initial commit
This commit is contained in:
commit
d30dd2fc84
250
Oracle Siebel 15.0.txt
Normal file
250
Oracle Siebel 15.0.txt
Normal file
|
@ -0,0 +1,250 @@
|
|||
Siebel HOST: SIEBELHOST
|
||||
- install telnet
|
||||
- install iis
|
||||
- install jre-8u71-windows-x64
|
||||
|
||||
0. Prepare Siebel Install Image using snic.bat from the zips.
|
||||
java -jar snic.jar also works
|
||||
|
||||
1. Install 64bit Oracle Database 11g.
|
||||
|
||||
global database name:SIEBELDB
|
||||
db administrative pass:SiebelDb1password1
|
||||
|
||||
The Database Control URL is https://localhost:1158/em
|
||||
user: SYS
|
||||
connect as: SYSDBA
|
||||
|
||||
create tablespaces:
|
||||
size 5GB
|
||||
|
||||
SBLDATA
|
||||
SBLDATA01.DBF
|
||||
|
||||
SBLINDX
|
||||
SBLINDX01.DBF
|
||||
|
||||
|
||||
2. Install 32bit Oracle Database 11g Client
|
||||
|
||||
Type: Administrator
|
||||
|
||||
Place tnsnames.ora into C:\Oracle\product\11.2.0\client_1\network\admin
|
||||
|
||||
tnsnames.ora contents:
|
||||
|
||||
SIEBELDB =
|
||||
(DESCRIPTION =
|
||||
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
|
||||
(CONNECT_DATA =
|
||||
(SERVER = DEDICATED)
|
||||
(SERVICE_NAME = SIEBELDB)
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
|
||||
3. Create Users (based on oracle grantusr.sql)
|
||||
cmd.exe
|
||||
sqlplus sys@siebeldb as sysdba
|
||||
|
||||
create role sse_role;
|
||||
grant create session to sse_role;
|
||||
|
||||
create role tblo_role;
|
||||
grant ALTER SESSION, CREATE CLUSTER, CREATE DATABASE LINK, CREATE INDEXTYPE,
|
||||
CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE SESSION,
|
||||
CREATE SYNONYM, CREATE TABLE, CREATE TRIGGER, CREATE TYPE, CREATE VIEW,
|
||||
CREATE DIMENSION, CREATE MATERIALIZED VIEW, QUERY REWRITE, ON COMMIT REFRESH
|
||||
to tblo_role;
|
||||
|
||||
create user SIEBEL identified by sadmin1password1;
|
||||
grant tblo_role to SIEBEL;
|
||||
grant sse_role to SIEBEL;
|
||||
alter user SIEBEL quota 0 on SYSTEM quota 0 on SYSAUX;
|
||||
alter user SIEBEL default tablespace SBLDATA;
|
||||
alter user SIEBEL temporary tablespace temp;
|
||||
alter user SIEBEL quota unlimited on SBLDATA;
|
||||
alter user SIEBEL quota unlimited on SBLINDX;
|
||||
|
||||
create user SADMIN identified by sadmin1password1;
|
||||
grant sse_role to SADMIN;
|
||||
alter user SADMIN default tablespace sbldata;
|
||||
alter user SADMIN temporary tablespace temp;
|
||||
alter user SADMIN quota unlimited on SBLDATA;
|
||||
alter user SADMIN quota unlimited on SBLINDX;
|
||||
|
||||
----
|
||||
|
||||
4. INSTALL SIEBEL SERVER from Network Image. General Config:
|
||||
|
||||
Oracle Home Name: SES_HOME
|
||||
Location: c:\Siebel\15.0.0.0.0\ses
|
||||
-gateway name server
|
||||
-siebel server
|
||||
-database configuration utilities
|
||||
Program folder name: Siebel Enterprise Server 15.0.0.0.0
|
||||
|
||||
5. SIEBEL ENTERPRISE CONFIGURATION
|
||||
|
||||
5.1. Install new gateway name
|
||||
|
||||
5.2. Install new enterprise in a gateway name server:
|
||||
|
||||
Gateway Name server port: 2320
|
||||
name server account name: SADMIN
|
||||
pass: sadmin1password1
|
||||
enterprise name: SBA_82
|
||||
|
||||
Siebel File system: C:\Siebel\15.0.0.0.0\ses\gtwysrvr\fs
|
||||
database table owner: SIEBEL
|
||||
sqlnet connect string: SIEBELDB
|
||||
user name: SADMIN
|
||||
pass: sadmin1password1
|
||||
|
||||
6. DATABASE SERVER CONFIGURATION
|
||||
|
||||
Make desktop shortcut to C:\Windows\SysWOW64\odbcad32.exe
|
||||
run as admin and get ODBC Data Source Name: SBA_82_DSN
|
||||
|
||||
db username: SADMIN
|
||||
pass: sadmin1password1
|
||||
db table owner: SIEBEL
|
||||
pass: sadmin1password1
|
||||
|
||||
index tables space name: SBLINDX
|
||||
table space name: SBLDATA
|
||||
|
||||
Wait 3 hours max.
