --state NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource -j ACCEPT
--A srv_ssh_in -p tcp -m tcp --dport 2222 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j LOG --log-prefix "BLOCKED IP DROP SSH"
--A srv_ssh_in -p tcp -m tcp --dport 2222 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j DROP
--A srv_ssh_in -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state ESTABLISHED -j ACCEPT
--A srv_ssh_in -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource -j ACCEPT
--A srv_ssh_in -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j LOG --log-prefix "BLOCKED IP DROP SSH"
--A srv_ssh_in -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --mask 255.255.255.255 --rsource -j DROP
--A srv_ssh_in -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state ESTABLISHED -j ACCEPT
--A srv_ssh_in -j RETURN
--A srv_ssh_out -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A srv_ssh_out -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--A srv_ssh_out -j RETURN
-COMMIT
-# Completed on Sat Jun  8 23:05:15 2019
diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables
index cc7c765..f8b7881 100644
--- a/core/conf/rc.d/iptables
+++ b/core/conf/rc.d/iptables
@@ -1,35 +1,31 @@
+#!/bin/bash
 
 IPT="/usr/sbin/iptables"
-TYPE=bridge
+#TYPE=bridge
 #TYPE=server
-#TYPE=open
+TYPE=open
+#TYPE=client
 
-echo "clear all iptables tables"
+clear_ipt() {
 
-${IPT} -F
-${IPT} -X
-${IPT} -t nat -F
-${IPT} -t nat -X
-${IPT} -t mangle -F
-${IPT} -t mangle -X
-${IPT} -t raw -F
-${IPT} -t raw -X
-${IPT} -t security -F
-${IPT} -t security -X
+	${IPT} -F
+	${IPT} -X
+	${IPT} -t nat -F
+	${IPT} -t nat -X
+	${IPT} -t mangle -F
+	${IPT} -t mangle -X
+	${IPT} -t raw -F
+	${IPT} -t raw -X
+	${IPT} -t security -F
+	${IPT} -t security -X
 
-# Set Default Rules
-${IPT} -P INPUT DROP
-${IPT} -P FORWARD DROP
-${IPT} -P OUTPUT DROP
-
-${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
-${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
+}
 
 case $1 in
 	start)
             case $TYPE in
                 bridge)
-
+		    clear_ipt
                     echo "setting bridge network..."
                     echo 1 > /proc/sys/net/ipv4/ip_forward
 
@@ -38,23 +34,63 @@ case $1 in
 
    		;;
 		server)
-
+		    clear_ipt
                     echo "setting server network..."
                     ## load server configuration
                     iptables-restore /etc/iptables/server.v4
 
 		;;
-		open)
-
+		client)
+		    clear_ipt
                     echo "setting client network..."
                     ## load client configuration
-                    iptables-restore /etc/iptables/open.v4
+                    iptables-restore /etc/iptables/client.v4
+		;;
+		open)
+		    clear_ipt
+                    echo "setting open network..."
+                    ## load client configuration
+
+			${IPT} -P INPUT DROP
+			${IPT} -P FORWARD DROP
+			${IPT} -P OUTPUT ACCEPT
+
+			${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
+			${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
+
+			${IPT} -A INPUT -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
+			${IPT} -A INPUT -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+			${IPT} -A OUTPUT  -j ACCEPT
+
+			${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
+			${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
+			#${IPT} -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
+
 
 		;;
 	    esac
 	;;
         stop)
+		echo "clear all iptables tables"
+		clear_ipt
+		# Set Default Rules
+		${IPT} -P INPUT DROP
+		${IPT} -P FORWARD DROP
+		${IPT} -P OUTPUT DROP
+
+		${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
+		${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
+		${IPT} -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
 
+
+	;;
+	restart)
+		clear_ipt
+        	$0 start
+        ;;
+	status)
+		${IPT} -v
 	;;
 	*)
 	    echo "Usage: $0 [start|stop]"
diff --git a/core/conf/skel/.bashrc b/core/conf/skel/.bashrc
index 88cf24c..55d1c78 100644
--- a/core/conf/skel/.bashrc
+++ b/core/conf/skel/.bashrc
@@ -22,12 +22,14 @@ HISTSIZE=1000
 HISTFILESIZE=2000
 
