From 9741df07f44b23ce7ac66a55cef65fe6c9c45b37 Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Thu, 22 Sep 2016 02:10:51 +0100 Subject: final 0.2.1 revision --- tools/conf/etc/skel/.mutt/muttrc | 34 ++-- tools/conf/etc/skel/.vimrc | 207 +++++++++++------------- tools/gnupg.html | 5 + tools/index.html | 2 +- tools/mutt.html | 74 ++++----- tools/scipts/iptables.sh | 337 +++++++++++++++++++++++++++++++++++++++ tools/vim.html | 15 +- 7 files changed, 498 insertions(+), 176 deletions(-) create mode 100644 tools/scipts/iptables.sh (limited to 'tools') diff --git a/tools/conf/etc/skel/.mutt/muttrc b/tools/conf/etc/skel/.mutt/muttrc index aa41d50..6ec1da4 100644 --- a/tools/conf/etc/skel/.mutt/muttrc +++ b/tools/conf/etc/skel/.mutt/muttrc @@ -13,32 +13,22 @@ set duplicate_threads=yes set crypt_use_gpgme=yes -set pgp_timeout=1800 +## automatically sign all outgoing messages +set crypt_autosign=yes -## sign only replies to signed messages -set crypt_replysign=yes +## automatically encrypt outgoing messages +set crypt_autoencrypt=yes -## encrypt and sign replies to encrypted messages -set crypt_replysignencrypted=yes +## automatically verify the sign of a message when opened +set crypt_verify_sig=yes -#source ~/.mutt/gpg.rc -# -#set pgp_autosign=yes -#set pgp_sign_as=0xEE29B7D3 +set pgp_sign_as=0x8BF422F79FC7C975BDF07828E88440BC35095A74 +#set pgp_sign_as=0x8BF422F7 +set pgp_timeout=1800 +set pgp_autosign=yes #set pgp_replyencrypt=yes -# -## automatically sign all outgoing messages -#set crypt_autosign -# -## automatically encrypt outgoing messages -##set crypt_autoencrypt=yes -# -## encrypt only replies to signed messages -#set crypt_replyencrypt=yes -# -## automatically verify the sign of a message when opened -#set crypt_verify_sig=yes -# + +source ~/.mutt/gpg.rc source "~/.mutt/mail_alias" set alias_file=~/.mutt/mail_alias diff --git a/tools/conf/etc/skel/.vimrc b/tools/conf/etc/skel/.vimrc index cf143fd..9958538 100644 --- a/tools/conf/etc/skel/.vimrc +++ b/tools/conf/etc/skel/.vimrc @@ -1,26 +1,10 @@ -" An example for a vimrc file. -" -" Maintainer: Bram Moolenaar -" Last change: 2015 Mar 24 -" -" To use it, copy it to -" for Unix and OS/2: ~/.vimrc -" for Amiga: s:.vimrc -" for MS-DOS and Win32: $VIM\_vimrc -" for OpenVMS: sys$login:.vimrc - -" When started as "evim", evim.vim will already have done these settings. -if v:progname =~? "evim" - finish -endif - " Use Vim settings, rather than Vi settings (much better!). " This must be first, because it changes other options as a side effect. set nocompatible -" allow backspacing over everything in insert mode -set backspace=indent,eol,start - +"" allow backspacing over everything in insert mode +"set backspace=indent,eol,start +" if has("vms") set nobackup " do not keep a backup file, use versions instead else @@ -33,118 +17,119 @@ set ruler " show the cursor position all the time set showcmd " display incomplete commands set incsearch " do incremental searching -" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries -" let &guioptions = substitute(&guioptions, "t", "", "g") - -" Don't use Ex mode, use Q for formatting -map Q gq - -" CTRL-U in insert mode deletes a lot. Use CTRL-G u to first break undo, -" so that you can undo CTRL-U after inserting a line break. -inoremap u - -" In many terminal emulators the mouse works just fine, thus enable it. -if has('mouse') - set mouse=a -endif - -" Switch syntax highlighting on, when the terminal has colors -" Also switch on highlighting the last used search pattern. +"" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries +"" let &guioptions = substitute(&guioptions, "t", "", "g") +" +"" Don't use Ex mode, use Q for formatting +"map Q gq +" +"" CTRL-U in insert mode deletes a lot. Use CTRL-G u to first break undo, +"" so that you can undo CTRL-U after inserting a line break. +"inoremap u +" +"" In many terminal emulators the mouse works just fine, thus enable it. +"if has('mouse') +" set mouse=a +"endif +" +"" Switch syntax highlighting on, when the terminal has colors +"" Also