|
||||
|
||||
Check Program Files\Oracle\Inventory\logs for errors
|
||||
|
||||
7. SIEBEL SERVER CONFIGURATION
|
||||
gateway login: SADMIN
|
||||
|
||||
Enable Open UI -> NO.
|
||||
Component Groups:
|
||||
-CallCenter
|
||||
-Remote
|
||||
-ORCL
|
||||
-WorkFlow
|
||||
-Communications
|
||||
|
||||
broker port: 2321
|
||||
tcp/ip for syncronization manager: 40400
|
||||
|
||||
8. SIEBEL ENTERPRISE CONFIGURATION - SWSE Profile
|
||||
|
||||
Enterprise Name: SBA_82
|
||||
|
||||
Path: C:\Siebel\15.0.0.0.0\ses\gtwysrvr\admin\Webserver
|
||||
|
||||
HI Employee User: SIEBANON
|
||||
HI pass: siebanon123
|
||||
|
||||
SI contact user: SIEBANON
|
||||
pass: siebanon123c
|
||||
|
||||
token: 615 112 419 907 (spaces are just for readability here)
|
||||
statistic page: _stats.swe
|
||||
|
||||
http port: 8080
|
||||
https port: 8443
|
||||
|
||||
9. POPULATE THE FS DIR:
|
||||
|
||||
Copy all files from C:\Siebel\15.0.0.0.0\ses\dbsrvr\FILES
|
||||
to: C:\Siebel\15.0.0.0.0\ses\gtwysrvr\fs\att
|
||||
|
||||
10. INSTALL SIEBEL WEB SERVER EXTENSION
|
||||
|
||||
C:\Siebel_Install_Image\15.0.0.0\Windows\Server\Siebel_Web_Server_Extension\Disk1\install
|
||||
|
||||
swse seed: 612 451 241 125 121 (again spaces are for readability)
|
||||
|
||||
11. Siebel Web Server Extension Configuration
|
||||
|
||||
Load balancing: Single Siebel Server
|
||||
profile location : C:\Siebel\15.0.0.0.0\ses\gtwysrvr\admin\Webserver
|
||||
|
||||
12. Fix Permission
|
||||
Go to C:\Siebel\15.0.0.0.0\eappweb
|
||||
Right click properties -> sharing -> advanced sharing.
|
||||
share this folder.
|
||||
|
||||
permissions -> add -> advanced -> find and add:
|
||||
IUSR
|
||||
IIS_IUSRS
|
||||
|
||||
with full permissions.