 
+alias diff='diff --color=auto'
+alias grep='grep --color=auto'
+alias ls='ls -ph --color=auto'
 alias rm='rm -i'
 #alias cp='cp -i'
 alias mv='mv -i'
 # Prevents accidentally clobbering files.
 alias mkdir='mkdir -p'
-
 alias h='history'
 alias hg='history | grep'
 alias j='jobs -l'
-- 
cgit 1.4.1-2-gfad0


From b5f3610fc765c2ac08a4029460f90265f37b9dfa Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Wed, 26 Jun 2019 18:00:30 +0100
Subject: core and tools iptables fix

---
 core/network.html  | 17 +++++++++++++----
 tools/network.html |  3 ---
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/core/network.html b/core/network.html
index 4a412ad..4838122 100644
--- a/core/network.html
+++ b/core/network.html
@@ -14,10 +14,10 @@
 
         <dl>
             <dt><a href="conf/rc.d/iptables">/etc/rc.d/iptables</a></dt>
-            <dd>Configure <a href="#iptables">iptables</a>, start option
-            loads set of rules from file /etc/iptables/net.v4, open option
+            <dd>Configure <a href="#iptables">iptables</a>, "start" option
+            loads set of rules from file /etc/iptables/(name).v4, "open" option
             allows everything to outside and blocks everything from outside,
-            stop will block and log everything.</dd>
+            "stop" option will block and log everything.</dd>
             <dt><a href="conf/rc.d/net">/etc/rc.d/net</a></dt>
             <dd>Configure Ethernet interface with static or dynamic (dhcp)
             IP, set default route and add default gateway.</dd>
@@ -283,7 +283,7 @@
 
         <pre>
         # mkdir /etc/iptables
-        # cp core/conf/iptables/net.v4 /etc/iptables/
+        # cp core/conf/iptables/*.sh /etc/iptables/
         # cp core/conf/rc.d/iptables /etc/rc.d/
         # chmod +x /etc/rc.d/iptables
         </pre>
@@ -300,6 +300,15 @@
         with your network configuration, and adjust
         <a href="conf/ipt-server.sh">/etc/iptables/ipt-server.sh</a>, <a href="conf/ipt-bridge.sh">/etc/iptables/ipt-bridge.sh</a>, <a href="conf/ipt-open.sh">/etc/iptables/ipt-open.sh</a> according with host necessities.</p>
 
+        <p>When is everything configured run script to load the rules and save them on /etc/iptables. Example for bridge setup;</p>
+
+        <pre>
+        # cd /etc/iptables
+        # bash ipt-bridge.sh
+        </pre>
+
+        <p>From now on use /etc/rc.d/iptables to start and stop.<p>
+
         <h2 id="wpa">2.2.4. Wpa and dhcpd</h2>
 
         <p>There is more information on
diff --git a/tools/network.html b/tools/network.html
index 0fad69e..6b08e78 100644
--- a/tools/network.html
+++ b/tools/network.html
@@ -71,9 +71,6 @@
         # bash ipt-bridge.sh
         </pre>
 
-        <p>Copy bridge.v4 to /etc/iptables and restart 
-        iptables.</p>
-
         <a href="index.html">Tools Index</a>
         <p>This is part of the Hive System Documentation.
         Copyright (C) 2019
-- 
cgit 1.4.1-2-gfad0


From 8527dd081b4cdcca07e1477b742eaa2e1218f62f Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Wed, 26 Jun 2019 18:01:19 +0100
Subject: tools x change ctrl alt f to just alt f

---
 tools/x.html | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/tools/x.html b/tools/x.html
index 3efaf7a..45e74c4 100644
--- a/tools/x.html
+++ b/tools/x.html
@@ -11,7 +11,7 @@
         <h1>X</h1>
 
