Update firewall rules.

.gitattributesdb

@@ -5,37 +5,47 @@ LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1757608819 1757608819 root:root 0755 - -
 LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757519106 1757519106 root:root 0755 - -
 LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - -
 LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - -
-LmdpdGlnbm9yZQ== 1757761402 1757593248 root:root 0644 - -
+LmdpdGlnbm9yZQ== 1757789404 1757593248 root:root 0644 - -
 LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - -
 ZXRjLy5naXRpZ25vcmU= 1757611781 1757611781 root:root 0644 - -
+ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - -
+ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1757785734 1757785514 root:root 0644 - -
+ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1757786703 1757785113 root:root 0644 - -
 ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1757609410 1757609410 root:root 0644 - -
 ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - -
 ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - -
 ZXRjL2NvbmYuZC9zYW1iYQ== 1757592912 1757592912 root:root 0644 - -
 ZXRjL2NvbmYuZC9zc2hk 1757593051 1757593051 root:root 0644 - -
-ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757595391 1757595391 root:root 0644 - -
+ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757771663 1757595391 root:root 0644 - -
 ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - -
 ZXRjL2dyb3Vw 1757761113 1757594224 root:root 0644 - -
 ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - -
 ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - -
+ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757789154 1757789154 root:root 0600 - -
+ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757789154 1757789154 root:root 0600 - -
 ZXRjL2xvY2FsLmQvLmdpdGlnbm9yZQ== 1757595481 1757595481 root:root 0644 - -
 ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - -
 ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - -
 ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1757759982 1757596330 root:root 0644 - -
-ZXRjL3Bhc3N3ZA== 1757761151 1757594202 root:root 0644 - -
+ZXRjL3Bhc3N3ZA== 1757771794 1757594202 root:root 0644 - -
 ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItZGVoeWRyYXRlZA== 1757708520 1757708520 root:root 0777 - -
 ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - -
 ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2Itd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - -
 ZXRjL3BrZ2xpc3Q= 1757609913 1757609913 root:root 0644 - -
 ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - -
-ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757598667 1757598667 root:root 0644 - -
+ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - -
 ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0Ly5naXRpZ25vcmU= 1757598703 1757598703 root:root 0644 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0L2FwYWNoZTI= 1757708520 1757708520 root:root 0777 - -
+ZXRjL3J1bmxldmVscy9kZWZhdWx0L2lwNnRhYmxlcw== 1757770233 1757770233 root:root 0777 - -
+ZXRjL3J1bmxldmVscy9kZWZhdWx0L2lwdGFibGVz 1757770222 1757770222 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0L25vZGUtZXhwb3J0ZXI= 1757708520 1757708520 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0L3BocC1mcG04Mw== 1757708520 1757708520 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NhbWJh 1757708520 1757708520 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NzaGQ= 1757708520 1757708520 root:root 0777 - -
+ZXRjL3J1bmxldmVscy9kZWZhdWx0L3RlcnJhZm9ybS1odHRwLWJhY2tlbmQ= 1757772274 1757772274 root:root 0777 - -
+ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcDZ0YWJsZXM= 1757770292 1757770292 root:root 0777 - -
+ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcHRhYmxlcw== 1757770284 1757770284 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9zYW1iYQ== 1757708520 1757708520 root:root 0777 - -
 ZXRjL3NoYWRvdy5ncGc= 1757599010 1757599010 root:root 0644 - -
 ZXRjL3NzaC8uZ2l0aWdub3Jl 1757606957 1757606957 root:root 0644 - -
@@ -46,7 +56,7 @@ ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - -
 aG9tZS8uZ2l0aWdub3Jl 1757762052 1757762052 root:root 0644 - -
 aG9tZS9zeXNhZG1pbi8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uYmFzaF9wcm9maWxl 1757584711 1757584711 sysadmin:users 0644 - -
-aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1757761708 1757586493 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1757764048 1757586493 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uZ2l0Y29uZmln 1757582738 1757582738 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uZ2l0aWdub3Jl 1757600312 1757600312 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 sysadmin:users 0644 - -
@@ -67,6 +77,7 @@ cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 064
 cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - -
 cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - -
 cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - -
+c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= 1757776960 1757776960 root:root 0644 - -
 ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - -
 ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - -
 ZXRjL3NoYWRvdw== 1757761290 1757702629 root:shadow 0640 - -
@@ -74,4 +85,4 @@ ZXRjL3NoYWRvdy0= 1757702585 1757702585 root:shadow 0640 - -
 ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - -
 ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - -
 ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - -
-aG9tZS9zeXNhZG1pbg== 1757761743 1757761412 sysadmin:users 0711 - -
+aG9tZS9zeXNhZG1pbg== 1757788654 1757761412 sysadmin:users 0711 - -