|
||||
|
||||
13. Setup ISS
|
||||
|
||||
cmd.exe ->
|
||||
iisreset
|
||||
|
||||
14. INSTALL WEB CLIENT:
|
||||
|
||||
C:\Siebel_Install_Image\15.0.0.0\Windows\Client\Siebel_Web_Client\Disk1\install
|
||||
start setup.bat
|
||||
|
||||
name: CLIENT_HOME
|
||||
path: C:\Siebel\15.0.0.0.0\Client
|
||||
|
||||
select: developer web client
|
||||
enable openui: no
|
||||
db alias: SIEBELDB
|
||||
owner: SIEBEL
|
||||
siebel FS: C:\SIEBEL_FS
|
||||
gateway addr: SIEBELHOST
|
||||
enterprise: SBA_82
|
||||
request: SIEBELHOST
|
||||
|
||||
15. Install Siebel Tools:
|
||||
|
||||
C:\Siebel_Install_Image\15.0.0.0\Windows\Client\Siebel_Tools\Disk1\install
|
||||
start setup.bat
|
||||
home: TOOLS_HOME
|
||||
c:\Siebel\15.0.0.0.0\Tools
|
||||
|
||||
db alias: SIEBELDB
|
||||
owner: SIEBEL
|
||||
siebel FS: C:\SIEBEL_FS
|
||||
|
||||
gateway addr: SIEBELHOST
|
||||
enterprise: SBA_82
|
||||
|
||||
installation spawns C:\Siebel\15.0.0.0.0\Client\PUBLIC\enu\predeploy.htm
|
||||
unblock active x on your IE
|
||||
|
||||
16. Web Access
|
||||
login using the start menu shortcuts is:
|
||||
userid: SADMIN
|
||||
pass: sadmin1password1
|
||||
connect to: Server
|
||||
|
||||
add http://siebelhost:8080 to trusted sites
|
||||
(http://siebelhost.crm.example.com:8080/start.swe should also be trusted in my case...)
|
||||
|
||||
and in internet tools setup low security profile to start activex controls automatically
|
||||
|
||||
17. Setup anon user:
|
||||
Go to Site map -> Administration User -> Employees
|
||||
click New and add:
|
||||
|
||||
Last Name: SIEBANON
|
||||
First Name: SIEBANON
|
||||
User ID: SIEBANON
|
||||
|
||||
Position: Siebel Administrator (?)
|
||||
Ctrl+S to save.
|
||||
|
||||
cmd.exe -> sqlplus sys@siebeldb as sysdba
|
||||
|
||||
create user SIEBANON identified by siebanon123;
|
||||
|
||||
grant sse_role to SIEBANON;
|
||||
|
||||
exit
|
||||
|
||||
iisreset
|
116
Redundant-BGP.txt
Normal file
116
Redundant-BGP.txt
Normal file
|
@ -0,0 +1,116 @@
|
|||
Redundant BGP with 2 ISPs, VRRP and Bird.
|
||||
|
||||
/etc/sysctl.conf:
|
||||
net.ipv4.conf.all.rp_filter=0
|
||||
net.ipv4.conf.lo.rp_filter=0
|
||||
net.ipv4.conf.default.rp_filter=0
|
||||
net.ipv4.conf.eth1.rp_filter=1
|
||||
net.ipv4.ip_forward=1
|
||||
net.ipv4.conf.default.forwarding=1
|
||||
net.ipv4.conf.all.forwarding=1
|
||||
|
||||
my as = 2000
|
||||
|
||||
|
||||
as 321 as2000 as 123
|
||||
|
||||
ebgp ibgp ebgp
|
||||
isp2 ------> RT2 <------> RT1 <------ isp1
|
||||
| .22 .21 |
|
||||
eth0 . eth1 | eth0
|
||||
. |
|
||||
^
|
||||
vrrp .1
|
||||
|
||||
|
||||
/etc/keepalived/keepalived.conf:
|
||||
vrrp_instance VI_1 {
|
||||
state MASTER
|
||||
#state BACKUP #RT2
|
||||
|
||||
interface eth1 #interconnect
|
||||
virtual_router_id 51
|
||||
|
||||
priority 100
|
||||
#priority 150 #RT2
|
||||
|
||||
advert_int 1
|
||||
|
||||
authentication {
|
||||
auth_type PASS
|
||||
auth_pass <CHANGEME>
|
||||
}
|
||||
|
||||
virtual_ipaddress {
|
||||
x.x.x.1 dev eth1
|
||||
}
|
||||
|
||||
#notify /script.sh #misc
|
||||
}
|
||||
|
||||
|
||||
/etc/bird/bird.conf:
|
||||
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
|
||||
#log stderr all;
|
||||
#log "tmp" all;
|
||||
debug protocols all;
|
||||
|
||||
# Router ID
|
||||
router id x.x.x.21;
|
||||
#router id x.x.x.22; #RT2
|
||||
|
||||
protocol kernel RT1 {
|
||||
learn; # Learn all alien routes from the kernel
|
||||
persist; # Don't remove routes on bird shutdown
|
||||
scan time 0; # Scan kernel routing table every 20 seconds, 0 disables the scanning and only netlink is used to send/receive kernel routes
|
||||
import all; # Default is import all
|
