From 836980a6f974f34d5e5f43aee7c5b5aa6a92c8a0 Mon Sep 17 00:00:00 2001
From: Silvino Silva <silvino@bk.ru>
Date: Sat, 14 Jan 2017 03:25:14 +0000
Subject: core install prepare target bug fix

---
 core/install.html | 153 +++++++++++++++++++++++-------------------------------
 1 file changed, 64 insertions(+), 89 deletions(-)

(limited to 'core')

diff --git a/core/install.html b/core/install.html
index f95910f..be98a0d 100644
--- a/core/install.html
+++ b/core/install.html
@@ -18,6 +18,13 @@
         <a href="http://crux.nu/Main/Handbook3-2">Hand book 3.2</a>,
         .</p>
 
+        <p>If you are booting from crux iso and is not your keyboard
+        layout of choice run;</p>
+
+        <pre>
+        # loadkeys dvorak
+        </pre>
+
         <h2 id="step1">1.1.1. Download Iso</h2>
 
         <a href="http://crux.nu/Main/Download">Download Page</a>
@@ -33,143 +40,114 @@
 
         <p>Prepare disk or target location where new system will
         be installed. Follow steps describe how to create efi and
-        separate partitions such as; boot, root, var, tmp,
-        usr, ports, swap and home. Information about
+        separate partitions such as;
+        bios grub, EFI, swap, boot, root, var, usr and home.
+        Information about
         <a href="http://devil-detail.blogspot.pt/2013/07/install-grub2-on-gpt-disk-dedicated-partition.html">gpt partition table</a>.
         </p>
 
+        <p>Create gpt label and set unit size to use;</p>
         <pre>
         (parted) mklabel gpt
+        (parted) unit mib
+        </pre>
+
+        <h3>bootloader</h3>
+
+        <p>Partition used by grub boot loader. Partition size 2M;</p>
+
+        <pre>
+        mkpart primary 1 3
+        name 1 grub
+        set 1 bios_grub on
         </pre>
 
         <h3>/boot/efi</h3>
 
         <p>EFI System Partition, ESP type EF00. Partition
         with between 500M and 100M is recommended for standard
-        installations.</p>
+        installations. Partition size 128M;</p>
 
         <pre>
-        (parted) mkpart ESP fat32 1MiB    120MiB
+        (parted) mkpart ESP fat32 3 131
+        (parted) name 2 boot
+        (parted) set 2 boot on
         </pre>
 
+        <h3>Swap (ram)</h3>
+
+        <p>Swap partition general advice is same size as memory ram,
+        ports system configured to build on ram need at least 34G
+        to build firefox. Other swap partitions can be added later for port
+        build on ram. Partition size 512M;</p>
+
         <pre>
-        (parted) align-check opt 1
+        (parted) mkpart primary linux-swap 131 643
+        (parted) name 3 swap
         </pre>
 
         <h3>/boot</h3>
 
-        <p>Boot partition. Partition with 1G provides
-        room for crux iso to boot directly from grub.</p>
-
-        <pre>
-        (parted) mkpart primary ext4 120MiB 1000MiB
-        </pre>
+        <p>Boot partition. Partition with 1G provide room for kernels and
+        crux iso that can be directly boot from grub (without root partition).
+        Partition size 1G;</p>
 
         <pre>
-        (parted) align-check optimal 2
+        (parted) mkpart primary ext4 643 1667
+        (parted) name 4 boot
         </pre>
 
         <h3>/</h3>
 
-        <p>Normal installation root partition uses 200MB-500MB, being
-        1G recommended. Since we have plenty of space a partition
-        with 2G will be used to host a complete backup of final installation
-        configuration.</p>
+        <p>Normal core crux installation root partition uses approximately 2G,
+        without /usr 200MB-500M. Minimum 2G is recommended. Partition size 2.4G;</p>
 
         <pre>
-        (parted) mkpart primary ext4 1000MiB 3000MiB
+        (parted) mkpart primary ext4 1667 4096
+        (parted) name 5 root
         </pre>
 
-        <pre>
-        (parted) align-check optimal 3
-        </pre>
+        <p>Core system can be installed from here, additional partitions can be
+        created now or later.</p>
 
