various fixes, updates to hybrid config
Этот коммит содержится в:
родитель
3929aab88d
Коммит
00de079feb
|
@ -37,7 +37,7 @@ are provided in https://github.com/philoctetes409bc/docker-hybrid/host/README.md
|
|||
|
||||
### Build images
|
||||
```
|
||||
for x in $(ls -1 | grep hb_); do ─╯
|
||||
for x in $(ls -1 | grep hb_); do
|
||||
docker-compose -f $x/docker-compose.yml build;
|
||||
done
|
||||
```
|
||||
|
|
|
@ -2,4 +2,11 @@
|
|||
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <include/serverhide.conf>
|
||||
serverhide {
|
||||
disable_remote_commands = no;
|
||||
flatten_links = no;
|
||||
hidden = yes;
|
||||
hide_servers = no;
|
||||
hide_services = no;
|
||||
hide_server_ips = yes;
|
||||
};
|
||||
|
|
|
@ -5,17 +5,6 @@
|
|||
.include <hb_conf/include/auth.conf>
|
||||
|
||||
auth {
|
||||
spoof = "b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
user = "*@198.18.70.75";
|
||||
class = "bounce_oper";
|
||||
flags = need_ident, exceed_limit, kline_exempt,
|
||||
xline_exempt, resv_exempt, can_flood;
|
||||
user = "*@*";
|
||||
class = "general_users";
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
user = "*@198.18.70.34";
|
||||
class = "console_admin";
|
||||
flags = need_password, exceed_limit, kline_exempt,
|
||||
xline_exempt, resv_exempt, can_flood, no_tilde;
|
||||
};
|
|
@ -1,5 +1,5 @@
|
|||
/* Configuration example located at
|
||||
* https://gitgeneral.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <hb_conf/general.admin.conf>
|
||||
|
@ -25,7 +25,7 @@
|
|||
serverinfo {
|
||||
name = "g3n3r4l.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
sid = "11X";
|
||||
description = "n3tw3rk 1ns3cur1ty c0rp0r4t10n g3n3r4l 4cc3$$ s3rv3r";
|
||||
description = "n3tw3rk 1ns3cur1ty c0rp0r4t10n";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_description = "General-purpose internet relay chat network";
|
||||
hub = no;
|
||||
|
|
|
@ -1,28 +1,5 @@
|
|||
#.include <hb_conf/include/oper.conf>
|
||||
/* Configuration example located at
|
||||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
operator {
|
||||
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "bounce_oper";
|
||||
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden,
|
||||
invisible, external, debug, rej, skill, hideidle,
|
||||
wallop, expiration;
|
||||
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
|
||||
kline, module, rehash, restart, set, unkline, unxline, xline;
|
||||
};
|
||||
|
||||
operator {
|
||||
user = "*@c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "console_admin";
|
||||
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden,
|
||||
invisible, external, debug, rej, skill, hideidle,
|
||||
wallop, expiration;
|
||||
|
||||
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
|
||||
kline, module, rehash, restart, set, unkline, unxline, xline;
|
||||
};
|
||||
.include <hb_conf/include/oper.conf>
|
|
@ -2,4 +2,12 @@
|
|||
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <include/serverhide.conf>
|
||||
serverhide {
|
||||
disable_remote_commands = no;
|
||||
flatten_links = no;
|
||||
hidden = no;
|
||||
hide_servers = yes;
|
||||
hide_services = yes;
|
||||
hidden_name = "g3n3r4l.1ns3cur1ty.io";
|
||||
hide_server_ips = yes;
|
||||
};
|
||||
|
|
|
@ -2,8 +2,6 @@
|
|||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
#.include <hb_conf/include/oper.conf>
|
||||
|
||||
operator {
|
||||
name = "external_hub_operator";
|
||||
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
|
|
|
@ -2,4 +2,11 @@
|
|||
