Add new host and change IPTables template
This commit is contained in:
parent
9889d110eb
commit
aba56f54d5
GPG Key ID:
F92BA85F61F4C173
@ -1,8 +1,8 @@
|
||||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=redxen-config-iptables
|
||||
pkgver=2020.12.14
|
||||
pkgrel=0
|
||||
pkgver=2020.12.22
|
||||
pkgrel=2
|
||||
pkgdesc="IPTables firewall configs"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
@ -19,5 +19,5 @@ package() {
|
||||
install -Dm644 rules-v6 "$pkgdir"/etc/iptables/rx-rules6
|
||||
}
|
||||
|
||||
sha512sums="bf2e61f88363051412b28a8a934f004f557960ceecfd49f6b3373156261baced030682ba0063a071dbc182e9a293e988990c6c5d431bdf1ee60aa8560cbd2e6d rules-v4
|
||||
4967571e2bf0449360c5019f1e1cb69774e197024b48b3e5895f19e5c1b4e8b7499043ce00fc3a35369a5ccc6ca37a60a49efc14e690dae68a8edf3a802a0cd1 rules-v6"
|
||||
sha512sums="678f1799b3ccce4fa47eb52769046db5e74c3c8a18a973c71fda9288e84a9763b3eec4665b1948fae04cf1ef5267d222a15230c5d43db5d00510c7ad7653488f rules-v4
|
||||
38bb28868d1552c9fadf721830a158e4c050c7c4f6fb7a54e563354d30f9e8ee3909b299af6114d305798a4f8c52002c5da9af8a86d2f59045682e0046ae0977 rules-v6"
|
||||
|
||||
@ -2,27 +2,32 @@
|
||||
*filter
|
||||
:INPUT DROP [0:0]
|
||||
:FORWARD DROP [0:0]
|
||||
:OUTPUT ACCEPT [6:359]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
-A INPUT -i tun0 -j ACCEPT
|
||||
-A INPUT -p icmp -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
|
||||
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
|
||||
-A INPUT -i tun0 -j ACCEPT
|
||||
-A INPUT -i eth1 -p tcp -m tcp --dport 7521 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
COMMIT
|
||||
# Mangle
|
||||
*mangle
|
||||
:PREROUTING ACCEPT [8948:5925361]
|
||||
:INPUT ACCEPT [8943:5924001]
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [10902:1431630]
|
||||
:POSTROUTING ACCEPT [10965:1438415]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
COMMIT
|
||||
# NAT
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
COMMIT
|
||||
# Raw
|
||||
*raw
|
||||
:PREROUTING ACCEPT [8948:5925361]
|
||||
:OUTPUT ACCEPT [10902:1431630]
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
COMMIT
|
||||
|
||||
@ -1,29 +1,33 @@
|
||||
# Filter
|
||||
*filter
|
||||
:INPUT DROP [17:2112]
|
||||
:INPUT DROP [0:0]
|
||||
:FORWARD DROP [0:0]
|
||||
:OUTPUT ACCEPT [31:3265]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
-A INPUT -i tun0 -j ACCEPT
|
||||
-A INPUT -p ipv6-icmp -j ACCEPT
|
||||
-A INPUT -i tun0 -j ACCEPT
|
||||
-A INPUT -i eth1 -p tcp -m tcp --dport 7521 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
|
||||
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
|
||||
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
COMMIT
|
||||
# Mangle
|
||||
*mangle
|
||||
:PREROUTING ACCEPT [18:2161]
|
||||
:INPUT ACCEPT [18:2161]
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [31:3265]
|
||||
:POSTROUTING ACCEPT [48:5377]
|
||||
-A OUTPUT -j TOS --set-tos 0x10/0xff
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
COMMIT
|
||||
# NAT
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
COMMIT
|
||||
# Raw electrons
|
||||
*raw
|
||||
:PREROUTING ACCEPT [18:2161]
|
||||
:OUTPUT ACCEPT [31:3265]
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
COMMIT
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=redxen-config-unbound
|
||||
pkgver=2020.12.20
|
||||
pkgrel=1
|
||||
pkgver=2020.12.22
|
||||
pkgrel=0
|
||||
pkgdesc="Unbound configurations and some other stuff."