         <h3>/var</h3>
 
-        <p>Var partition is recommended 100MiB-500MiB, we will
-        use 1G;</dd>
-
-        <pre>
-        (parted) mkpart primary ext4 3000MiB 4000MiB
-        </pre>
-
-        <pre>
-        (parted) align-check optimal 4
-        </pre>
-
-        <h3>/tmp</h3>
-
-        <p>Temp partition with 20M-50M;</dd>
-
-        <pre>
-        (parted) mkpart primary ext4 4000MiB 4050MiB
-        </pre>
+        <p>Var partition is recommended 100MiB-500MiB. Partition size 1G;</dd>
 
         <pre>
-        (parted) align-check optimal 5
+        (parted) mkpart primary ext4 4096 5120
+        (parted) name 6 var
         </pre>
 
         <h3>/usr</h3>
 
-        <p>User partition with 4G is recommended for a desktop
-        setup, we will use 8G;</dd>
-
-        <pre>
-        (parted) mkpart primary ext4 4050MiB 12000MiB
-        </pre>
+        <p>User partition with 4G-8G is recommended for a desktop setup, we will use 8G;</dd>
 
         <pre>
-        (parted) align-check optimal 6
+        (parted) mkpart primary ext4 5120 13312
+        (parted) name 7 usr
         </pre>
 
         <h3>/home</h3>
 
-        <p>Home partition with 180G;</dd>
-
-        <pre>
-        (parted) mkpart primary ext4 12000MiB 192000MiB
-        </pre>
-
-        <pre>
-        (parted) align-check optimal 7
-        </pre>
-
-        <h3>/usr/ports</h3>
-
-        <p>Ports partition with 120G allows to host sources, package
-        backups and ports;</dd>
-
-        <pre>
-        (parted) mkpart primary ext4 192000MiB 312000MiB
-        </pre>
-
-        <pre>
-        (parted) align-check optimal 8
-        </pre>
-
-        <h3>Swap (ram)</h3>
-
-        <p>Swap partition general advice is same size as memory ram,
-        ports system configured to build on ram need at least 30G
-        to build firefox. Other swap partitions can be added later for port
-        build on ram.</p>
+        <p>Home partition can have limited size for later creation of lvm or fill the rest of
+        disk space;</dd>
 
         <pre>
-        (parted) mkpart primary linux-swap 312000MiB 342000MiB
+        (parted) mkpart primary ext4 13312 -1
+        (parted) name 8 home
         </pre>
 
-        <p>Create filesystems;</p>
+        <h3>Create filesystems</h3>
 
         <pre>
-       $ export BLK_EFI=/dev/sda1
-       $ export BLK_BOOT=/dev/sda2
-       $ export BLK_ROOT=/dev/sda3
-       $ export BLK_VAR=/dev/sda4
-       $ export BLK_TMP=/dev/sda5
-       $ export BLK_USR=/dev/sda6
-       $ export BLK_HOME=/dev/sda7
-       $ export BLK_PRT=/dev/sda8
-       $ export BLK_SWAP=/dev/sda9
+       $ export BLK_EFI=/dev/sda2
+       $ export BLK_SWAP=/dev/sda3
+       $ export BLK_BOOT=/dev/sda4
+       $ export BLK_ROOT=/dev/sda5
+       $ export BLK_VAR=/dev/sda6
+       $ export BLK_USR=/dev/sda7
+       $ export BLK_HOME=/dev/sda8
         </pre>
 
         <pre>
@@ -184,10 +162,8 @@
        $ sudo mkfs.ext4 $BLK_BOOT
        $ sudo mkfs.ext4 $BLK_ROOT
        $ sudo mkfs.ext4 $BKL_VAR
-       $ sudo mkfs.ext4 $BKL_TMP
        $ sudo mkfs.ext4 $BKL_USR
        $ sudo mkfs.ext4 $BKL_HOME
-       $ sudo mkfs.ext4 $BKL_PRT
         </pre>
 
         <h2 id="step3">1.1.3. Prepare Install</h2>
@@ -222,7 +198,6 @@
         $ sudo mkdir -p $CHROOT/var/lib/pkg
 