||||
export all; # Default is export none
|
||||
device routes;
|
||||
graceful restart;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
scan time 60;
|
||||
}
|
||||
|
||||
protocol static {
|
||||
route x.x.x.0/24 via x.x.x.1;
|
||||
}
|
||||
|
||||
# Import all directly connected routes. These come in with RTS_DEVICE
|
||||
protocol direct evrdirect {
|
||||
interface "*";
|
||||
export all;
|
||||
}
|
||||
|
||||
filter bgp_out
|
||||
{
|
||||
#dont poison the ISPs with anything else except your prefix
|
||||
if net = x.x.x.0/24 then accept;
|
||||
else reject;
|
||||
}
|
||||
|
||||
protocol bgp RT1 {
|
||||
local as 2000;
|
||||
neighbor x.x.x.22 as 2000; # iBGP peering
|
||||
#neighbor x.x.x.x.21 as 2000; on RT2
|
||||
keepalive time 5;
|
||||
graceful restart;
|
||||
import all;
|
||||
export all;
|
||||
preference 50; # highest preference "wins".
|
||||
direct;
|
||||
gateway direct;
|
||||
}
|
||||
|
||||
protocol bgp MAIN {
|
||||
local as 2000;
|
||||
neighbor y.y.y.y as 123;
|
||||
#neighbor z.z.z.z as 321; on RT1
|
||||
keepalive time 5;
|
||||
graceful restart;
|
||||
import all;
|
||||
export filter bgp_out;
|
||||
hold time 30;
|
||||
preference 100;
|
||||
}
|
17
Windows Oracle env vars.txt
Normal file
17
Windows Oracle env vars.txt
Normal file
|
@ -0,0 +1,17 @@
|
|||
some tips i've found in stack overflow. could be useful:
|
||||
|
||||
fix symbolic links:
|
||||
|
||||
cd c:\windows\system32
|
||||
mklink /d ora112 c:\Oracle\product\11.2.0\dbhome_1
|
||||
cd c:\Windows\sysWOW64
|
||||
mklink /d ora112 c:\Oracle\product\11.2.0\client_1
|
||||
|
||||
PATH=C:\windows\System32\ora112\bin;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\
|
||||
|
||||
ORACLE_HOME=c:\windows\system32\ora112
|
||||
Set Registry value HKLM\Software\ORACLE\KEY_OraClient11g_home1\ORACLE_HOME to:
|
||||
C:\Windows\System32\ora112
|
||||
|
||||
Set Registry value HKLM\Software\Wow6432Node\ORACLE\KEY_OraClient11g_home1\ORACLE_HOME to:
|
||||
C:\Windows\System32\ora112 (not C:\Windows\SysWOW64\System32\ora112)
|
138
configs/.tmux.conf
Normal file
138
configs/.tmux.conf
Normal file
|
@ -0,0 +1,138 @@
|
|||
# afx .tmux.conf 2017
|
||||
|
||||
# unbind all does not recover the default binds but we can list them
|
||||
# and fill the 'gaps' with manual rebind in the conf file using this command:
|
||||
# tmux -f /dev/null -L temp start-server \; list-keys
|
||||
unbind-key -a
|
||||
|
||||
set-option -g prefix F2 # ctrl+b => F2
|
||||
#bind-key a send-key M-a # alt+a = alt+a+a
|
||||
bind-key Left send-key M-Left
|
||||
bind-key Right send-key M-Right
|
||||
|
||||
#set tab names
|
||||
set-window-option -g automatic-rename on
|
||||
set-option -g set-titles on
|
||||
|
||||
set -g base-index 1 #0 is too far from ` ;)
|
||||
set -g status-keys vi
|
||||
set -g history-limit 10000
|
||||
set -sg escape-time 0 #No delay for escape key press
|
||||
set -g terminal-overrides "screen.xterm-new" #disable italic in searches
|
||||
setw -g mode-keys vi
|
||||
#setw -g mode-mouse off #tmux 1.9
|
||||
#set-option -g mouse on #tmux 2.1
|
||||
|
||||
bind-key r source-file ~/.tmux.conf
|
||||
bind-key R refresh-client
|
||||
|
||||
bind-key : command-prompt
|
||||
bind-key c new-window
|
||||
bind-key w list-window
|
||||
bind-key Space next-layout
|
||||
bind-key d detach
|
||||
bind-key t clock-mode
|
||||
bind-key n command-prompt 'rename-window %%'
|
||||
bind-key x confirm-before -p "kill-pane #W? (y/n)" kill-pane
|
||||
bind-key X confirm-before -p "kill-window #W? (y/n)" kill-window
|
||||
bind-key N command-prompt 'rename-session %%'
|
||||
bind-key f command-prompt "find-window '%%'"