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <include/serverhide.conf>
|
||||
serverhide {
|
||||
disable_remote_commands = no;
|
||||
flatten_links = no;
|
||||
hidden = yes;
|
||||
hide_servers = no;
|
||||
hide_services = no;
|
||||
hide_server_ips = no;
|
||||
};
|
||||
|
|
|
@ -4,14 +4,14 @@
|
|||
|
||||
resv {
|
||||
mask = "&partyline";
|
||||
reason = "it's mine and you can't use it";
|
||||
reason = "It's mine and you can't use it";
|
||||
exempt = "*@b0unc3.*.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
exempt = "*@c0ns0l3.*.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
};
|
||||
|
||||
resv {
|
||||
mask = "#partyline";
|
||||
reason = "it's mine and you can't use it";
|
||||
reason = "It's mine and you can't use it";
|
||||
exempt = "*@b0unc3.*.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
exempt = "*@c0ns0l3.*.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
exempt = "*@0p3r.*.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* Configuration example located at
|
||||
* https://gitproxy-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <hb_conf/proxy-dmz.admin.conf>
|
||||
|
|
|
@ -1,28 +1,5 @@
|
|||
#.include <hb_conf/include/oper.conf>
|
||||
/* Configuration example located at
|
||||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
operator {
|
||||
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "bounce_oper";
|
||||
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden,
|
||||
invisible, external, debug, rej, skill, hideidle,
|
||||
wallop, expiration;
|
||||
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
|
||||
kline, module, rehash, restart, set, unkline, unxline, xline;
|
||||
};
|
||||
|
||||
operator {
|
||||
user = "*@c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "console_admin";
|
||||
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden,
|
||||
invisible, external, debug, rej, skill, hideidle,
|
||||
wallop, expiration;
|
||||
|
||||
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
|
||||
kline, module, rehash, restart, set, unkline, unxline, xline;
|
||||
};
|
||||
.include <hb_conf/include/oper.conf>
|
||||
|
|
|
@ -2,4 +2,12 @@
|
|||
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <include/serverhide.conf>
|
||||
serverhide {
|
||||
disable_remote_commands = no;
|
||||
flatten_links = no;
|
||||
hidden = no;
|
||||
hide_servers = yes;
|
||||
hide_services = yes;
|
||||
hidden_name = "pr0xy-dmz.1ns3cur1ty.io";
|
||||
hide_server_ips = yes;
|
||||
};
|
||||
|
|
|
@ -3,19 +3,3 @@
|
|||
*/
|
||||
|
||||
.include <hb_conf/include/auth.conf>
|
||||
|
||||
auth {
|
||||
spoof = "b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
user = "*@198.18.70.75";
|
||||
class = "bounce_oper";
|
||||
flags = need_ident, exceed_limit, kline_exempt,
|
||||
xline_exempt, resv_exempt, can_flood;
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
user = "*@198.18.70.34";
|
||||
class = "console_admin";
|
||||
flags = need_password, exceed_limit, kline_exempt,
|
||||
xline_exempt, resv_exempt, can_flood, no_tilde;
|
||||
};
|
|
@ -1,5 +1,5 @@
|
|||
/* Configuration example located at
|
||||
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <hb_conf/tor-dmz.admin.conf>
|
||||
|
|
|
@ -1,28 +1,5 @@
|
|||
#.include <hb_conf/include/oper.conf>
|
||||
/* Configuration example located at
|
||||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
operator {
|
||||
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "bounce_oper";
|
||||
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden,
|
||||