         $ sudo mount $BLK_USR $CHROOT/usr
-        $ sudo mount $BLK_PRT $CHROOT/usr/ports
 
         $ sudo mount $BLK_HOME $CHROOT/home
         </pre>
-- 
cgit 1.4.1-2-gfad0


From 5eeb7b45275d15b5562e07cdfd6738d76b1446a9 Mon Sep 17 00:00:00 2001
From: Silvino Silva <silvino@bk.ru>
Date: Sat, 14 Jan 2017 05:27:24 +0000
Subject: network revision

---
 core/conf/rc.d/iptables         | 111 +++++++++++++-------------
 tools/conf/etc/iptables/vlan.v4 | 170 ++++++++++++++++++++++++++++++++++++++++
 tools/conf/etc/rc.d/blan        |  93 +++++++++++-----------
 tools/network.html              |  19 +----
 tools/qemu.html                 | 127 ++++++++++++++++++++----------
 5 files changed, 356 insertions(+), 164 deletions(-)
 create mode 100644 tools/conf/etc/iptables/vlan.v4

(limited to 'core')

diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables
index 3f29928..bb5cf91 100644
--- a/core/conf/rc.d/iptables
+++ b/core/conf/rc.d/iptables
@@ -3,80 +3,79 @@
 # /etc/rc.d/iptables: load/unload iptable rules
 #
 
-case $1 in
-start)
-  	echo "Starting IPv4 firewall filter table..."
-	/usr/sbin/iptables-restore < /etc/iptables/rules.v4
-	;;
-stop)
-	echo "Stopping firewall and deny everyone..."
-        iptables -F
-        iptables -X
-        iptables -t nat -F
-        iptables -t nat -X
-        iptables -t mangle -F
-        iptables -t mangle -X
-        iptables -t raw -F
-        iptables -t raw -X
-        iptables -t security -F
-        iptables -t security -X
+rules=rules.v4
+#rules=vlan.v4
+
+iptables_clear () {
+    echo "clear all iptables tables"
+    iptables -F
+    iptables -X
+    iptables -t nat -F
+    iptables -t nat -X
+    iptables -t mangle -F
+    iptables -t mangle -X
+    iptables -t raw -F
+    iptables -t raw -X
+    iptables -t security -F
+    iptables -t security -X
+}
 
+case $1 in
+    start)
+        iptables_clear
+        echo "starting IPv4 firewall filter table..."
+        /usr/sbin/iptables-restore < /etc/iptables/${rules}
+        ;;
+    stop)
+        iptables_clear
+        echo "stopping firewall and deny everyone..."
         /usr/sbin/iptables -P INPUT DROP
         /usr/sbin/iptables -P FORWARD DROP
         /usr/sbin/iptables -P OUTPUT DROP
 
-	# Unlimited on local
-	/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
-	/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
+        # Unlimited on local
+        /usr/sbin/iptables -A INPUT -i lo -j ACCEPT
+        /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
 
-	# log everything else and drop
-	/usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
-	/usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
-	/usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
+        # log everything else and drop
+        /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
+        /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
+        /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
 
-	;;
-open)
-	echo "Outgoing Open firewall and deny everyone..."
-        iptables -F
-        iptables -X
-        iptables -t nat -F
-        iptables -t nat -X
-        iptables -t mangle -F
-        iptables -t mangle -X
-        iptables -t raw -F
-        iptables -t raw -X
-        iptables -t security -F
-        iptables -t security -X
+        ;;
+    open)
+        iptables_clear
+        echo "outgoing Open firewall and deny everyone..."
 