switch on highlighting the last used search pattern. if &t_Co > 2 || has("gui_running") syntax on set hlsearch colorscheme wombat256mod endif -" Only do this part when compiled with support for autocommands. -if has("autocmd") - - " Enable file type detection. - " Use the default filetype settings, so that mail gets 'tw' set to 72, - " 'cindent' is on in C files, etc. - " Also load indent files, to automatically do language-dependent indenting. - filetype plugin indent on - - " Put these in an autocmd group, so that we can delete them easily. - augroup vimrcEx - au! - - " For all text files set 'textwidth' to 78 characters. - autocmd FileType text setlocal textwidth=78 - - " When editing a file, always jump to the last known cursor position. - " Don't do it when the position is invalid or when inside an event handler - " (happens when dropping a file on gvim). - autocmd BufReadPost * - \ if line("'\"") >= 1 && line("'\"") <= line("$") | - \ exe "normal! g`\"" | - \ endif - - augroup END - -else - - set autoindent " always set autoindenting on - -endif " has("autocmd") - -" Convenient command to see the difference between the current buffer and the -" file it was loaded from, thus the changes you made. -" Only define it when not defined already. -if !exists(":DiffOrig") - command DiffOrig vert new | set bt=nofile | r ++edit # | 0d_ | diffthis - \ | wincmd p | diffthis -endif - -if has('langmap') && exists('+langnoremap') - " Prevent that the langmap option applies to characters that result from a - " mapping. If unset (default), this may break plugins (but it's backward - " compatible). - set langnoremap -endif - +" +"" Only do this part when compiled with support for autocommands. +"if has("autocmd") +" +" " Enable file type detection. +" " Use the default filetype settings, so that mail gets 'tw' set to 72, +" " 'cindent' is on in C files, etc. +" " Also load indent files, to automatically do language-dependent indenting. +" filetype plugin indent on +" +" " Put these in an autocmd group, so that we can delete them easily. +" augroup vimrcEx +" au! +" +" " For all text files set 'textwidth' to 78 characters. +" autocmd FileType text setlocal textwidth=78 +" +" " When editing a file, always jump to the last known cursor position. +" " Don't do it when the position is invalid or when inside an event handler +" " (happens when dropping a file on gvim). +" autocmd BufReadPost * +" \ if line("'\"") >= 1 && line("'\"") <= line("$") | +" \ exe "normal! g`\"" | +" \ endif +" +" augroup END +" +"else +" +" set autoindent " always set autoindenting on +" +"endif " has("autocmd") +" +"" Convenient command to see the difference between the current buffer and the +"" file it was loaded from, thus the changes you made. +"" Only define it when not defined already. +"if !exists(":DiffOrig") +" command DiffOrig vert new | set bt=nofile | r ++edit # | 0d_ | diffthis +" \ | wincmd p | diffthis +"endif +" +"if has('langmap') && exists('+langnoremap') +" " Prevent that the langmap option applies to characters that result from a +" " mapping. If unset (default), this may break plugins (but it's backward +" " compatible). +" set langnoremap +"endif +" map :tabnew map :tabprevious map :tabnext - -" Show Line Numbers +" +"" Show Line Numbers set nu -set complete=.,b,u,] -set wildmode=longest,list:longest -set completeopt=menu,preview - -" Directories +"set complete=.,b,u,] +"set wildmode=longest,list:longest +"set completeopt=menu,preview +" +"" Directories set backupdir=~/.vim/backup set undodir=~/.vim/undodir set viewdir=~/.vim/views set directory=~/.vim/swap - -" Spell Check +" +"" Spell Check set spell spelllang=en_us - -" Strips whitespace +" +"" Strips whitespace nnoremap W :%s/\s\+$//:let @/='' - -" Whitespace fixes +" +"" Whitespace fixes highlight ExtraWhitespace ctermbg=red guibg=red + match ExtraWhitespace /\s\+$/ autocmd BufWinEnter * match ExtraWhitespace /\s\+$/ autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@ + 
+        $ chmod 700 ~/.gnupg
+        $ chmod -R 600 ~/.gnupg/*
+
+