invisible, external, debug, rej, skill, hideidle,
|
||||
wallop, expiration;
|
||||
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
|
||||
kline, module, rehash, restart, set, unkline, unxline, xline;
|
||||
};
|
||||
|
||||
operator {
|
||||
user = "*@c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "console_admin";
|
||||
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden,
|
||||
invisible, external, debug, rej, skill, hideidle,
|
||||
wallop, expiration;
|
||||
|
||||
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
|
||||
kline, module, rehash, restart, set, unkline, unxline, xline;
|
||||
};
|
||||
.include <hb_conf/include/oper.conf>
|
||||
|
|
|
@ -2,4 +2,12 @@
|
|||
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <include/serverhide.conf>
|
||||
serverhide {
|
||||
disable_remote_commands = no;
|
||||
flatten_links = no;
|
||||
hidden = no;
|
||||
hide_servers = yes;
|
||||
hide_services = yes;
|
||||
hidden_name = "t0r-dmz.1ns3cur1ty.io";
|
||||
hide_server_ips = yes;
|
||||
};
|
|
@ -1,5 +1,5 @@
|
|||
/* Configuration example located at
|
||||
* https://gittor-edge.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <hb_conf/tor-edge.admin.conf>
|
||||
|
|
|
@ -1,28 +1,6 @@
|
|||
#.include <hb_conf/include/oper.conf>
|
||||
/* Configuration example located at
|
||||
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
operator {
|
||||
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "bounce_oper";
|
||||
.include <hb_conf/include/oper.conf>
|
||||
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden,
|
||||
invisible, external, debug, rej, skill, hideidle,
|
||||
wallop, expiration;
|
||||
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
|
||||
kline, module, rehash, restart, set, unkline, unxline, xline;
|
||||
};
|
||||
|
||||
operator {
|
||||
user = "*@c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
|
||||
password = "password";
|
||||
whois = "I'm too lame to read BitchX.doc";
|
||||
class = "console_admin";
|
||||
|
||||
umodes = locops, servnotice, wallop, softcallerid, hidden,
|
||||
invisible, external, debug, rej, skill, hideidle,
|
||||
wallop, expiration;
|
||||
|
||||
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
|
||||
kline, module, rehash, restart, set, unkline, unxline, xline;
|
||||
};
|
||||
|
|
|
@ -2,4 +2,11 @@
|
|||
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
|
||||
*/
|
||||
|
||||
.include <include/serverhide.conf>
|
||||
serverhide {
|
||||
disable_remote_commands = no;
|
||||
flatten_links = no;
|
||||
hidden = yes;
|
||||
hide_servers = no;
|
||||
hide_services = no;
|
||||
hide_server_ips = yes;
|
||||
};
|
||||
|
|
|
@ -21,13 +21,11 @@ AnonIPLimit = 0
|
|||
AltNick = g0d_
|
||||
LoadModule = controlpanel
|
||||
<Network n3tw3rk>
|
||||
Server = 100.64.48.42 6666
|
||||
Server = 100.64.64.42 6666
|
||||
<Chan #partyline>
|
||||
</Chan>
|
||||
<Chan #>
|
||||
</Chan>
|
||||
<Chan &>
|
||||
</Chan>
|
||||
</Network>
|
||||
|
||||
<Pass password>
|
||||
|
|
|
@ -35,4 +35,4 @@ services:
|
|||
hub:
|
||||
ipv4_address: 100.64.64.43
|
||||
volumes:
|
||||
- ../configs/znc/znc.conf:/home/znc/.znc/configs/znc.conf:rw
|
||||
- ../config/znc/znc.conf:/home/znc/.znc/configs/znc.conf:rw
|
||||
|
|
|
@ -44,14 +44,14 @@ Host myhub
|
|||
|
||||
- `ssh myhub`
|
||||
|
||||
### Repo
|
||||
- `git clone https://github.com/philoctetes409bc/docker-hybrid.git`
|
||||
- `cd docker-hybrid/host`
|
||||
|
||||
### Packages
|
||||
- `sudo apt -y install docker.io nftables tcpdump mtr tor git python3-pip`
|