.gitignore

@@ -4,6 +4,7 @@
 .*.swp
 
 /bin/
+/data/
 /dev/
 /lib/
 /media/
@@ -11,7 +12,6 @@
 /proc/
 /run/
 /sbin/
-/srv/
 /sys/
 /tmp/
 /usr/

etc/apache2/.gitignore

@@ -0,0 +1,3 @@
+/conf.d/
+/magic
+/mime.types

etc/apache2/httpd.conf

@@ -0,0 +1,229 @@
+# These modules are required for the basic configuration directives used in this file.
+# They *must* be loaded to use this configuration with httpd.
+LoadModule	alias_module		/usr/lib/apache2/mod_alias.so
+LoadModule	allowmethods_module	/usr/lib/apache2/mod_allowmethods.so
+LoadModule	authz_host_module	/usr/lib/apache2/mod_authz_host.so
+LoadModule	dir_module		/usr/lib/apache2/mod_dir.so
+LoadModule	log_config_module	/usr/lib/apache2/mod_log_config.so
+LoadModule	mime_module		/usr/lib/apache2/mod_mime.so
+LoadModule	mime_magic_module	/usr/lib/apache2/mod_mime_magic.so
+LoadModule	mpm_event_module	/usr/lib/apache2/mod_mpm_event.so
+LoadModule	setenvif_module		/usr/lib/apache2/mod_setenvif.so
+LoadModule	unixd_module		/usr/lib/apache2/mod_unixd.so
+
+# HTTP2.
+LoadModule	http2_module		/usr/lib/apache2/mod_http2.so
+
+# SSL.
+#LoadModule	ssl_module		/usr/lib/apache2/mod_ssl.so
+#LoadModule	socache_shmcb_module	/usr/lib/apache2/mod_socache_shmcb.so
+
+# SSI.
+LoadModule	include_module		/usr/lib/apache2/mod_include.so
+
+# CGI.
+LoadModule	cgid_module		/usr/lib/apache2/mod_cgid.so
+
+# FastCGI access to php-fpm.
+LoadModule	proxy_module		/usr/lib/apache2/mod_proxy.so
+LoadModule	proxy_fcgi_module	/usr/lib/apache2/mod_proxy_fcgi.so
+
+# Re-writing.
+LoadModule	rewrite_module		/usr/lib/apache2/mod_rewrite.so
+
+# Authenticated access to locations.
+LoadModule	auth_basic_module	/usr/lib/apache2/mod_auth_basic.so
+LoadModule	authn_core_module	/usr/lib/apache2/mod_authn_core.so
+LoadModule	authn_file_module	/usr/lib/apache2/mod_authn_file.so
+LoadModule	authz_core_module	/usr/lib/apache2/mod_authz_core.so
+LoadModule	authz_user_module	/usr/lib/apache2/mod_authz_user.so
+
+# Proxying.
+#<IfModule !proxy_module>
+#  LoadModule	proxy_module		/usr/lib/apache2/mod_proxy.so
+#</IfModule>
+#LoadModule	proxy_http_module	/usr/lib/apache2/mod_proxy_http.so
+
+# Server status.
+#LoadModule	status_module		/usr/lib/apache2/mod_status.so
+
+
+# IP addresses and ports to listen on.
+Listen				5.101.171.215:80
+Listen				[2a01:a500:2981:1::d7]:80
+<IfModule ssl_module>
+  Listen			5.101.171.215:25443
+  Listen			[2a01:a500:2981:1::d7]:25443
+</IfModule>
+
+
+# Main server configuration.
+# Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts.
+DocumentRoot			/var/empty
+ServerAdmin			"sysadmin(at)slackware.uk"
+ServerName			core.slackware.uk.net
+ServerSignature			Email
+ServerTokens			Major
+User				apache
+Group				apache
+DefaultRuntimeDir		/run/apache2
+Mutex				pthread
+ScriptSock			cgid.sock
+
+
+# Logging.
+LogFormat	"%h %l %u %t \"%r\" %>s %b"						Common
+LogFormat	"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""		Combined
+LogFormat	"%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""	VHostCombined
+CustomLog	"|/usr/bin/logger -p local1.info -t httpd"				VHostCombined		env=!no_log
+#LogLevel	warn allowmethods:crit authz_core:crit include:crit ssl:crit
+LogLevel	warn allowmethods:crit authz_core:crit include:crit
+ErrorLog	syslog:local0
+
+
+# Resource limits for event MPM.
+ThreadLimit			50
+ThreadsPerChild			10
+MaxRequestWorkers		20
+MinSpareThreads			2
+MaxSpareThreads			10
+MaxConnectionsPerChild		10000
+
+
+# Timeouts.
+TimeOut				30