         /usr/sbin/iptables -P INPUT DROP
         /usr/sbin/iptables -P FORWARD DROP
         /usr/sbin/iptables -P OUTPUT ACCEPT
 
-	# Unlimited on local
-	/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
-	/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
-
-	# Accept passive
-	/usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
+        /usr/sbin/iptables -A OUTPUT -j ACCEPT
 
-	/usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
+        # Unlimited on local
+        /usr/sbin/iptables -A INPUT -i lo -j ACCEPT
+        /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
 
+        # Accept passive
+        /usr/sbin/iptables -A INPUT -p tcp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
+        /usr/sbin/iptables -A INPUT -p udp --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
 
-	# log everything else and drop
-	/usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
-	#/usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
-	/usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
+        # log everything else and drop
+        /usr/sbin/iptables -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "
+        /usr/sbin/iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: "
+        /usr/sbin/iptables -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: "
 
-	;;
+        ;;
 
-restart)
-	$0 stop
-	$0 start
-	;;
-*)
+    restart)
+        $0 stop
+        $0 start
+        ;;
+    *)
 
-	echo "usage: $0 [start|stop|restart]"
-	;;
+        echo "usage: $0 [start|stop|restart]"
+        ;;
 esac
 
 # End of file
diff --git a/tools/conf/etc/iptables/vlan.v4 b/tools/conf/etc/iptables/vlan.v4
new file mode 100644
index 0000000..8c87389
--- /dev/null
+++ b/tools/conf/etc/iptables/vlan.v4
@@ -0,0 +1,170 @@
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*security
+:INPUT ACCEPT [6:2056]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [6:2056]
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*raw
+:PREROUTING ACCEPT [7:2092]
+:OUTPUT ACCEPT [6:2056]
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*mangle
+:PREROUTING ACCEPT [7:2092]
+:INPUT ACCEPT [6:2056]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [6:2056]
+:POSTROUTING ACCEPT [6:2056]
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*filter
+:INPUT DROP [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT DROP [0:0]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i br0 -j ACCEPT
+-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop sync: " --log-level 7
+-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
+-A INPUT -f -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop frag: "
+-A INPUT -f -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop null: "
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop syn rst syn rs"
+-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop xmas: "
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop fin scan: "
+-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
+#################################################################################
+#	INPUT
+#	Established connections and passive
+#
+
+# Allow established from dns server
+#-A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# INPUT accept passive
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED -j ACCEPT
+
+
+# Allow irc
+-A INPUT -p tcp -m tcp --sport 6667 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow xmmp
+-A INPUT -p tcp -m tcp --sport 5222 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
+# Allow established from https server
+-A INPUT -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p udp -m udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow established from http server
+-A INPUT -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from rsync server
+-A INPUT -p tcp -m tcp --sport 873 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from pop3s server
+-A INPUT -p tcp -m tcp --sport 995 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from smtps server
+-A INPUT -p tcp -m tcp --sport 465 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from ntp server
+-A INPUT -p udp -m udp --sport 123 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from whois server
+-A INPUT -p tcp -m tcp --sport 43 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from ftp server
+-A INPUT -p tcp -m tcp --sport 20 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 21 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+##################################################################################
+#	INPUT
+#	New and established connections to local servers
+#
+
+# allow ping
+-A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# INPUT accept from wlp7s0 to dns server
+#-A INPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# INPUT accept from wlp7s0 to https server
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+# INPUT accept from wlp7s0 to ssh server
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW -m limit --limit 6/min --limit-burst 3 -j ACCEPT
+
+-A FORWARD -i br0 -j ACCEPT
+
+-A INPUT -j LOG --log-prefix "iptables: INPUT: " --log-level 7
+-A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7
+
+##################################################################################
+#	Output
+#	Connections to remote servers
+#
+-A OUTPUT -o lo -j ACCEPT
+-A OUTPUT -o br0 -j ACCEPT
+
+# Allow ping
+-A OUTPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+# Allow to ssh clients
+-A OUTPUT -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow to dns
+#-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow from dns server
+#-A OUTPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow irc
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow xmmp
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 5222 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+
+
+# Allow to rsync server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to pop3s server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to smtps server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to ntp server
+-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to ftp server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to https server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to http server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+##################################################################################
+#	Output
+#	Connections from local servers
+#
+
+
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED -j ACCEPT
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state NEW -j ACCEPT
+
+
+-A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*nat
+:PREROUTING ACCEPT [1:36]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+
+-A POSTROUTING -s 10.0.0.0/24 -d 10.0.0.0/24 -j ACCEPT
+-A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
+#-A POSTROUTING -o wlp7s0 -j MASQUERADE
+
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
diff --git a/tools/conf/etc/rc.d/blan b/tools/conf/etc/rc.d/blan
index f75d272..f3ea322 100755
--- a/tools/conf/etc/rc.d/blan
+++ b/tools/conf/etc/rc.d/blan
@@ -4,60 +4,55 @@
 #
 