||||
- `pip3 install docker-compose`
|
||||
|
||||
### Repo
|
||||
- `git clone https://github.com/philoctetes409bc/docker-hybrid.git`
|
||||
- `cd docker-hybrid/host`
|
||||
|
||||
### Configuration files
|
||||
- `cp tor/torrc /etc/tor/torrc`
|
||||
- `chattr +i /etc/tor/torrc`
|
||||
|
|
|
@ -1,48 +1,50 @@
|
|||
table ip hybrid {
|
||||
|
||||
chain POSTROUTING {
|
||||
type nat hook postrouting priority 0; policy accept;
|
||||
type nat hook postrouting priority 100; policy accept;
|
||||
oifname "WAN" ip saddr 100.64.48.0/20 counter masquerade comment "masqueraded egress-routed clients";
|
||||
}
|
||||
|
||||
chain PREROUTING {
|
||||
iif "WAN" tcp dport { 6667, 6697 } counter dnat 100.64.48.10 comment "general access leaf";
|
||||
type nat hook prerouting priority -100;
|
||||
iif "WAN" tcp dport { 6667 6697 } counter dnat 100.64.48.10 comment "general access leaf";
|
||||
iif "WAN" tcp dport { 6668, 6698 } counter dnat 100.64.48.18 comment "proxy dmz access leaf";
|
||||
iif "WAN" tcp dport { 7777 } counter dnat 100.64.48.14:6667 comment "edge uplink hub";
|
||||
iif "WAN" tcp dport { 7797 } counter dnat 100.64.48.14:6697 comment "TLS edge uplink hub";
|
||||
iif "WAN" tcp dport { 6666 } counter dnat 100.64.48.22:6667 comment "oper bouncer";
|
||||
iif "WAN" tcp dport { 6696 } counter dnat 100.64.48.22:6667 comment "TLS oper bouncer";
|
||||
iif "WAN" tcp dport { 6696 } counter dnat 100.64.48.22:6697 comment "TLS oper bouncer";
|
||||
}
|
||||
}
|
||||
|
||||
table inet filter {
|
||||
chain INVALID {
|
||||
limit rate 2/second burst 3 packets counter log prefix "NFBAD: " comment "invalid logged";
|
||||
counter drop comment "invalid dropped";
|
||||
}
|
||||
|
||||
chain input {
|
||||
chain INPUT {
|
||||
type filter hook input priority 0; policy drop;
|
||||
ct state invalid counter jump INVALID comment "Invalid";
|
||||
iifname "lo" ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter accept comment "Host loop-back";
|
||||
ct state {established, related} counter accept comment "Related/Established";
|
||||
tcp dport 22 counter accept comment "SSH in to host";
|
||||
tcp dport 22 counter accept comment "SSH in to host";
|
||||
tcp dport { 6667, 6697, 6668, 6698, 7777, 7797, 6666, 6696 } counter accept comment "IRCd ervice ports";
|
||||
udp dport 53 ip saddr 100.64.48.0/20 ip daddr 100.64.48.0/20 counter accept comment "ER->Host DNS (53) UDP";
|
||||
limit rate 15/second burst 3 packets counter log prefix "NF_IN: " comment "input unmatched log";
|
||||
counter drop comment "input dropped";
|
||||
}
|
||||
|
||||
chain forward {
|
||||
chain FORWARD {
|
||||
type filter hook forward priority 0; policy drop;
|
||||
ct state invalid counter jump INVALID comment "Invalid";
|
||||
ct state { established, related } accept comment "Related/Established";
|
||||
ip saddr 100.64.48.0/20 ip daddr 100.64.16.0/20 counter accept comment "ER->IR";
|
||||
ip saddr 100.64.0.0/20 ip daddr 100.64.16.0/20 counter accept comment "NR->IR";
|
||||
ip saddr 100.64.48.0/20 ip daddr != 100.64.0.0/17 counter accept comment "ER->!partition";
|
||||
limit rate 15/second burst 3 packets counter log prefix "NFFWD: " comment "forward unmatched log";
|
||||
counter drop comment "forward dropped";
|
||||
ct state invalid counter jump INVALID comment "Invalid";
|
||||
ct state { established, related } accept comment "Related/Established";
|
||||
ip saddr != 100.64.0.0/17 ip daddr 100.64.48.0/20 counter accept comment "GLOBAL->ER";
|
||||
ip saddr 100.64.48.0/20 ip daddr 100.64.16.0/20 counter accept comment "ER->IR";