+GracefulShutDownTimeout		1
+
+
+# Browser handling.
+BrowserMatch			"MSIE [2-5]"	nokeepalive downgrade-1.0 force-response-1.0
+
+
+# HTTP2.
+<IfModule http2_module>
+  Protocols			h2 h2c http/1.1
+</IfModule>
+
+
+# SSL configuration.
+<IfModule ssl_module>
+  SSLCipherSuite		HIGH:!SSLv3:!TLS1:!aNULL:!MD5
+  SSLHonorCipherOrder		On
+  SSLOptions			+FakeBasicAuth
+  SSLProtocol			all -SSLv3 -TLSv1 -TLSv1.1
+  SSLRandomSeed			startup		file:/dev/urandom	512
+  SSLRandomSeed			connect		builtin
+  SSLSessionCache		"shmcb:/run/apache2/ssl_session_cache(512000)"
+  SSLSessionTickets		Off
+  BrowserMatch			"MSIE [2-5]"	ssl-unclean-shutdown
+</IfModule>
+
+
+# Filters and Handlers.
+<IfModule include_module>
+  AddOutputFilter	INCLUDES	.shtml .html
+</IfModule>
+#This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs.  ExecCGI is required in Options for the dir.
+#<IfModule cgid_module>
+#  AddHandler	cgi-script		.cgi .pl .py .sh
+#</IfModule>
+#For type maps (negotiated resources).
+#<IfModule negotiation_module>
+#  AddHandler	type-map		.var
+#</IfModule>
+
+
+# Mime type mappings.
+TypesConfig	/etc/apache2/mime.types
+AddType		application/x-bzip2			.bz2 .tbz
+AddType		application/x-compress			.z .tz
+AddType		application/x-gzip			.gz .tgz
+AddType		text/html				.shtml
+AddType		text/plain				.bld .csh .diff .ksh .md5 .meta .patch .pl .pm .py .rb .sh .sha1 .slackbuild .tcl .tm .url
+AddType		application/octet-stream		.deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz
+AddType		application/x-x509-user-cert		.crt
+AddType		application/pkcs8			.key
+AddType		application/pkcs10			.csr
+AddType		application/pkix-crl			.crl
+AddType		application/x-pem-file			.pem
+AddType		application/x-atari-8bit-executable	.xex
+MimeMagicFile	/etc/apache2/magic
+
+
+# Lets Encrypt validation.
+<IfModule ssl_module>
+  Alias		/.well-known/acme-challenge/		/srv/dehydrated/
+</IfModule>
+
+
+# Access control.
+<FilesMatch ^\.ht.*>
+  Require		all denied
+</FilesMatch>
+
+<Directory />
+  Options		SymLinksIfOwnerMatch
+  AllowOverride		None
+  Require		all denied
+</Directory>
+
+<Directory /var/empty>
+  Options		None
+  AllowOverride		None
+  Require		all granted
+</Directory>
+
+<Directory /srv/dehydrated>
+  Options		None
+  AllowOverride		None
+  Require		all granted
+</Directory>
+
+<Directory /srv/www/*/html>
+  Options		Includes MultiViews SymLinksIfOwnerMatch
+  AllowOverride		AuthConfig FileInfo Indexes Limit
+
+  Require		all granted
+
+  AllowMethods		GET POST OPTIONS
+
+  DirectoryIndex	index.html
+  <IfModule include_module>
+    DirectoryIndex	index.shtml
+  </IfModule>
+
+  <IfModule ssl_module>
+    <FilesMatch "\.(shtml|php)$">
+      SSLOptions	+StdEnvVars
+    </FilesMatch>
+  </IfModule>
+
+  <IfModule proxy_fcgi_module>
+    DirectoryIndex	index.php index.phtml
+
+    <If "-f %{REQUEST_FILENAME} && %{REQUEST_URI} =~ /.+\.ph(ar|p|tml)$/">
+      SetHandler	proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/
+    </If>
+  </IfModule>
+</Directory>
+
+<IfModule cgid_module>
+  <Directory /srv/www/*/cgi-bin>
+    Options		ExecCGI Includes MultiViews SymLinksIfOwnerMatch
+    AllowOverride	AuthConfig FileInfo Limit
+
+    Require		all granted
+
+    AllowMethods	GET POST OPTIONS
+
+    DirectoryIndex	disabled
+
+    <IfModule ssl_module>
+      SSLOptions	+StdEnvVars
+    </IfModule>
+  </Directory>
+</IfModule>
+
+
+# Include extra configurations.
+IncludeOptional		/etc/apache2/sites.d/*.conf

