From e5b114478ca56e806900f6f9c08322279af21d03 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 13 Sep 2025 11:57:58 +0000 Subject: [PATCH 1/8] Fix function name in sysadmin's .bashrc. --- .gitattributesdb | 4 ++-- home/sysadmin/.bashrc | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitattributesdb b/.gitattributesdb index 7e810da..5be28d6 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -46,7 +46,7 @@ ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - aG9tZS8uZ2l0aWdub3Jl 1757762052 1757762052 root:root 0644 - - aG9tZS9zeXNhZG1pbi8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uYmFzaF9wcm9maWxl 1757584711 1757584711 sysadmin:users 0644 - - -aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1757761708 1757586493 sysadmin:users 0644 - - +aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1757764048 1757586493 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uZ2l0Y29uZmln 1757582738 1757582738 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uZ2l0aWdub3Jl 1757600312 1757600312 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 sysadmin:users 0644 - - @@ -74,4 +74,4 @@ ZXRjL3NoYWRvdy0= 1757702585 1757702585 root:shadow 0640 - - ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - -aG9tZS9zeXNhZG1pbg== 1757761743 1757761412 sysadmin:users 0711 - - +aG9tZS9zeXNhZG1pbg== 1757764049 1757761412 sysadmin:users 0711 - - diff --git a/home/sysadmin/.bashrc b/home/sysadmin/.bashrc index a0f5eba..954d50e 100644 --- a/home/sysadmin/.bashrc +++ b/home/sysadmin/.bashrc @@ -1,7 +1,7 @@ #!/bin/bash - not strictly necessary, but helps nano with syntax highlighting. # Bash specific configuration. -prompt_user_colour() { +__prompt_user_colour() { # Determine the colour of the username in the prompt. if [[ "$(whoami)" == "root" ]]; then From 0eb2999f0fffbaf9bb5a60473297bc7e513afffd Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 13 Sep 2025 12:25:22 +0000 Subject: [PATCH 2/8] Save ip{,6}tables rules. --- .gitattributesdb | 2 ++ etc/iptables/rules-save | 26 ++++++++++++++++++++++++++ etc/iptables/rules6-save | 25 +++++++++++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 etc/iptables/rules-save create mode 100644 etc/iptables/rules6-save diff --git a/.gitattributesdb b/.gitattributesdb index 5be28d6..7aab122 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -18,6 +18,8 @@ ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - - ZXRjL2dyb3Vw 1757761113 1757594224 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - - +ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757766263 1757766263 root:root 0600 - - +ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757766078 1757766078 root:root 0600 - - ZXRjL2xvY2FsLmQvLmdpdGlnbm9yZQ== 1757595481 1757595481 root:root 0644 - - ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - diff --git a/etc/iptables/rules-save b/etc/iptables/rules-save new file mode 100644 index 0000000..8f0cf88 --- /dev/null +++ b/etc/iptables/rules-save @@ -0,0 +1,26 @@ +# Generated by iptables-save v1.8.11 (nf_tables) on Sat Sep 13 12:24:23 2025 +*filter +:INPUT DROP [20:916] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [194:15741] +[0:0] -A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT +[78:7646] -A INPUT -i lo -j ACCEPT +[0:0] -A INPUT -s 127.0.0.0/8 -i eth0 -j DROP +[0:0] -A INPUT -s 10.0.0.0/8 -i eth0 -j DROP +[0:0] -A INPUT -s 172.16.0.0/12 -i eth0 -j DROP +[0:0] -A INPUT -s 192.168.0.0/16 -i eth0 -j DROP +[0:0] -A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT +[0:0] -A INPUT -s 5.101.171.208/28 -j ACCEPT +[38:4676] -A INPUT -s 185.176.90.169/32 -j ACCEPT +[0:0] -A INPUT -s 172.236.16.105/32 -j ACCEPT +[0:0] -A INPUT -s 82.33.87.103/32 -j ACCEPT +[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +[1:48] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT +[0:0] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT +[0:0] -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT +[0:0] -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT +[0:0] -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT +[1:60] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT +[0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT +COMMIT +# Completed on Sat Sep 13 12:24:23 2025 diff --git a/etc/iptables/rules6-save b/etc/iptables/rules6-save new file mode 100644 index 0000000..c952765 --- /dev/null +++ b/etc/iptables/rules6-save @@ -0,0 +1,25 @@ +# Generated by ip6tables-save v1.8.11 (nf_tables) on Sat Sep 13 12:21:18 2025 +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP +[0:0] -A INPUT -i lo -j ACCEPT +[0:0] -A INPUT -s ::1/128 -i eth0 -j DROP +[0:0] -A INPUT -s 2a01:a500:2981:1::/64 -j ACCEPT +[0:0] -A INPUT -s 2a07:4580:b0d:57f::169/128 -j ACCEPT +[0:0] -A INPUT -s 2600:3c13::2000:50ff:fef4:7f56/128 -j ACCEPT +[0:0] -A INPUT -s 2001:470:1f1d:58::/64 -j ACCEPT +[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT +[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT +[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT +[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT +[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT +[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT +[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT +[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT +[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT +[0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT +COMMIT +# Completed on Sat Sep 13 12:21:18 2025 From dd88a846da00413acf306c60c92360245019270a Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 13 Sep 2025 13:19:09 +0000 Subject: [PATCH 3/8] Update firewall rules. --- .gitattributesdb | 6 +++--- etc/iptables/rules-save | 29 +++++++++++++---------------- etc/iptables/rules6-save | 13 ++++++------- 3 files changed, 22 insertions(+), 26 deletions(-) diff --git a/.gitattributesdb b/.gitattributesdb index 7aab122..fa50b57 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -13,13 +13,13 @@ ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - - ZXRjL2NvbmYuZC9zYW1iYQ== 1757592912 1757592912 root:root 0644 - - ZXRjL2NvbmYuZC9zc2hk 1757593051 1757593051 root:root 0644 - - -ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757595391 1757595391 root:root 0644 - - +ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757768175 1757595391 root:root 0644 - - ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - - ZXRjL2dyb3Vw 1757761113 1757594224 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - - -ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757766263 1757766263 root:root 0600 - - -ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757766078 1757766078 root:root 0600 - - +ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757769474 1757769474 root:root 0600 - - +ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757769484 1757769484 root:root 0600 - - ZXRjL2xvY2FsLmQvLmdpdGlnbm9yZQ== 1757595481 1757595481 root:root 0644 - - ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - diff --git a/etc/iptables/rules-save b/etc/iptables/rules-save index 8f0cf88..cb2676b 100644 --- a/etc/iptables/rules-save +++ b/etc/iptables/rules-save @@ -1,26 +1,23 @@ -# Generated by iptables-save v1.8.11 (nf_tables) on Sat Sep 13 12:24:23 2025 +# Generated by iptables-save v1.8.11 (nf_tables) on Sat Sep 13 13:17:54 2025 *filter -:INPUT DROP [20:916] +:INPUT DROP [6:251] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [194:15741] +:OUTPUT ACCEPT [58:4728] +[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP +[22:2172] -A INPUT -i lo -j ACCEPT [0:0] -A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT -[78:7646] -A INPUT -i lo -j ACCEPT -[0:0] -A INPUT -s 127.0.0.0/8 -i eth0 -j DROP -[0:0] -A INPUT -s 10.0.0.0/8 -i eth0 -j DROP -[0:0] -A INPUT -s 172.16.0.0/12 -i eth0 -j DROP -[0:0] -A INPUT -s 192.168.0.0/16 -i eth0 -j DROP -[0:0] -A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT -[0:0] -A INPUT -s 5.101.171.208/28 -j ACCEPT -[38:4676] -A INPUT -s 185.176.90.169/32 -j ACCEPT -[0:0] -A INPUT -s 172.236.16.105/32 -j ACCEPT -[0:0] -A INPUT -s 82.33.87.103/32 -j ACCEPT +[0:0] -A INPUT -s 5.101.171.208/28 -i eth0 -j ACCEPT +[11:1336] -A INPUT -s 185.176.90.169/32 -i eth0 -j ACCEPT +[0:0] -A INPUT -s 172.236.16.105/32 -i eth0 -j ACCEPT +[0:0] -A INPUT -s 82.33.87.103/32 -i eth0 -j ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -[1:48] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT +[6:408] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT -[1:60] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT +[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT +[0:0] -A INPUT -p tcp -m tcp --dport 25480 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT COMMIT -# Completed on Sat Sep 13 12:24:23 2025 +# Completed on Sat Sep 13 13:17:54 2025 diff --git a/etc/iptables/rules6-save b/etc/iptables/rules6-save index c952765..8a81b6a 100644 --- a/etc/iptables/rules6-save +++ b/etc/iptables/rules6-save @@ -1,15 +1,14 @@ -# Generated by ip6tables-save v1.8.11 (nf_tables) on Sat Sep 13 12:21:18 2025 +# Generated by ip6tables-save v1.8.11 (nf_tables) on Sat Sep 13 13:18:04 2025 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] [0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP [0:0] -A INPUT -i lo -j ACCEPT -[0:0] -A INPUT -s ::1/128 -i eth0 -j DROP -[0:0] -A INPUT -s 2a01:a500:2981:1::/64 -j ACCEPT -[0:0] -A INPUT -s 2a07:4580:b0d:57f::169/128 -j ACCEPT -[0:0] -A INPUT -s 2600:3c13::2000:50ff:fef4:7f56/128 -j ACCEPT -[0:0] -A INPUT -s 2001:470:1f1d:58::/64 -j ACCEPT +[0:0] -A INPUT -s 2a01:a500:2981:1::/64 -i eth0 -j ACCEPT +[0:0] -A INPUT -s 2a07:4580:b0d:57f::169/128 -i eth0 -j ACCEPT +[0:0] -A INPUT -s 2600:3c13::2000:50ff:fef4:7f56/128 -i eth0 -j ACCEPT +[0:0] -A INPUT -s 2001:470:1f1d:58::/64 -i eth0 -j ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT [0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT @@ -22,4 +21,4 @@ [0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT COMMIT -# Completed on Sat Sep 13 12:21:18 2025 +# Completed on Sat Sep 13 13:18:04 2025 From 56db24e107594238bc43f69abac4cc1f8f5e6dc4 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 13 Sep 2025 13:21:45 +0000 Subject: [PATCH 4/8] .gitignore update. --- .gitattributesdb | 2 +- etc/runlevels/boot/.gitignore | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitattributesdb b/.gitattributesdb index fa50b57..1c4ae64 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -30,7 +30,7 @@ ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757 ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2Itd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - - ZXRjL3BrZ2xpc3Q= 1757609913 1757609913 root:root 0644 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - -ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757598667 1757598667 root:root 0644 - - +ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0Ly5naXRpZ25vcmU= 1757598703 1757598703 root:root 0644 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L2FwYWNoZTI= 1757708520 1757708520 root:root 0777 - - diff --git a/etc/runlevels/boot/.gitignore b/etc/runlevels/boot/.gitignore index a18df18..23e40be 100644 --- a/etc/runlevels/boot/.gitignore +++ b/etc/runlevels/boot/.gitignore @@ -1 +1,2 @@ +/bootmisc /devfs From 73faf4987aba98eb40159f9ae3a5a698fb824093 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 13 Sep 2025 13:32:09 +0000 Subject: [PATCH 5/8] Hook iptables save/restore into the init system. --- .gitattributesdb | 4 ++++ etc/runlevels/default/ip6tables | 1 + etc/runlevels/default/iptables | 1 + etc/runlevels/shutdown/ip6tables | 1 + etc/runlevels/shutdown/iptables | 1 + 5 files changed, 8 insertions(+) create mode 120000 etc/runlevels/default/ip6tables create mode 120000 etc/runlevels/default/iptables create mode 120000 etc/runlevels/shutdown/ip6tables create mode 120000 etc/runlevels/shutdown/iptables diff --git a/.gitattributesdb b/.gitattributesdb index 1c4ae64..3304970 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -34,10 +34,14 @@ ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0Ly5naXRpZ25vcmU= 1757598703 1757598703 root:root 0644 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L2FwYWNoZTI= 1757708520 1757708520 root:root 0777 - - +ZXRjL3J1bmxldmVscy9kZWZhdWx0L2lwNnRhYmxlcw== 1757770233 1757770233 root:root 0777 - - +ZXRjL3J1bmxldmVscy9kZWZhdWx0L2lwdGFibGVz 1757770222 1757770222 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L25vZGUtZXhwb3J0ZXI= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3BocC1mcG04Mw== 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NhbWJh 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NzaGQ= 1757708520 1757708520 root:root 0777 - - +ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcDZ0YWJsZXM= 1757770292 1757770292 root:root 0777 - - +ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcHRhYmxlcw== 1757770284 1757770284 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9zYW1iYQ== 1757708520 1757708520 root:root 0777 - - ZXRjL3NoYWRvdy5ncGc= 1757599010 1757599010 root:root 0644 - - ZXRjL3NzaC8uZ2l0aWdub3Jl 1757606957 1757606957 root:root 0644 - - diff --git a/etc/runlevels/default/ip6tables b/etc/runlevels/default/ip6tables new file mode 120000 index 0000000..43919ca --- /dev/null +++ b/etc/runlevels/default/ip6tables @@ -0,0 +1 @@ +/etc/init.d/ip6tables \ No newline at end of file diff --git a/etc/runlevels/default/iptables b/etc/runlevels/default/iptables new file mode 120000 index 0000000..b4acbcb --- /dev/null +++ b/etc/runlevels/default/iptables @@ -0,0 +1 @@ +/etc/init.d/iptables \ No newline at end of file diff --git a/etc/runlevels/shutdown/ip6tables b/etc/runlevels/shutdown/ip6tables new file mode 120000 index 0000000..43919ca --- /dev/null +++ b/etc/runlevels/shutdown/ip6tables @@ -0,0 +1 @@ +/etc/init.d/ip6tables \ No newline at end of file diff --git a/etc/runlevels/shutdown/iptables b/etc/runlevels/shutdown/iptables new file mode 120000 index 0000000..b4acbcb --- /dev/null +++ b/etc/runlevels/shutdown/iptables @@ -0,0 +1 @@ +/etc/init.d/iptables \ No newline at end of file From d32e4f3e2f996dab79665ff5d8ac15d9c302441b Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 13 Sep 2025 14:05:26 +0000 Subject: [PATCH 6/8] Configure and enable terraform-http-backend. --- .gitattributesdb | 5 +++-- etc/conf.d/terraform-http-backend | 13 +++++++------ etc/passwd | 2 +- etc/runlevels/default/terraform-http-backend | 1 + 4 files changed, 12 insertions(+), 9 deletions(-) create mode 120000 etc/runlevels/default/terraform-http-backend diff --git a/.gitattributesdb b/.gitattributesdb index 3304970..ed9621d 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -13,7 +13,7 @@ ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - - ZXRjL2NvbmYuZC9zYW1iYQ== 1757592912 1757592912 root:root 0644 - - ZXRjL2NvbmYuZC9zc2hk 1757593051 1757593051 root:root 0644 - - -ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757768175 1757595391 root:root 0644 - - +ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757771663 1757595391 root:root 0644 - - ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - - ZXRjL2dyb3Vw 1757761113 1757594224 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - @@ -24,7 +24,7 @@ ZXRjL2xvY2FsLmQvLmdpdGlnbm9yZQ== 1757595481 1757595481 root:root 0644 - - ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1757759982 1757596330 root:root 0644 - - -ZXRjL3Bhc3N3ZA== 1757761151 1757594202 root:root 0644 - - +ZXRjL3Bhc3N3ZA== 1757771794 1757594202 root:root 0644 - - ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItZGVoeWRyYXRlZA== 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2Itd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - - @@ -40,6 +40,7 @@ ZXRjL3J1bmxldmVscy9kZWZhdWx0L25vZGUtZXhwb3J0ZXI= 1757708520 1757708520 root:root ZXRjL3J1bmxldmVscy9kZWZhdWx0L3BocC1mcG04Mw== 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NhbWJh 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NzaGQ= 1757708520 1757708520 root:root 0777 - - +ZXRjL3J1bmxldmVscy9kZWZhdWx0L3RlcnJhZm9ybS1odHRwLWJhY2tlbmQ= 1757772274 1757772274 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcDZ0YWJsZXM= 1757770292 1757770292 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcHRhYmxlcw== 1757770284 1757770284 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9zYW1iYQ== 1757708520 1757708520 root:root 0777 - - diff --git a/etc/conf.d/terraform-http-backend b/etc/conf.d/terraform-http-backend index 958b368..baaa68b 100644 --- a/etc/conf.d/terraform-http-backend +++ b/etc/conf.d/terraform-http-backend @@ -1,6 +1,7 @@ -export TF_STORAGE_DIR=/var/lib/terraform-http-backend -export TF_AUTH_ENABLED=true -export TF_USERNAME=sysadmin -export TF_PASSWORD=sunsa -export TF_PORT=9200 -export TF_IP=127.0.0.1 +export TF_USER="thb" +export TF_IP="5.101.171.215" +export TF_PORT="25480" +export TF_STORAGE_DIR="/var/lib/terraform-http-backend" +export TF_AUTH_ENABLED="true" +export TF_USERNAME="sysadmin" +export TF_PASSWORD="sunsa" diff --git a/etc/passwd b/etc/passwd index 63db282..80c1de9 100644 --- a/etc/passwd +++ b/etc/passwd @@ -18,5 +18,5 @@ nobody:x:65534:65534:nobody:/:/sbin/nologin klogd:x:100:101:klogd:/dev/null:/sbin/nologin apache:x:101:102:apache:/var/www:/sbin/nologin prometheus:x:102:103:prometheus:/var/lib/prometheus:/sbin/nologin -thb:x:500:500:terraform http backend:/var/lib/terraform-http-backend:/sbin/nologin +thb:x:500:500:terraform http backend:/var/lib/terraform-http-backend:/bin/bash sysadmin:x:1000:100:Systems' Administrator:/home/sysadmin:/bin/bash diff --git a/etc/runlevels/default/terraform-http-backend b/etc/runlevels/default/terraform-http-backend new file mode 120000 index 0000000..c9b8bcc --- /dev/null +++ b/etc/runlevels/default/terraform-http-backend @@ -0,0 +1 @@ +/etc/init.d/terraform-http-backend \ No newline at end of file From 0d0feca27fad2d7dbd7428dcbe40f34ba03bbc30 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 13 Sep 2025 18:51:24 +0000 Subject: [PATCH 7/8] Apache configuration. --- .gitattributesdb | 12 +- .gitignore | 2 +- etc/apache2/.gitignore | 3 + etc/apache2/httpd.conf | 229 ++++++++++++++++++ .../sites.d/core.slackware.uk.net.conf | 26 ++ srv/dehydrated/.gitkeepdir | 0 6 files changed, 267 insertions(+), 5 deletions(-) create mode 100644 etc/apache2/.gitignore create mode 100644 etc/apache2/httpd.conf create mode 100644 etc/apache2/sites.d/core.slackware.uk.net.conf create mode 100644 srv/dehydrated/.gitkeepdir diff --git a/.gitattributesdb b/.gitattributesdb index ed9621d..0e46bf9 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -5,9 +5,12 @@ LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1757608819 1757608819 root:root 0755 - - LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - - -LmdpdGlnbm9yZQ== 1757761402 1757593248 root:root 0644 - - +LmdpdGlnbm9yZQ== 1757789404 1757593248 root:root 0644 - - LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - - ZXRjLy5naXRpZ25vcmU= 1757611781 1757611781 root:root 0644 - - +ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - - +ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1757785734 1757785514 root:root 0644 - - +ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1757786703 1757785113 root:root 0644 - - ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1757609410 1757609410 root:root 0644 - - ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - - @@ -18,8 +21,8 @@ ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - - ZXRjL2dyb3Vw 1757761113 1757594224 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - - -ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757769474 1757769474 root:root 0600 - - -ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757769484 1757769484 root:root 0600 - - +ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757789154 1757789154 root:root 0600 - - +ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757789154 1757789154 root:root 0600 - - ZXRjL2xvY2FsLmQvLmdpdGlnbm9yZQ== 1757595481 1757595481 root:root 0644 - - ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - @@ -74,6 +77,7 @@ cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 064 cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - - cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - - +c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= 1757776960 1757776960 root:root 0644 - - ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - - ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - - ZXRjL3NoYWRvdw== 1757761290 1757702629 root:shadow 0640 - - @@ -81,4 +85,4 @@ ZXRjL3NoYWRvdy0= 1757702585 1757702585 root:shadow 0640 - - ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - -aG9tZS9zeXNhZG1pbg== 1757764049 1757761412 sysadmin:users 0711 - - +aG9tZS9zeXNhZG1pbg== 1757788654 1757761412 sysadmin:users 0711 - - diff --git a/.gitignore b/.gitignore index 4d867b3..e4b9028 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ .*.swp /bin/ +/data/ /dev/ /lib/ /media/ @@ -11,7 +12,6 @@ /proc/ /run/ /sbin/ -/srv/ /sys/ /tmp/ /usr/ diff --git a/etc/apache2/.gitignore b/etc/apache2/.gitignore new file mode 100644 index 0000000..8c71b61 --- /dev/null +++ b/etc/apache2/.gitignore @@ -0,0 +1,3 @@ +/conf.d/ +/magic +/mime.types diff --git a/etc/apache2/httpd.conf b/etc/apache2/httpd.conf new file mode 100644 index 0000000..0635e0c --- /dev/null +++ b/etc/apache2/httpd.conf @@ -0,0 +1,229 @@ +# These modules are required for the basic configuration directives used in this file. +# They *must* be loaded to use this configuration with httpd. +LoadModule alias_module /usr/lib/apache2/mod_alias.so +LoadModule allowmethods_module /usr/lib/apache2/mod_allowmethods.so +LoadModule authz_host_module /usr/lib/apache2/mod_authz_host.so +LoadModule dir_module /usr/lib/apache2/mod_dir.so +LoadModule log_config_module /usr/lib/apache2/mod_log_config.so +LoadModule mime_module /usr/lib/apache2/mod_mime.so +LoadModule mime_magic_module /usr/lib/apache2/mod_mime_magic.so +LoadModule mpm_event_module /usr/lib/apache2/mod_mpm_event.so +LoadModule setenvif_module /usr/lib/apache2/mod_setenvif.so +LoadModule unixd_module /usr/lib/apache2/mod_unixd.so + +# HTTP2. +LoadModule http2_module /usr/lib/apache2/mod_http2.so + +# SSL. +#LoadModule ssl_module /usr/lib/apache2/mod_ssl.so +#LoadModule socache_shmcb_module /usr/lib/apache2/mod_socache_shmcb.so + +# SSI. +LoadModule include_module /usr/lib/apache2/mod_include.so + +# CGI. +LoadModule cgid_module /usr/lib/apache2/mod_cgid.so + +# FastCGI access to php-fpm. +LoadModule proxy_module /usr/lib/apache2/mod_proxy.so +LoadModule proxy_fcgi_module /usr/lib/apache2/mod_proxy_fcgi.so + +# Re-writing. +LoadModule rewrite_module /usr/lib/apache2/mod_rewrite.so + +# Authenticated access to locations. +LoadModule auth_basic_module /usr/lib/apache2/mod_auth_basic.so +LoadModule