|
||||
ip saddr 100.64.0.0/20 ip daddr 100.64.16.0/20 counter accept comment "NR->IR";
|
||||
ip saddr 100.64.48.0/20 ip daddr != 100.64.0.0/17 counter accept comment "ER->!partition";
|
||||
limit rate 15/second burst 3 packets counter log prefix "NFFWD: " comment "forward unmatched log";
|
||||
counter drop comment "forward dropped";
|
||||
}
|
||||
|
||||
chain output {
|
||||
chain OUTPUT {
|
||||
type filter hook output priority 0; policy drop;
|
||||
oifname "lo" ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter accept comment "Host loop-back";
|
||||
ct state invalid counter jump INVALID comment "Invalid";
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
table ip hybrid {
|
||||
|
||||
chain POSTROUTING {
|
||||
type nat hook postrouting priority 0; policy accept;
|
||||
type nat hook postrouting priority 100; policy accept;
|
||||
oifname "WAN" ip saddr 100.64.48.0/20 counter masquerade comment "masqueraded egress-routed clients";
|
||||
}
|
||||
|
||||
chain PREROUTING {
|
||||
type nat hook prerouting priority -100;
|
||||
}
|
||||
}
|
||||
|
||||
table inet filter {
|
||||
chain INVALID {
|
||||
limit rate 2/second burst 3 packets counter log prefix "NFBAD: " comment "invalid logged";
|
||||
counter drop comment "invalid dropped";
|
||||
}
|
||||
|
||||
chain input {
|
||||
chain INPUT {
|
||||
type filter hook input priority 0; policy drop;
|
||||
ct state invalid counter jump INVALID comment "Invalid";
|
||||
iifname "lo" ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter accept comment "Host loop-back";
|
||||
|
@ -25,18 +25,19 @@ table inet filter {
|
|||
counter drop comment "input dropped";
|
||||
}
|
||||
|
||||
chain forward {
|
||||
chain FORWARD {
|
||||
type filter hook forward priority 0; policy drop;
|
||||
ct state invalid counter jump INVALID comment "Invalid";
|
||||
ct state { established, related } accept comment "Related/Established";
|
||||
ip saddr 100.64.48.0/20 ip daddr 100.64.16.0/20 counter accept comment "ER->IR";
|
||||
ip saddr 100.64.0.0/20 ip daddr 100.64.16.0/20 counter accept comment "NR->IR";
|
||||
ip saddr 100.64.48.0/20 ip daddr != 100.64.0.0/17 counter accept comment "ER->!partition";
|
||||
limit rate 15/second burst 3 packets counter log prefix "NFFWD: " comment "forward unmatched log";
|
||||
counter drop comment "forward dropped";
|
||||
ct state invalid counter jump INVALID comment "Invalid";
|
||||
ct state { established, related } accept comment "Related/Established";
|
||||
ip saddr != 100.64.0.0/17 ip daddr 100.64.48.0/20 counter accept comment "GLOBAL->ER";
|
||||
ip saddr 100.64.48.0/20 ip daddr 100.64.16.0/20 counter accept comment "ER->IR";
|
||||
ip saddr 100.64.0.0/20 ip daddr 100.64.16.0/20 counter accept comment "NR->IR";
|
||||
ip saddr 100.64.48.0/20 ip daddr != 100.64.0.0/17 counter accept comment "ER->!partition";
|
||||
limit rate 15/second burst 3 packets counter log prefix "NFFWD: " comment "forward unmatched log";
|
||||
counter drop comment "forward dropped";
|
||||
}
|
||||
|
||||
chain output {
|
||||
chain OUTPUT {
|
||||
type filter hook output priority 0; policy drop;
|
||||
oifname "lo" ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter accept comment "Host loop-back";
|
||||
ct state invalid counter jump INVALID comment "Invalid";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
Port 22
|
||||
AddressFamily any
|
||||
ListenAddress ::
|
||||
ListenAddress 0.0.0.0
|
||||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
|
Загрузка…
Ссылка в новой задаче