 DEV="br0"
-PHY="enp8s0"
 
-ADDR=10.0.0.1
+ADDR=10.0.0.254
 NET=10.0.0.0
+GW=192.168.1.254
 MASK=24
-GTW=10.0.0.1
-NTAPS=$((`/usr/bin/nproc`-1))
+
+# one tap for each cpu core
+NTAPS=$((`/usr/bin/nproc`))
 
 case $1 in
-	start)
-                /sbin/ip link add name ${DEV} type bridge
-                /sbin/ip link set dev ${DEV} up
-
-                /bin/sleep 0.2s
-                /sbin/ip route flush dev ${PHY}
-                /sbin/ip addr flush dev ${PHY}
-                /sbin/ip link set dev ${PHY} master ${DEV}
-
-                /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
-
-                for i in `/usr/bin/seq $NTAPS`
-                do
-                    TAP="tap$i"
-                    echo $TAP
-                    /sbin/ip tuntap add ${TAP} mode tap group kvm
-                    /sbin/ip link set ${TAP} up
-                    /bin/sleep 0.2s
-                    #brctl addif $switch $1
-                    /sbin/ip link set ${TAP} master ${DEV}
-                done
-
-		exit 0
-		;;
-	stop)
-
-                for i in `/usr/bin/seq $NTAPS`
-                do
-                    TAP="tap$i"
-		    /sbin/ip link del ${TAP}
-                    echo $TAP
-                done
-
-       		/sbin/ip link set dev ${DEV} down
-		/sbin/ip route flush dev ${DEV}
-		/sbin/ip link del ${DEV}
-		exit 0
-		;;
-	restart)
-		$0 stop
-		$0 start
-		;;
-	*)
-		echo "Usage: $0 [start|stop|restart]"
-		;;
+    start)
+        /sbin/ip link add name ${DEV} type bridge
+        /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
+        /sbin/ip link set dev ${DEV} up
+        /bin/sleep 0.2s
+
+        for i in `/usr/bin/seq $NTAPS`
+        do
+            TAP="tap$i"
+            echo "Setting up ${TAP} tap interface."
+            /sbin/ip tuntap add ${TAP} mode tap group kvm
+            /sbin/ip link set ${TAP} up
+            /bin/sleep 0.2s
+            /sbin/ip link set ${TAP} master ${DEV}
+        done
+
+        exit 0
+        ;;
+    stop)
+
+        for i in `/usr/bin/seq $NTAPS`
+        do
+            TAP="tap$i"
+            echo "Deleting ${TAP} tap interface."
+            /sbin/ip link del ${TAP}
+        done
+
+        /sbin/ip link set dev ${DEV} down
+        /sbin/ip route flush dev ${DEV}
+        /sbin/ip link del ${DEV}
+        exit 0
+        ;;
+    restart)
+        $0 stop
+        $0 start
+        ;;
+    *)
+        echo "Usage: $0 [start|stop|restart]"
+        ;;
 esac
 
 # End of file
diff --git a/tools/network.html b/tools/network.html
index 43e4616..bb4c0be 100644
--- a/tools/network.html
+++ b/tools/network.html
@@ -20,24 +20,7 @@
         how to create interfaces at startup or as source to do it
         in automatic way;</p>
 
-        <pre>
-        DEV="br0"
-        PHY="enp8s0"
-        </pre>
-
-        <pre>
-        # ip link add name ${DEV} type bridge
-        # ip link set dev ${DEV} up
-        </pre>
-        <pre>
-        # ip route flush dev ${PHY}
-        # ip addr flush dev ${PHY}
-        # ip link set dev ${PHY} master ${DEV}
-        </pre>
-
-        <pre>
-        # ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
-        </pre>
+        <p>For more information about bridges <a href="http://ebtables.netfilter.org/br_fw_ia/br_fw_ia.html#section7">Bridges with iptables</a></p>
 