authn_core_module /usr/lib/apache2/mod_authn_core.so +LoadModule authn_file_module /usr/lib/apache2/mod_authn_file.so +LoadModule authz_core_module /usr/lib/apache2/mod_authz_core.so +LoadModule authz_user_module /usr/lib/apache2/mod_authz_user.so + +# Proxying. +# +# LoadModule proxy_module /usr/lib/apache2/mod_proxy.so +# +#LoadModule proxy_http_module /usr/lib/apache2/mod_proxy_http.so + +# Server status. +#LoadModule status_module /usr/lib/apache2/mod_status.so + + +# IP addresses and ports to listen on. +Listen 5.101.171.215:80 +Listen [2a01:a500:2981:1::d7]:80 + + Listen 5.101.171.215:25443 + Listen [2a01:a500:2981:1::d7]:25443 + + + +# Main server configuration. +# Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts. +DocumentRoot /var/empty +ServerAdmin "sysadmin(at)slackware.uk" +ServerName core.slackware.uk.net +ServerSignature Email +ServerTokens Major +User apache +Group apache +DefaultRuntimeDir /run/apache2 +Mutex pthread +ScriptSock cgid.sock + + +# Logging. +LogFormat "%h %l %u %t \"%r\" %>s %b" Common +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" Combined +LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" VHostCombined +CustomLog "|/usr/bin/logger -p local1.info -t httpd" VHostCombined env=!no_log +#LogLevel warn allowmethods:crit authz_core:crit include:crit ssl:crit +LogLevel warn allowmethods:crit authz_core:crit include:crit +ErrorLog syslog:local0 + + +# Resource limits for event MPM. +ThreadLimit 50 +ThreadsPerChild 10 +MaxRequestWorkers 20 +MinSpareThreads 2 +MaxSpareThreads 10 +MaxConnectionsPerChild 10000 + + +# Timeouts. +TimeOut 30 +GracefulShutDownTimeout 1 + + +# Browser handling. +BrowserMatch "MSIE [2-5]" nokeepalive downgrade-1.0 force-response-1.0 + + +# HTTP2. + + Protocols h2 h2c http/1.1 + + + +# SSL configuration. + + SSLCipherSuite HIGH:!SSLv3:!TLS1:!aNULL:!MD5 + SSLHonorCipherOrder On + SSLOptions +FakeBasicAuth + SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 + SSLRandomSeed startup file:/dev/urandom 512 + SSLRandomSeed connect builtin + SSLSessionCache "shmcb:/run/apache2/ssl_session_cache(512000)" + SSLSessionTickets Off + BrowserMatch "MSIE [2-5]" ssl-unclean-shutdown + + + +# Filters and Handlers. + + AddOutputFilter INCLUDES .shtml .html + +#This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs. ExecCGI is required in Options for the dir. +# +# AddHandler cgi-script .cgi .pl .py .sh +# +#For type maps (negotiated resources). +# +# AddHandler type-map .var +# + + +# Mime type mappings. +TypesConfig /etc/apache2/mime.types +AddType application/x-bzip2 .bz2 .tbz +AddType application/x-compress .z .tz +AddType application/x-gzip .gz .tgz +AddType text/html .shtml +AddType text/plain .bld .csh .diff .ksh .md5 .meta .patch .pl .pm .py .rb .sh .sha1 .slackbuild .tcl .tm .url +AddType application/octet-stream .deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz +AddType application/x-x509-user-cert .crt +AddType application/pkcs8 .key +AddType application/pkcs10 .csr +AddType application/pkix-crl .crl +AddType application/x-pem-file .pem +AddType application/x-atari-8bit-executable .xex +MimeMagicFile /etc/apache2/magic + + +# Lets Encrypt validation. + + Alias /.well-known/acme-challenge/ /srv/dehydrated/ + + + +# Access control. + + Require all denied + + + + Options SymLinksIfOwnerMatch + AllowOverride None + Require all denied + + + + Options None + AllowOverride None + Require all granted + + + + Options None + AllowOverride None + Require all granted + + + + Options Includes MultiViews SymLinksIfOwnerMatch + AllowOverride AuthConfig FileInfo Indexes Limit + + Require all granted + + AllowMethods GET POST OPTIONS + + DirectoryIndex index.html + + DirectoryIndex index.shtml + + + + + SSLOptions +StdEnvVars + + + + + DirectoryIndex index.php index.phtml + + + SetHandler proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/ + + + + + + + Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch + AllowOverride AuthConfig FileInfo Limit + + Require all granted + + AllowMethods GET POST OPTIONS + + DirectoryIndex disabled + + + SSLOptions +StdEnvVars + + + + + +# Include extra configurations. +IncludeOptional /etc/apache2/sites.d/*.conf diff --git a/etc/apache2/sites.d/core.slackware.uk.net.conf b/etc/apache2/sites.d/core.slackware.uk.net.conf new file mode 100644 index 0000000..e1861da --- /dev/null +++ b/etc/apache2/sites.d/core.slackware.uk.net.conf @@ -0,0 +1,26 @@ + + ServerName core.slackware.uk.net + + SetEnvIf REQUEST_URI ^/robots\.txt$ no_log + SetEnvIf REQUEST_URI ^/favicon\.ico$ no_log + SetEnvIf REQUEST_URI ^/\.well-known/.*$ no_log + + RedirectMatch 403 ^/(?!(\.well-known|httpd-errordocs)/)(.*) + + + + + ServerName core.slackware.uk.net + + SSLCertificateFile /etc/certificates/core.slackware.uk.net-cert.pem + SSLCertificateKeyFile /etc/certificates/core.slackware.uk.net-key.pem + SSLCertificateChainFile /etc/certificates/core.slackware.uk.net-chain.pem + + SetEnvIf REQUEST_URI ^/robots\.txt$ no_log + SetEnvIf REQUEST_URI ^/favicon\.ico$ no_log + + ScriptAlias /cgi-bin/ /data/sites/core.slackware.uk.net/cgi-bin/ + + DocumentRoot /data/sites/core.slackware.uk.net/html + + diff --git a/srv/dehydrated/.gitkeepdir b/srv/dehydrated/.gitkeepdir new file mode 100644 index 0000000..e69de29 From a1c699b1c2c4837b24b325661b072a3f0bcbf045 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 13 Sep 2025 18:51:47 +0000 Subject: [PATCH 8/8] Update firewall rules. --- etc/iptables/rules-save | 15 ++++++++------- etc/iptables/rules6-save | 5 +++-- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/etc/iptables/rules-save b/etc/iptables/rules-save index cb2676b..398618b 100644 --- a/etc/iptables/rules-save +++ b/etc/iptables/rules-save @@ -1,23 +1,24 @@ -# Generated by iptables-save v1.8.11 (nf_tables) on Sat Sep 13 13:17:54 2025 +# Generated by iptables-save v1.8.11 (nf_tables) on Sat Sep 13 18:45:54 2025 *filter -:INPUT DROP [6:251] +:INPUT DROP [6:240] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [58:4728] +:OUTPUT ACCEPT [27:2250] [0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP -[22:2172] -A INPUT -i lo -j ACCEPT +[12:1176] -A INPUT -i lo -j ACCEPT [0:0] -A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT [0:0] -A INPUT -s 5.101.171.208/28 -i eth0 -j ACCEPT -[11:1336] -A INPUT -s 185.176.90.169/32 -i eth0 -j ACCEPT +[6:707] -A INPUT -s 185.176.90.169/32 -i eth0 -j ACCEPT [0:0] -A INPUT -s 172.236.16.105/32 -i eth0 -j ACCEPT [0:0] -A INPUT -s 82.33.87.103/32 -i eth0 -j ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -[6:408] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT +[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT [0:0] -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT +[0:0] -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 25480 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT COMMIT -# Completed on Sat Sep 13 13:17:54 2025 +# Completed on Sat Sep 13 18:45:54 2025 diff --git a/etc/iptables/rules6-save b/etc/iptables/rules6-save index 8a81b6a..f9c40e8 100644 --- a/etc/iptables/rules6-save +++ b/etc/iptables/rules6-save @@ -1,4 +1,4 @@ -# Generated by ip6tables-save v1.8.11 (nf_tables) on Sat Sep 13 13:18:04 2025 +# Generated by ip6tables-save v1.8.11 (nf_tables) on Sat Sep 13 18:45:54 2025 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] @@ -19,6 +19,7 @@ [0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT [0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT +[0:0] -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT COMMIT -# Completed on Sat Sep 13 13:18:04 2025 +# Completed on Sat Sep 13 18:45:54 2025