|
||||
bind-key i display-message
|
||||
bind-key l last-window
|
||||
bind-key w choose-window
|
||||
bind-key Escape copy-mode -u
|
||||
bind-key Up copy-mode -u
|
||||
|
||||
bind-key | split-window -h
|
||||
bind-key \ split-window -h
|
||||
bind-key = split-window -v
|
||||
bind-key - split-window -v
|
||||
#bind-key < swap-window -t :-
|
||||
#bind-key > swap-window -t :+
|
||||
bind-key 0 select-window -t :0
|
||||
bind-key 1 select-window -t :1
|
||||
bind-key 2 select-window -t :2
|
||||
bind-key 3 select-window -t :3
|
||||
bind-key 4 select-window -t :4
|
||||
bind-key 5 select-window -t :5
|
||||
bind-key 6 select-window -t :6
|
||||
bind-key 7 select-window -t :7
|
||||
bind-key 8 select-window -t :8
|
||||
bind-key 9 select-window -t :9
|
||||
|
||||
# pane selection with Ctrl+ArrowKeys
|
||||
bind -n C-Left select-pane -L
|
||||
bind -n C-Right select-pane -R
|
||||
bind -n C-Up select-pane -U
|
||||
bind -n C-Down select-pane -D
|
||||
|
||||
# pane resize with Shift+ArrowKeys
|
||||
bind -n S-Left resize-pane -L
|
||||
bind -n S-Right resize-pane -R
|
||||
bind -n S-Up resize-pane -U
|
||||
bind -n S-Down resize-pane -D
|
||||
|
||||
# switch tabs with Alt+Comma and Alt+Dot
|
||||
bind -n M-, previous-window
|
||||
bind -n M-. next-window
|
||||
|
||||
# loud or quiet?
|
||||
set-option -g visual-activity off
|
||||
set-option -g visual-bell off
|
||||
set-option -g visual-silence off
|
||||
set-window-option -g monitor-activity on
|
||||
set-option -g bell-action none
|
||||
|
||||
# THEME
|
||||
set -g default-terminal "screen-256color"
|
||||
set -g status-position top
|
||||
set -g status-left ''
|
||||
set -g status-utf8 on
|
||||
# Basic status bar colors
|
||||
set -g status-fg colour240
|
||||
set -g status-bg colour233
|
||||
# Left side of status bar
|
||||
set -g status-left-bg colour233
|
||||
set -g status-left-fg colour243
|
||||
set -g status-left-length 40
|
||||
set -g status-left "#[fg=colour232,bg=colour39,bold] #S #[fg=colour233,bg=colour240] #(whoami) #[fg=colour240,bg=colour235] #I:#P "
|
||||
# Right side of status bar
|
||||
set -g status-right-bg colour233
|
||||
set -g status-right-fg colour243
|
||||
set -g status-right-length 150
|
||||
set -g status-right "#[fg=colour235,bg=colour233]#[fg=colour240,bg=colour235] %H:%M:%S #[fg=colour240,bg=colour235]#[fg=colour233,bg=colour240] %d-%b-%y #[fg=colour245,bg=colour240]#[fg=colour232,bg=colour245,bold] #H "
|
||||
# Window status
|
||||
set -g window-status-format " #I:#W#F "
|
||||
set -g window-status-current-format " #I:#W#F "
|
||||
# Current window status
|
||||
set -g window-status-current-bg colour39
|
||||
set -g window-status-current-fg colour232
|
||||
# Window with activity status
|
||||
set -g window-status-activity-bg colour75 # fg and bg are flipped here due to
|
||||
set -g window-status-activity-fg colour233 # a bug in tmux
|
||||
# Window separator
|
||||
set -g window-status-separator ""
|
||||
# Window status alignment
|
||||
set -g status-justify centre
|
||||
# Pane border
|
||||
set -g pane-border-bg default
|
||||