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
@ -38,5 +38,5 @@ internal() {
|
||||
|
||||
sha512sums="1f767995d4208f94e38f98c20538d7255c70e14cf11bed2ee13837ee765b5b098e6890dacf48334a59f1fbc40ed3f5e78dacba87f9674d9e6db3c701abc862d9 main.conf
|
||||
54a3f178a2d922822f7ed77a9c6f701f58bbb6b35fba4e4016ef00c6bb3a03c478d7720cffad45bbfb5b54c906c4faaa6d4da629a097238e303b7d13c7a3c2c2 base.conf
|
||||
9e1eb73c7bc8cf72e49c880d6ea7108cc2a87afc6beac7bcb7673478c7c27d097a2b967e73a97a7ec422d403a3bd1423742b47a3dc7351d741fcaba5a3c3d557 internal.conf
|
||||
595a265ebe7b37a7d812f1255d7f441816d70449bd91c0285e5f8c4a3645ef83d8c9ffdf330dd29402603ae2b6dd4c5d540aac36318a97a94ba08cf9099b0fe2 redxen-dns.conf"
|
||||
6f8fa08194a35a455808c70eb64284545ed4d25f18946474bff081cfb25d2d8bfcfafaf6064ebb43c045de0d0d9b21367c11028436a304f8979dcf99bc2772c9 internal.conf
|
||||
5d3dde837cf8673c438b0700731652f373536db5aba655f0e22208910d2ee73819246371bb785aec34c095145353a80fea48acd4a91ab46c5763d2e618227e89 redxen-dns.conf"
|
||||
|
||||
@ -5,11 +5,13 @@ server:
|
||||
local-data: "8101153.nbg1-dc3.hetzner.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
|
||||
local-data: "8201371.fsn1-dc14.hetzner.redxen.localhost. 86400 IN AAAA 200:8656:aa4:dc68:888:d92c:914b:866b"
|
||||
local-data: "9013723.fsn1-dc14.hetzner.redxen.localhost. 86400 IN AAAA 200:2749:8af:bdf9:f011:997e:7bbb:35f3"
|
||||
local-data: "9227948.nbg1-dc3.hetzner.redxen.localhost. 86400 IN AAAA 200:17cb:399a:e52a:a7d8:74f3:873f:5c5a"
|
||||
|
||||
# Familiar names
|
||||
local-data: "lain.nurnberg.hetzner.redxen.localhost. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.localhost."
|
||||
local-data: "arisu.falkenstein.hetzner.redxen.localhost. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "chisa.falkenstein.hetzner.redxen.localhost. 86400 IN CNAME 9013723.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "masami.nurnberg.hetzner.redxen.localhost. 86400 IN CNAME 9227948.nbg1-dc3.hetzner.redxen.localhost."
|
||||
|
||||
# Services
|
||||
local-data: "_murmur._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7573 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
|
||||
@ -13,11 +13,14 @@ server:
|
||||
local-data: "8201371.fsn1-dc14.hetzner.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:436e::1"
|
||||
local-data: "9013723.fsn1-dc14.hetzner.redxen.eu. 86400 IN A 168.119.99.213"
|
||||
local-data: "9013723.fsn1-dc14.hetzner.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:fd5e::1"
|
||||
local-data: "9227948.nbg1-dc3.hetzner.redxen.eu. 86400 IN A 168.119.232.42"
|
||||
local-data: "9227948.nbg1-dc3.hetzner.redxen.eu. 86400 IN AAAA 2a01:4f8:1c0c:7ef6::1"
|
||||
|
||||
# Familiar records
|
||||
local-data: "lain.nurnberg.hetzner.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
|
||||
local-data: "arisu.falkenstein.hetzner.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
local-data: "chisa.falkenstein.hetzner.redxen.eu. 86400 IN CNAME 9013723.fsn1-dc14.hetzner.redxen.eu."
|
||||
local-data: "masami.nurnberg.hetzner.redxen.eu. 86400 IN CNAME 9227948.nbg1-dc3.hetzner.redxen.eu."
|
||||
|
||||
# Services
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user