2. Generate keys

Options for creating a DSA and ElGamal key;

diff --git a/tools/index.html b/tools/index.html index 55cf6c4..e5adac6 100644 --- a/tools/index.html +++ b/tools/index.html @@ -27,7 +27,7 @@
  • 1. Vim RC
  • 2. Color schemes
    • -
  • 3. Spaces and tabs
    • +
  • 3. Split and tab
  • 4. Editing Files
  • 5. Spell check
  • 6. Plugins
    • diff --git a/tools/mutt.html b/tools/mutt.html index 276fb51..ef7cdbd 100644 --- a/tools/mutt.html +++ b/tools/mutt.html @@ -90,7 +90,7 @@

    Lets start configuring the two accounts, one for host system email and another for external email account. Change pgp_sign_as according to your specific sub key for signing. Change - muttrc with your + muttrc with your preferences;

    @@ -111,30 +111,24 @@
         set sort_aux=reverse-last-date-received
         set duplicate_threads=yes
 
-        source ~/.mutt/gpg.rc
-
-        set pgp_autosign=yes
-        set pgp_sign_as=0x1D327CA1
-        set pgp_replyencrypt=yes
-        set pgp_timeout=1800
+        set crypt_use_gpgme=yes
 
-        # automatically sign all outgoing messages
-        set crypt_autosign
+        ## automatically sign all outgoing messages
+        set crypt_autosign=yes
 
-        # sign only replies to signed messages
-        set crypt_replysign
+        ## automatically encrypt outgoing messages
+        set crypt_autoencrypt=yes
 
-        # automatically encrypt outgoing messages
-        #set crypt_autoencrypt=yes
-
-        # encrypt only replies to signed messages
-        set crypt_replyencrypt=yes
+        ## automatically verify the sign of a message when opened
+        set crypt_verify_sig=yes
 
-        # encrypt and sign replies to encrypted messages
-        set crypt_replysignencrypted=yes
+        set pgp_sign_as=0x8BF422F79FC7C975BDF07828E88440BC35095A74
+        #set pgp_sign_as=0x8BF422F7
+        set pgp_timeout=1800
+        set pgp_autosign=yes
+        #set pgp_replyencrypt=yes
 
-        # automatically verify the sign of a message when opened
-        set crypt_verify_sig=yes
+        source ~/.mutt/gpg.rc
 
         source "~/.mutt/mail_alias"
         set alias_file=~/.mutt/mail_alias
@@ -144,37 +138,38 @@
         set message_cachedir =~/.mutt/cache/bodies
         set certificate_file =~/.mutt/certificates
 
-        set timeout=10    # mutt 'presses' (like) a key for you
-                          #(while you're idle) each x sec to trigger
+        set timeout=10    # mutt 'presses' (like) a key for you 
+                          #(while you're idle) each x sec to trigger 
                           #the thing below
         set mail_check=5  # mutt checks for new mails on every keystroke
                           # but not more often then once in 5 seconds
         set beep_new      # beep on new messages in the mailboxes
 
         ## Local system account
-        folder-hook 'Mail' 'source ~/.mutt/system'
+        folder-hook '.mail' 'source ~/.mutt/system'
 
         ## Remote account
-        folder-hook 'MailExt' 'source ~/.mutt/external'
+        folder-hook '.mailext' 'source ~/.mutt/external'
 