         <a href="index.html">Tools Index</a>
         <p>This is part of the c9 Manual.
diff --git a/tools/qemu.html b/tools/qemu.html
index 0079dfc..86fb7aa 100644
--- a/tools/qemu.html
+++ b/tools/qemu.html
@@ -12,7 +12,9 @@
 
         <h2 id="kern">1. Host System</h2>
 
-        <p>Load modules, in this case kvm of intel cpu;</p>
+        <p>Prepare host system for virtual machines, this includes create new user,
+        loading necessary modules and configure network. Load kvm module, in this example
+        intel module is loaded but depends on host cpu;</p>
 
         <pre>
         # modprobe -a kvm-intel tun virtio
@@ -27,6 +29,7 @@
 
         <h2 id="disk">2. Disk images</h2>
 
+        <p>Qemu supports multiple disk images types.</p>
         <dl>
             <dt>img</dt>
             <dd>Raw disk image, allows dd to a physical device.</dd>
@@ -115,67 +118,109 @@
         KERNEL=="tun", GROUP="kvm", MODE="0660", OPTIONS+="static_node=net/tun"
         </pre>
 
+        <h3>2.1. Routing</h3>
 
-        <h3>2.1. Public Bridge</h3>
-
-        <p>Create <a href="network.html#bridge">bridge</a>, create new
-        tap and add it to bridge;</p>
-
-        <pre>
-        # DEV="br0"
-        # TAP="tap1"
-        </pre>
-
-        <pre>
-        # ip tuntap add ${TAP} mode tap group kvm
-        # ip link set ${TAP} up
-        </pre>
+        <p>Create interface with correct permissions set for kvm group.</p>
 
         <pre>
-        # ip link set ${TAP} master ${DEV}
+        # sysctl -w net.ipv4.ip_forward=1
+        # iptables -A INPUT -i br0 -j ACCEPT
+        # iptables -A FORWARD -i br0 -j ACCEPT
+        # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 10.0.0.0/24 -j ACCEPT
+        # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
         </pre>
 
-        <h3>2.2. Routing</h3>
+        <h3>2.2. Public Bridge</h3>
 
-        <p>Create interface with correct permissions set for kvm group.</p>
+        <p>Create <a href="network.html#bridge">bridge</a>, create new
+        tap and add it to bridge;</p>
 
         <pre>
-        # sysctl -w net.ipv4.ip_forward=1
-        # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
+        DEV="br0"
+
+        ADDR=10.0.0.254
+        NET=10.0.0.0
+        GW=192.168.1.254
+        MASK=24
+
+        # one tap for each cpu core
+        NTAPS=$((`/usr/bin/nproc`))
+
+        case $1 in
+            start)
+                /sbin/ip link add name ${DEV} type bridge
+                /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
+                /sbin/ip link set dev ${DEV} up
+                /bin/sleep 0.2s
+
+                for i in `/usr/bin/seq $NTAPS`
+                do
+                    TAP="tap$i"
+                    echo "Setting up ${TAP} tap interface."
+                    /sbin/ip tuntap add ${TAP} mode tap group kvm
+                    /sbin/ip link set ${TAP} up
+                    /bin/sleep 0.2s
+                    /sbin/ip link set ${TAP} master ${DEV}
+                done
+
+                exit 0
+                ;;
+            stop)
+
+                for i in `/usr/bin/seq $NTAPS`
+                do
+                    TAP="tap$i"
+                    echo "Deleting ${TAP} tap interface."
+                    /sbin/ip link del ${TAP}
+                done
+
+                /sbin/ip link set dev ${DEV} down
+                /sbin/ip route flush dev ${DEV}
+                /sbin/ip link del ${DEV}
+                exit 0
+                ;;
+            restart)
+                $0 stop
+                $0 start
+                ;;
+            *)
+                echo "Usage: $0 [start|stop|restart]"
+                ;;
+        esac
+
+        # End of file
         </pre>
 
         <h2 id="guest">Guest System</h2>
 
-        <p>Start qemu with 512 of ram, mydisk.img as disk and boot from iso</p>
-
         <p>See <a href="scripts/system-qemu.sh">scripts/system-qemu.sh</a>,
         as template. Run virtual machine that uses above tap device;</p>
 