etc/apache2/sites.d/core.slackware.uk.net.conf

@@ -0,0 +1,26 @@
+<VirtualHost 5.101.171.215:80 [2a01:a500:2981:1::d7]:80>
+  ServerName		core.slackware.uk.net
+
+  SetEnvIf		REQUEST_URI	^/robots\.txt$		no_log
+  SetEnvIf		REQUEST_URI	^/favicon\.ico$		no_log
+  SetEnvIf		REQUEST_URI	^/\.well-known/.*$	no_log
+
+  RedirectMatch		403		^/(?!(\.well-known|httpd-errordocs)/)(.*)
+</VirtualHost>
+
+<IfModule ssl_module>
+  <VirtualHost 5.101.171.215:443 [2a01:a500:2981:1::d7]:443>
+    ServerName			core.slackware.uk.net
+
+    SSLCertificateFile		/etc/certificates/core.slackware.uk.net-cert.pem
+    SSLCertificateKeyFile	/etc/certificates/core.slackware.uk.net-key.pem
+    SSLCertificateChainFile	/etc/certificates/core.slackware.uk.net-chain.pem
+
+    SetEnvIf			REQUEST_URI	^/robots\.txt$		no_log
+    SetEnvIf			REQUEST_URI	^/favicon\.ico$		no_log
+
+    ScriptAlias			/cgi-bin/	/data/sites/core.slackware.uk.net/cgi-bin/
+
+    DocumentRoot		/data/sites/core.slackware.uk.net/html
+  </VirtualHost>
+</IfModule>

etc/conf.d/terraform-http-backend

@@ -1,6 +1,7 @@
-export TF_STORAGE_DIR=/var/lib/terraform-http-backend
-export TF_AUTH_ENABLED=true
-export TF_USERNAME=sysadmin
-export TF_PASSWORD=sunsa
-export TF_PORT=9200
-export TF_IP=127.0.0.1
+export TF_USER="thb"
+export TF_IP="5.101.171.215"
+export TF_PORT="25480"
+export TF_STORAGE_DIR="/var/lib/terraform-http-backend"
+export TF_AUTH_ENABLED="true"
+export TF_USERNAME="sysadmin"
+export TF_PASSWORD="sunsa"