set -g pane-border-fg colour238
|
||||
# Active pane border
|
||||
set -g pane-active-border-bg default
|
||||
set -g pane-active-border-fg colour39
|
||||
# Pane number indicator
|
||||
set -g display-panes-colour colour233
|
||||
set -g display-panes-active-colour colour245
|
||||
# Clock mode
|
||||
set -g clock-mode-colour colour39
|
||||
set -g clock-mode-style 24
|
||||
# Message
|
||||
set -g message-bg colour39
|
||||
set -g message-fg black
|
||||
# Command message
|
||||
set -g message-command-bg colour233
|
||||
set -g message-command-fg black
|
||||
# Mode
|
||||
set -g mode-bg colour39
|
||||
set -g mode-fg colour232
|
||||
|
50
configs/putty-base16-irblack.reg
Normal file
50
configs/putty-base16-irblack.reg
Normal file
|
@ -0,0 +1,50 @@
|
|||
Windows Registry Editor Version 5.00
|
||||
|
||||
|
||||
|
||||
[HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\Base16-IR Black]
|
||||
|
||||
|
||||
"Colour0"="145,143,136"
|
||||
|
||||
"Colour1"="181,179,170"
|
||||
|
||||
"Colour2"="0,0,0"
|
||||
|
||||
"Colour3"="36,36,34"
|
||||
|
||||
"Colour4"="0,0,0"
|
||||
|
||||
"Colour5"="217,215,204"
|
||||
|
||||
"Colour6"="0,0,0"
|
||||
|
||||
"Colour7"="108,108,102"
|
||||
|
||||
"Colour8"="255,108,96"
|
||||
|
||||
"Colour9"="233,192,98"
|
||||
|
||||
"Colour10"="168,255,96"
|
||||
|
||||
"Colour11"="36,36,34"
|
||||
|
||||
"Colour12"="255,255,182"
|
||||
|
||||
"Colour13"="72,72,68"
|
||||
|
||||
"Colour14"="150,203,254"
|
||||
|
||||
"Colour15"="145,143,136"
|
||||
|
||||
"Colour16"="255,115,253"
|
||||
|
||||
"Colour17"="217,215,204"
|
||||
|
||||
"Colour18"="198,197,254"
|
||||
|
||||
"Colour19"="177,138,61"
|
||||
|
||||
"Colour20"="181,179,170"
|
||||
|
||||
"Colour21"="253,251,238"
|
44
plesk-wordpress-web.config.txt
Normal file
44
plesk-wordpress-web.config.txt
Normal file
|
@ -0,0 +1,44 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
|
||||
<httpErrors>
|
||||
<remove statusCode="502" subStatusCode="-1" />
|
||||
<remove statusCode="501" subStatusCode="-1" />
|
||||
<remove statusCode="500" subStatusCode="-1" />
|
||||
<remove statusCode="412" subStatusCode="-1" />
|
||||
<remove statusCode="406" subStatusCode="-1" />
|
||||
<remove statusCode="405" subStatusCode="-1" />
|
||||
<remove statusCode="404" subStatusCode="-1" />
|
||||
<remove statusCode="403" subStatusCode="-1" />
|
||||
<remove statusCode="401" subStatusCode="-1" />
|
||||
<error statusCode="400" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\bad_request.html" />
|
||||
<error statusCode="407" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\proxy_authentication_required.html" />
|
||||
<error statusCode="414" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\request-uri_too_long.html" />
|
||||
<error statusCode="415" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\unsupported_media_type.html" />
|
||||
<error statusCode="503" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\maintenance.html" />
|
||||
<error statusCode="401" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\unauthorized.html" />
|
||||