         <pre>
-        $ ISO=~/crux-3.2.iso
-        $ IMG=~/crux-img.qcow2
-        $ TAP="tap1"
+        #!/bin/bash
 
-        $ qemu-system-x86_64 \
-            -enable-kvm \
-            -m 1024 \
-            -boot d \
-            -cdrom ${ISO} \
-            -hda ${IMG} \
-            -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no
-        </pre>
+        function rmac_addr (){
+        printf '54:60:BE:EF:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256))
+        }
 
-        <pre>
-        $ ISO=~/crux-3.2.iso
-        $ IMG=~/crux-img.qcow2
+        #boot=d
+        boot=$1
+        #iso=crux-3.2.iso
+        iso=$2
+        #image=crux-img.qcow2
+        image=$3
+        #tap="tap1"
+        tap=$4
+        mac=$(rmac_addr)
 
-        $ qemu-system-x86_64 \
+        qemu-system-x86_64 \
             -enable-kvm \
             -m 1024 \
-            -boot d \
-            -cdrom ${ISO} \
-            -hda ${IMG} \
-            -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no
+            -boot ${boot} \
+            -cdrom ${iso} \
+            -hda ${image} \
+            -device e1000,netdev=t0,mac=${mac} \
+            -netdev tap,id=t0,ifname=${tap},script=no,downscript=no
         </pre>
 
         <a href="index.html">Tools Index</a>
-- 
cgit 1.4.1-2-gfad0


From 2cbb84a5636b125fcb26319dbfa87159a28a7f56 Mon Sep 17 00:00:00 2001
From: Silvino Silva <silvino@bk.ru>
Date: Fri, 20 Jan 2017 21:16:33 +0000
Subject: new httpup ports location

---
 core/conf/ports/c9-ports.httpup | 2 +-
 index.html                      | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

(limited to 'core')

diff --git a/core/conf/ports/c9-ports.httpup b/core/conf/ports/c9-ports.httpup
index 3a275e5..349e13e 100644
--- a/core/conf/ports/c9-ports.httpup
+++ b/core/conf/ports/c9-ports.httpup
@@ -3,5 +3,5 @@
 #
 
 ROOT_DIR=/usr/ports/c9-ports
-URL=https://github.com/s1lvino/c9-ports/raw/master/
+URL=https://s1lvino.github.io/c9-ports/
 # End of file
diff --git a/index.html b/index.html
index cf78c35..020812d 100644
--- a/index.html
+++ b/index.html
@@ -18,8 +18,9 @@
 
         <h2>Ports</h2>
 
-        <p>Content of
-        <a href="core/conf/ports/c9-ports.httpup">c9-ports.httpup</a>;
+        <p>Httup file 
+        <a href="core/conf/ports/c9-ports.httpup">c9-ports.httpup</a> of c9-ports
+        <a href="https://s1lvino.github.io/c9-ports/">c9-ports</a></p>
         </p>
 
         <pre>
@@ -28,7 +29,7 @@
         #
 
         ROOT_DIR=/usr/ports/c9-ports
-        URL=https://github.com/s1lvino/c9-ports/raw/master/
+        URL=https://s1lvino.github.io/c9-ports/
         # End of file
         </pre>
 
-- 
cgit 1.4.1-2-gfad0


From 6d9701ecd628af60c64d1e0740a5bd5bd6a3a850 Mon Sep 17 00:00:00 2001
From: Silvino Silva <silvino@bk.ru>
Date: Fri, 20 Jan 2017 21:19:45 +0000
Subject: correct /etc/hosts