         ## Default account
-        source "~/.mutt/system"
+        source ~/.mutt/system
 
         ## Shortcuts
+        macro index,pager <f3> '<sync-mailbox><enter-command>source ~/.mutt/external<enter><change-folder>!<enter>'
+
         macro index,pager <f2> '<sync-mailbox><enter-command>source ~/.mutt/system<enter><change-folder>!<enter>'
-        macro index,pager <f3> '<sync-mailbox><enter-command<>source ~/.mutt/external<enter><change-folder>!<enter>'
    -

    9.2.1. System Email

    +

    2.1. System Email

    -

    Content of .mutt/system;

    +

    Content of .mutt/system;

             color status green default
 
         set folder="~/.mail"
         set mbox_type=Maildir
-        set spoolfile=/var/spool/mail/c1admin
+        set spoolfile=/var/spool/mail/c9admin
         set keep_flagged=yes
 
         set mbox="~/.mail"           # ~/.mailext/read_inbox
@@ -193,8 +188,8 @@
         unset pop_host
         unset smtp_url
 
-        set realname='droid'
-        set from=droid@c13
+        set realname='c9admin'
+        set from=c9admin@localhost

    Create folder;

    @@ -203,9 +198,9 @@ $ mkdir -p ~/.mail/{cur,new,tmp} -

    9.2.2. External Email

    +

    2.2. External Email

    -

    Edit .mutt/external;

    +

    Edit .mutt/external;

             color status blue default
@@ -242,7 +237,7 @@
         $ mkdir -p ~/.mailext/{cur,new,tmp}
    -

    9.3. Using Mutt

    +

    3. Using Mutt

    When listing messages the status flag mean;

    @@ -275,7 +270,7 @@

    If you need to manually create a folder;

    -

    9.3.1. Tag Email

    +

    3.1. Tag Email

    Just press shift-T and then read @@ -284,7 +279,7 @@ mark all taged for deletion.

    -

    9.3.2. Address alias

    +

    3.2. Address alias

    Alias makes easy to manage email addresses. Add this to your muttrc;

    @@ -296,7 +291,7 @@

    While on index or page press "a" to add address to alias file.

    -

    9.3.3. GPG Keys

    +

    3.3. GPG Keys

    Import a public key from email;

    @@ -306,15 +301,12 @@

    ^K is CTRL+K

    - Systools Index + Tools Index

    This is part of the SysDoc Manual. Copyright (C) 2016 c9 team. See the file Gnu Free Documentation License for copying conditions.