etc/iptables/rules-save

@@ -0,0 +1,24 @@
+# Generated by iptables-save v1.8.11 (nf_tables) on Sat Sep 13 18:45:54 2025
+*filter
+:INPUT DROP [6:240]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [27:2250]
+[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
+[12:1176] -A INPUT -i lo -j ACCEPT
+[0:0] -A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT
+[0:0] -A INPUT -s 5.101.171.208/28 -i eth0 -j ACCEPT
+[6:707] -A INPUT -s 185.176.90.169/32 -i eth0 -j ACCEPT
+[0:0] -A INPUT -s 172.236.16.105/32 -i eth0 -j ACCEPT
+[0:0] -A INPUT -s 82.33.87.103/32 -i eth0 -j ACCEPT
+[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+[0:0] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
+[0:0] -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
+[0:0] -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
+[0:0] -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
+[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
+[0:0] -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
+[0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
+[0:0] -A INPUT -p tcp -m tcp --dport 25480 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
+COMMIT
+# Completed on Sat Sep 13 18:45:54 2025

etc/iptables/rules6-save

@@ -0,0 +1,25 @@
+# Generated by ip6tables-save v1.8.11 (nf_tables) on Sat Sep 13 18:45:54 2025
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
+[0:0] -A INPUT -i lo -j ACCEPT
+[0:0] -A INPUT -s 2a01:a500:2981:1::/64 -i eth0 -j ACCEPT
+[0:0] -A INPUT -s 2a07:4580:b0d:57f::169/128 -i eth0 -j ACCEPT
+[0:0] -A INPUT -s 2600:3c13::2000:50ff:fef4:7f56/128 -i eth0 -j ACCEPT
+[0:0] -A INPUT -s 2001:470:1f1d:58::/64 -i eth0 -j ACCEPT
+[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT
+[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT
+[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT
+[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT
+[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
+[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
+[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
+[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
+[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
+[0:0] -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
+[0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
+COMMIT
+# Completed on Sat Sep 13 18:45:54 2025

etc/passwd

@@ -18,5 +18,5 @@ nobody:x:65534:65534:nobody:/:/sbin/nologin
 klogd:x:100:101:klogd:/dev/null:/sbin/nologin
 apache:x:101:102:apache:/var/www:/sbin/nologin
 prometheus:x:102:103:prometheus:/var/lib/prometheus:/sbin/nologin
-thb:x:500:500:terraform http backend:/var/lib/terraform-http-backend:/sbin/nologin
+thb:x:500:500:terraform http backend:/var/lib/terraform-http-backend:/bin/bash
 sysadmin:x:1000:100:Systems' Administrator:/home/sysadmin:/bin/bash

etc/runlevels/boot/.gitignore

@@ -1 +1,2 @@
+/bootmisc
 /devfs

etc/runlevels/default/ip6tables

@@ -0,0 +1 @@
+/etc/init.d/ip6tables

etc/runlevels/default/iptables

@@ -0,0 +1 @@
+/etc/init.d/iptables

etc/runlevels/default/terraform-http-backend

@@ -0,0 +1 @@
+/etc/init.d/terraform-http-backend

etc/runlevels/shutdown/ip6tables

@@ -0,0 +1 @@
+/etc/init.d/ip6tables

etc/runlevels/shutdown/iptables

@@ -0,0 +1 @@
+/etc/init.d/iptables

home/sysadmin/.bashrc

@@ -1,7 +1,7 @@
 #!/bin/bash - not strictly necessary, but helps nano with syntax highlighting.
 # Bash specific configuration.
 
-prompt_user_colour() {
+__prompt_user_colour() {
   # Determine the colour of the username in the prompt.
 
   if [[ "$(whoami)" == "root" ]]; then