 
-        <h2>Install</h2>
+        <h2 id="install">Install</h2>
 
 
         <h3>Xorg</h3>
@@ -99,7 +99,7 @@
         fi
         </pre>
 
-        <h3 id="confkeyboard">Global keyboard config </h3>
+        <h3 id="confkeyboard">Keyboard config</h3>
 
 	<p>Xorg global default keyboard configuration; <a href="conf/etc/X11/xorg.conf.d/10-keyboard.conf">/etc/X11/xorg.conf.d/10-keyboard.conf</a></p>
 
@@ -169,7 +169,28 @@
         EndSection
         </pre>
 
-        <h2>Window Managers</h2>
+        <h3>Change tty with ALT+F[N]</h3>
+
+        <p>Default tty change keyboard mappings is defined on
+        file /usr/share/X11/xkb/symbols/srvr_ctrl;</p>
+
+        <pre>
+       key <FK01> {
+               type="CTRL+ALT",
+               symbols[Group1]= [ F1, F1, F1, F1, XF86_Switch_VT_1 ]
+       };
+        </pre>
+
+        <p>Change to;</p>
+
+        <pre>
+	key <FK01> {
+	    type="PC_ALT_LEVEL2",
+	    symbols[Group1]= [ F1, XF86_Switch_VT_1 ]
+	};
+	</pre>
+
+        <h2 id="wm">Window Managers</h2>
 
         <h3>Spectrwm</h3>
 
-- 
cgit 1.4.1-2-gfad0


From b0c241f112e1e50a2910249cfe66c1648ba2f3fa Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Fri, 28 Jun 2019 03:54:24 +0100
Subject: core iptables bridge revision

---
 core/conf/iptables/bridge.v4     | 35 +++++++++++++++++++----------------
 core/conf/iptables/ipt-bridge.sh |  4 +++-
 2 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/core/conf/iptables/bridge.v4 b/core/conf/iptables/bridge.v4
index 35bfef4..4930262 100644
--- a/core/conf/iptables/bridge.v4
+++ b/core/conf/iptables/bridge.v4
@@ -1,34 +1,34 @@
-# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019
+# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019
 *security
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 COMMIT
-# Completed on Wed Jun 26 15:44:59 2019
-# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019
+# Completed on Fri Jun 28 01:22:10 2019
+# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019
 *raw
-:PREROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
+:PREROUTING ACCEPT [2:80]
+:OUTPUT ACCEPT [3:4544]
 COMMIT
-# Completed on Wed Jun 26 15:44:59 2019
-# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019
+# Completed on Fri Jun 28 01:22:10 2019
+# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019
 *nat
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
 COMMIT
-# Completed on Wed Jun 26 15:44:59 2019
-# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019
+# Completed on Fri Jun 28 01:22:10 2019
+# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019
 *mangle
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
+:PREROUTING ACCEPT [2:80]
+:INPUT ACCEPT [2:80]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [3:4544]
+:POSTROUTING ACCEPT [2:2292]
 COMMIT
-# Completed on Wed Jun 26 15:44:59 2019
-# Generated by iptables-save v1.8.2 on Wed Jun 26 15:44:59 2019
+# Completed on Fri Jun 28 01:22:10 2019
+# Generated by iptables-save v1.8.2 on Fri Jun 28 01:22:10 2019
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
@@ -91,6 +91,9 @@ COMMIT
 -A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_ssh_in
 -A FORWARD -d 10.0.0.4/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j srv_git_in
 -A FORWARD -i br0 -o br0 -p tcp -m physdev --physdev-in enp8s0 -m tcp --sport 443 --dport 1024:65535 -j ACCEPT
+-A FORWARD -d 10.0.0.3/32 -i br0 -o br0 -m physdev --physdev-in enp8s0 -j cli_http_in
+-A FORWARD -i br0 -o br0 -p udp -m udp --sport 520 --dport 519 -j DROP
+-A FORWARD -i br0 -o br0 -p udp -m udp --sport 520 --dport 520 -j DROP
 -A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7
 -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -o lo -j ACCEPT
 -A OUTPUT -s 10.0.0.254/32 -d 10.0.0.254/32 -o lo -j ACCEPT
@@ -217,4 +220,4 @@ COMMIT
 -A srv_ssh_out -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 -A srv_ssh_out -j RETURN
 COMMIT
-# Completed on Wed Jun 26 15:44:59 2019
+# Completed on Fri Jun 28 01:22:10 2019
diff --git a/core/conf/iptables/ipt-bridge.sh b/core/conf/iptables/ipt-bridge.sh
index 6dbeb87..694c22f 100644
--- a/core/conf/iptables/ipt-bridge.sh
+++ b/core/conf/iptables/ipt-bridge.sh
@@ -50,8 +50,10 @@ $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.
 $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.4 -j srv_git_in
 $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -p tcp --sport 443 --dport 1024:65535 -j ACCEPT
 