<error statusCode="403" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\forbidden.html" />
|
||||
<error statusCode="404" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\not_found.html" />
|
||||
<error statusCode="405" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\method_not_allowed.html" />
|
||||
<error statusCode="406" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\not_acceptable.html" />
|
||||
<error statusCode="412" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\precondition_failed.html" />
|
||||
<error statusCode="500" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\internal_server_error.html" />
|
||||
<error statusCode="501" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\not_implemented.html" />
|
||||
<error statusCode="502" prefixLanguageFilePath="" path="D:\appdata\IIS\vhosts\domain.tld\error_docs\bad_gateway.html" />
|
||||
</httpErrors>
|
||||
|
||||
<rewrite>
|
||||
<rules>
|
||||
<rule name="Main Rule" stopProcessing="true">
|
||||
<match url=".*" />
|
||||
<conditions logicalGrouping="MatchAll">
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
|
||||
</conditions>
|
||||
<action type="Rewrite" url="index.php" />
|
||||
</rule>
|
||||
</rules>
|
||||
</rewrite>
|
||||
</system.webServer>
|
||||
</configuration>
|
116
scripts/aclset.sh
Normal file
116
scripts/aclset.sh
Normal file
|
@ -0,0 +1,116 @@
|
|||
#!/bin/bash
|
||||
|
||||
# afx acl setup
|
||||
|
||||
### vars
|
||||
|
||||
watchdir="/srv/test"
|
||||
domainadmin="afx"
|
||||
password="CHANGEME"
|
||||
|
||||
###
|
||||
|
||||
#init
|
||||
controlfile="control.txt"
|
||||
passfile="password.txt"
|
||||
aclset="";
|
||||
acldel="";
|
||||
old_IFS=$IFS # save the field separator
|
||||
IFS=$'\n' # new field separator, the end of line
|
||||
exec > /tmp/afxacl.log 2>&1
|
||||
|
||||
mlocate --database=/tmp/afxacl.db $controlfile > /tmp/afxacl.set.1.tmp
|
||||
mlocate --database=/tmp/afxacl.db $passfile > /tmp/afxacl.del.1.tmp
|
||||
updatedb --database-root=$watchdir --output /tmp/afxacl.db -l 0
|
||||
mlocate --database=/tmp/afxacl.db $controlfile > /tmp/afxacl.set.2.tmp
|
||||
mlocate --database=/tmp/afxacl.db $passfile > /tmp/afxacl.del.2.tmp
|
||||
|
||||
setlist=`diff /tmp/afxacl.set.1.tmp /tmp/afxacl.set.2.tmp`
|
||||
aclset=`echo "$setlist" | grep '>'`
|
||||
dellist=`diff /tmp/afxacl.del.1.tmp /tmp/afxacl.del.2.tmp`
|
||||
acldel=`echo "$dellist" | grep '>'`
|
||||
|
||||
#del
|
||||
if [ -n "$acldel" ]
|
||||
then
|
||||
while read dline;
|
||||
do
|
||||
curcontroldel=`echo "$dline" | cut -c 3-`;
|
||||
echo "unlocking $curcontroldel"
|
||||
ccut=`expr ${#passfile} + 1`
|
||||
cdir=`echo "$curcontroldel" | rev | cut -c $ccut- | rev`
|
||||
echo ""
|
||||
if [ -d "$cdir" ];
|
||||
then
|
||||
if grep -q $password "$curcontroldel";
|
||||
then
|
||||
echo "password accepted"
|
||||
chattr -i "$cdir/$controlfile"
|
||||
rm "$cdir/$controlfile"
|
||||
setfacl -R --remove-all "$cdir"
|
||||
chmod 770 "$cdir"
|
||||
echo ""
|
||||
echo "current permissions:"
|
||||
getfacl "$cdir"
|
||||
rm "$curcontroldel"
|
||||
else
|
||||
echo "invalid password!"