---
 core/conf/hosts | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

(limited to 'core')

diff --git a/core/conf/hosts b/core/conf/hosts
index ee776e2..449949b 100644
--- a/core/conf/hosts
+++ b/core/conf/hosts
@@ -1,13 +1,27 @@
 #
 # /etc/hosts: static lookup table for host names
 #
-
-# IPv4
+# IPv4 LocalHosts
 127.0.0.1	localhost.localdomain localhost
-127.0.0.1       c9.localdomain c9
+127.0.0.1  c9.core c9
+
+127.0.0.1	wiki.localhost
+127.0.0.1	git.localhost
+127.0.0.1	doc.localhost
+127.0.0.1	ports.localhost
+
+# IPv4 Intranet
+#<ip-address>	<hostname.domain.org>	<aliases>
+
+10.0.0.254	c9.core
+10.0.0.254	wiki.c9.core
+10.0.0.254	git.c9.core
+10.0.0.254	doc.c9.core
+10.0.0.254	ports.c9.core
 
+# IPv4 Internet
 #<ip-address>	<hostname.domain.org>	<aliases>
-192.168.1.9	core.privat-network.net c9.core
+10.0.0.254	core.privat-network.net
 
 # IPv6
 #::1		ip6-localhost	ip6-loopback
-- 
cgit 1.4.1-2-gfad0


From 6f70ea02c783d69b3eeb225ab7047de74020a0a9 Mon Sep 17 00:00:00 2001
From: Silvino Silva <silvino@bk.ru>
Date: Fri, 20 Jan 2017 21:29:59 +0000
Subject: revert repo from github pages

---
 core/conf/ports/c9-ports.httpup | 2 +-
 index.html                      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'core')

diff --git a/core/conf/ports/c9-ports.httpup b/core/conf/ports/c9-ports.httpup
index 349e13e..3a275e5 100644
--- a/core/conf/ports/c9-ports.httpup
+++ b/core/conf/ports/c9-ports.httpup
@@ -3,5 +3,5 @@
 #
 
 ROOT_DIR=/usr/ports/c9-ports
-URL=https://s1lvino.github.io/c9-ports/
+URL=https://github.com/s1lvino/c9-ports/raw/master/
 # End of file
diff --git a/index.html b/index.html
index 020812d..581569e 100644
--- a/index.html
+++ b/index.html
@@ -29,7 +29,7 @@
         #
 
         ROOT_DIR=/usr/ports/c9-ports
-        URL=https://s1lvino.github.io/c9-ports/
+        URL=https://github.com/s1lvino/c9-ports/raw/master/
         # End of file
         </pre>
 
-- 
cgit 1.4.1-2-gfad0


From 34b309e494101f3c5c0113e824d7e0633a2dcb23 Mon Sep 17 00:00:00 2001
From: Silvino Silva <silvino@bk.ru>
Date: Fri, 20 Jan 2017 21:56:54 +0000
Subject: added /shm to fstab required by semaphores

---
 core/conf/fstab     | 2 +-
 core/configure.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'core')

diff --git a/core/conf/fstab b/core/conf/fstab
index b579488..67bc4e4 100644
--- a/core/conf/fstab
+++ b/core/conf/fstab
@@ -15,7 +15,7 @@
 #/dev/floppy/0         /floppy   vfat      user,noauto,unhide               0      0
 #devpts                 /dev/pts  devpts    noexec,nosuid,gid=tty,mode=0620  0      0
 #tmp                   /tmp      tmpfs     defaults                         0      0
-#shm                   /dev/shm  tmpfs     defaults                         0      0
+shm                   /dev/shm  tmpfs     defaults                         0      0
 #usb                   /proc/bus/usb usbfs defaults                         0      0
 
 devpts                 /dev/pts  devpts    noexec,nosuid,gid=tty,mode=0620  0      0
diff --git a/core/configure.html b/core/configure.html
index d7bbc25..66ed69c 100644
--- a/core/configure.html
+++ b/core/configure.html
@@ -222,7 +222,7 @@
         #/dev/dvd              /dvd      udf       ro,user,noauto,unhide            0      0
         #/dev/floppy/0         /floppy   vfat      user,noauto,unhide               0      0
         #tmp                   /tmp      tmpfs     defaults                         0      0
-        #shm                   /dev/shm  tmpfs     defaults                         0      0
+        shm                   /dev/shm  tmpfs     defaults                         0      0
         #usb                   /proc/bus/usb usbfs defaults                         0      0
 
         devpts                 /dev/pts  devpts    noexec,nosuid,gid=tty,mode=0620  0      0
-- 
cgit 1.4.1-2-gfad0