+$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} -d 10.0.0.3 -j cli_http_in
 ##Less noise
-#$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF}  -p udp --dport 519 --sport 520 -j DROP
+$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF}  -p udp --dport 519 --sport 520 -j DROP
+$IPT -A FORWARD -i ${BR_IF} -o ${BR_IF}  -p udp --dport 520 --sport 520 -j DROP
 
 ######## Input Chain ######
 $IPT -A INPUT -j blocker
-- 
cgit 1.4.1-2-gfad0


From 30f26ff8090ef9a5221ae3f7f6124ababf22e30f Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Sat, 8 Jun 2019 01:52:49 +0100
Subject: tools lynx revision

---
 tools/lynx.html | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tools/lynx.html b/tools/lynx.html
index 039d2fa..95a2f38 100644
--- a/tools/lynx.html
+++ b/tools/lynx.html
@@ -5,7 +5,14 @@
         <title>Lynx</title>
     </head>
     <body>
+        <a href="index.html">Tools Index</a>
         <h1>Lynx</h1>
+
+        <h2>Configuration</h2>
+
+        Default configuration is at /usr/etc/lynx.cfg
+
+        <h2>Port</h2>
         <pre>
         # Description: Text-based web browser.
         # URL: http://lynx.isc.org/
@@ -42,5 +49,12 @@
         PERSISTENT_COOKIES:FALSE
         </pre>
 
+        <a href="index.html">Tools Index</a>
+        <p>
+        This is part of the Hive System Documentation.
+        Copyright (C) 2019
+        Hive Team.
+        See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
+        for copying conditions.</p>
     </body>
 </html>
-- 
cgit 1.4.1-2-gfad0


From 21de4609ddf376d8130ed733aa1d155101a0c7da Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Sat, 8 Jun 2019 01:53:50 +0100
Subject: dev git added reset to work doc

---
 dev/git/work.html | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dev/git/work.html b/dev/git/work.html
index 7f97af5..3111eaf 100644
--- a/dev/git/work.html
+++ b/dev/git/work.html
@@ -82,6 +82,12 @@ gloga () {
     $ git rebase -i oldest_commit_to_rewrite
     </pre>
 
+    <p>Undo last commit;</p>
+
+    <pre>
+    $ git reset --soft HEAD~1
+    </pre>
+
     <h2 id="logdiff">2.2. Logs, diff commits</h2>
 
     <p>Create patch files to target branch/tag/ref;</p>
-- 
cgit 1.4.1-2-gfad0


From fe94262de38aafc839963ced9b82ee45d81b65f5 Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Fri, 28 Jun 2019 03:58:09 +0100
Subject: bumped new release

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index a4a22cc..fc376b5 100644
--- a/index.html
+++ b/index.html
@@ -38,7 +38,7 @@
         <p>Version;</p>
 
         <pre>
-        rev 0.5.3
+        rev 0.5.4
         </pre>
 
         <a href="links.html">Links</a> contains relevant
-- 
cgit 1.4.1-2-gfad0