    - - - diff --git a/tools/scipts/iptables.sh b/tools/scipts/iptables.sh new file mode 100644 index 0000000..3215633 --- /dev/null +++ b/tools/scipts/iptables.sh @@ -0,0 +1,337 @@ +#!/bin/sh + +# +# XXXXXXXXXXXXXXXXX +# XXXX Network XXXX +# XXXXXXXXXXXXXXXXX +# + +# | +# v +# +-------------+ +------------------+ +# |table: filter| <---+ | table: nat | +# |chain: INPUT | | | chain: PREROUTING| +# +-----+-------+ | +--------+---------+ +# | | | +# v | v +# [local process] | **************** +--------------+ +# | +---------+ Routing decision +------> |table: filter | +# v **************** |chain: FORWARD| +# **************** +------+-------+ +# Routing decision | +# **************** | +# | | +# v **************** | +# +-------------+ +------> Routing decision <---------------+ +# |table: nat | | **************** +# |chain: OUTPUT| | + +# +-----+-------+ | | +# | | v +# v | +-------------------+ +# +--------------+ | | table: nat | +# |table: filter | +----+ | chain: POSTROUTING| +# |chain: OUTPUT | +--------+----------+ +# +--------------+ | +# v +# XXXXXXXXXXXXXXXXX +# XXXX Network XXXX +# XXXXXXXXXXXXXXXXX +# +# iptables [-t table] {-A|-C|-D} chain rule-specification +# +# iptables [-t table] {-A|-C|-D} chain rule-specification +# +# iptables [-t table] -I chain [rulenum] rule-specification +# +# iptables [-t table] -R chain rulenum rule-specification +# +# iptables [-t table] -D chain rulenum +# +# iptables [-t table] -S [chain [rulenum]] +# +# iptables [-t table] {-F|-L|-Z} [chain [rulenum]] [options...] +# +# iptables [-t table] -N chain +# +# iptables [-t table] -X [chain] +# +# iptables [-t table] -P chain target +# +# iptables [-t table] -E old-chain-name new-chain-name +# +# rule-specification = [matches...] [target] +# +# match = -m matchname [per-match-options] +# +# +# Targets +# +# can be a user defined chain +# +# ACCEPT - accepts the packet +# DROP - drop the packet on the floor +# QUEUE - packet will be stent to queue +# RETURN - stop traversing this chain and +# resume ate the next rule in the +# previeus (calling) chain. +# +# if packet reach the end of the chain or +# a target RETURN, default policy for that +# chain is applayed. +# +# Target Extensions +# +# AUDIT +# CHECKSUM +# CLASSIFY +# DNAT +# DSCP +# LOG +# Torn on kernel logging, will print some +# some information on all matching packets. +# Log data can be read with dmesg or syslogd. +# This is a non-terminating target and a rule +# should be created with matching criteria. +# +# --log-level level +# Level of logging (numeric or see sys- +# log.conf(5) +# +# --log-prefix prefix +# Prefix log messages with specified prefix +# up to 29 chars log +# +# --log-uid +# Log the userid of the process with gener- +# ated the packet +# NFLOG +# This target pass the packet to loaded logging +# backend to log the packet. One or more userspace +# processes may subscribe to the group to receive +# the packets. +# +# ULOG +# This target provides userspace logging of maching +# packets. One or more userspace processes may then +# then subscribe to various multicast groups and +# then receive the packets. +# +# +# Commands +# +# -A, --append chain rule-specification +# -C, --check chain rule-specification +# -D, --delete chain rule-specification +# -D, --delete chain rulenum +# -I, --insert chain [rulenum] rule-specification +# -R, --replace chain rulenum rule-specification +# -L, --list [chain] +# -P, --policy chain target +# +# Parameters +# +# -p, --protocol protocol +# tcp, udp, udplite, icmp, esp, ah, sctp, all +# -s, --source address[/mask][,...] +# -d, --destination address[/mask][,...] +# -j, --jump target +# -g, --goto chain +# -i, --in-interface name +# -o, --out-interface name +# -f, --fragment +# -m, --match options module-name +# iptables can use extended packet matching +# modules. +# -c, --set-counters packets bytes + +IPT="/usr/sbin/iptables" +SPAMLIST="blockedip" +SPAMDROPMSG="BLOCKED IP DROP" +PUB_IF="wlp7s0" +DHCP_SERV="192.168.1.254" +#PUB_IP="192.168.1.65" +#PRIV_IF="wlp3s0" + +modprobe ip_conntrack +modprobe ip_conntrack_ftp + +echo "Stopping ipv4 firewall and deny everyone..." + +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X +iptables -t raw -F +iptables -t raw -X +iptables -t security -F +iptables -t security -X + + +echo "Starting ipv4 firewall filter table..." + +# Set Default Rules +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT DROP + +# Unlimited on local +$IPT -A INPUT -i lo -j ACCEPT +$IPT -A OUTPUT -o lo -j ACCEPT + +# Block sync +$IPT -A INPUT -p tcp ! --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 7 --log-prefix "iptables: drop sync: " +$IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP + +# Block Fragments +$IPT -A INPUT -f -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop frag: " +$IPT -A INPUT -f -j DROP + +# Block bad stuff +$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP +$IPT -A INPUT -p tcp --tcp-flags ALL ALL -j DROP + +$IPT -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop null: " +$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # NULL packets + +$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop syn rst syn rst: " +$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP + +$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop xmas: " +$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS + +$IPT -A INPUT -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables: drop fin scan: " +$IPT -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans + +$IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP + +##### Add your AP rules below ###### + +#echo 1 > /proc/sys/net/ipv4/ip_forward +#$IPT -t nat -A POSTROUTING -o ${PUB_IF} -j SNAT --to ${PUB_IP} +#$IPT -A FORWARD -i ${PRIV_IF} -o ${PUB_IF} -j ACCEPT +#$IPT -A FORWARD -i ${PUB_IF} -o ${PRIV_IF} -j ACCEPT + +#$IPT -A INPUT -i ${PRIV_IF} -j ACCEPT +#$IPT -A OUTPUT -o ${PRIV_IF} -j ACCEPT + +##### Server rules below ###### + +#echo "Allow ICMP" +#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 0 -s 192.168.0.0/16 -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 0 -d 192.168.0.0/16 -j ACCEPT +#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 8 -s 192.168.0.0/16 -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 8 -d 192.168.0.0/16 -j ACCEPT + +#echo "Allow DNS Server" +#$IPT -A INPUT -i ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -d 192.168.0.0/16 -j ACCEPT + +#echo "Allow HTTP and HTTPS server" +#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT +#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT + +#echo "Allow ssh server" +#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT +#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 22 -m state --state ESTABLISHED -j ACCEPT +#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT + +##### Add your rules below ###### + +echo "Allow DNS Client" + +#$IPT -A INPUT -i ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +#$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT +#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT + +echo "Allow Whois Client" + +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 43 -m state --state ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 43 -m state --state NEW,ESTABLISHED -j ACCEPT + +echo "Allow HTTP Client" + +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT + +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT + + +echo "Allow Rsync Client" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT + +echo "Allow POP3S Client" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 995 -m state --state ESTABLISHED -j ACCEPT + +echo "Allow SMTPS Client" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 465 -m state --state ESTABLISHED -j ACCEPT + +echo "Allow NTP Client" +$IPT -A OUTPUT -o ${PUB_IF} -p udp --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p udp --sport 123 -m state --state ESTABLISHED -j ACCEPT + +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT + +echo "Allow IRC Client" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 6667 -m state --state NEW -j ACCEPT + +echo "Allow Active FTP Client" +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 20 -m state --state ESTABLISHED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT + +echo "Allow Git" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9418 -m state --state NEW -j ACCEPT + +echo "Allow ssh client" +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT + +#echo "Allow Passive Connections" +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT + + +# echo "Allow FairCoin" +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 46392 -m state --state NEW,ESTABLISHED -j ACCEPT +# $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 46392 -m state --state ESTABLISHED -j ACCEPT +# +# echo "Allow Dashcoin" +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 29080 -m state --state NEW,ESTABLISHED -j ACCEPT +# $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 29080 -m state --state ESTABLISHED -j ACCEPT +# +# echo "Allow warzone2100" +# $IPT -A INPUT -i ${PUB_IF} -p tcp --dport 2100 -s 192.168.0.0/16 -j ACCEPT +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2100 -j ACCEPT +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 2100 -j ACCEPT +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9990 -j ACCEPT +# +# echo "Allow wesnoth" +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT +# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT + +##### END your rules ############ +# Less log of known traffic + +# RIP protocol +$IPT -A INPUT -i ${PUB_IF} -p udp --sport 520 --dport 520 -s 192.168.0.0/16 -j DROP + +# DHCP +$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 68 --dport 67 -d $DHCP_SERV -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p udp --sport 68 --dport 67 -s $DHCP_SERV -j ACCEPT + +# log everything else and drop +$IPT -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " +$IPT -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " +$IPT -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " + +exit 0 diff --git a/tools/vim.html b/tools/vim.html index 03ba767..d483e29 100644 --- a/tools/vim.html +++ b/tools/vim.html @@ -46,7 +46,20 @@

    5.3. Split and tab

    -

    :sp

    +

    Horizontal split;

    + 
    +        :sp
+
    + +

    Vertical split;

    + 
    +        :sp
+
    + +

    Move between window splits;

    + 
    +        ctrl+w (k,j,l,h)
+

    5.4. Editing files

    -- cgit 1.4.1-2-gfad0