|
||||
rm "$curcontroldel"
|
||||
fi
|
||||
else
|
||||
echo "warning: whole dir was deleted"
|
||||
fi
|
||||
echo ""
|
||||
echo ""
|
||||
done < <(echo "$acldel")
|
||||
fi
|
||||
|
||||
# set
|
||||
if [ -n "$aclset" ]
|
||||
then
|
||||
while read cline;
|
||||
do
|
||||
curcontrolset=`echo "$cline" | cut -c 3-`;
|
||||
echo "setting up acl from $curcontrolset"
|
||||
ccuser=`stat -c "%U" "$curcontrolset"`
|
||||
if [ "$ccuser" != "$domainadmin" ];
|
||||
then
|
||||
echo "$ccuser is not a valid admin!"
|
||||
rm $curcontrolset
|
||||
continue;
|
||||
fi
|
||||
|
||||
echo ""
|
||||
ccut=`expr ${#controlfile} + 1`
|
||||
cdir=`echo "$curcontrolset" | rev | cut -c $ccut- | rev`
|
||||
chmod 700 "$cdir"
|
||||
for uline in $(cat "$curcontrolset")
|
||||
do
|
||||
echo "add user $uline ..."
|
||||
setfacl -R -n -m u:$uline:rwx "$cdir"
|
||||
done
|
||||
echo "add admin $domainadmin ..."
|
||||
setfacl -R -n -m u:$domainadmin:rwx "$cdir"
|
||||
setfacl -R -n -m m::rwx "$cdir"
|
||||
|
||||
chattr +i "$curcontrolset"
|
||||
echo ""
|
||||
echo "current permissions:"
|
||||
getfacl "$cdir"
|
||||
echo ""
|
||||
echo ""
|
||||
done < <(echo "$aclset")
|
||||
|
||||
fi
|
||||
|
||||
IFS=$old_IFS # restore default field separator
|
||||
|
||||
if [ -s /tmp/afxacl.log ];
|
||||
then
|
||||
mutt -s "setacl.sh notice" mailbox@server.com < /tmp/afxacl.log
|
||||
fi
|
||||
|
||||
#cleantmp
|
||||
rm /tmp/afxacl.set*
|
||||
rm /tmp/afxacl.del*
|
||||
|
33
scripts/arduino.py
Normal file
33
scripts/arduino.py
Normal file
|
@ -0,0 +1,33 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
""" arduino reader by afx """
|
||||
|
||||
import time, serial
|
||||
from sys import argv
|
||||
|
||||
def query_arduino():
|
||||
global serial
|
||||
serial = serial.Serial('/dev/ttyACM0', 9600)
|
||||
serial.write('1')
|
||||
query = serial.readline().strip('\r\n').split()
|
||||
fo = open('/etc/scripts/.arduino.db', 'wb')
|
||||
fo.write(','.join(query))
|
||||
fo.close()
|
||||
|
||||
def print_arduino(pmode):
|
||||
fr = open('/etc/scripts/.arduino.db', 'r+')
|
||||
rquery = fr.read(100);
|
||||
print(rquery.split(',')[pmode])
|
||||
fr.close()
|
||||
|
||||
if __name__ == "__main__":
|
||||
mode = argv
|
||||
if mode[1] == 'temp':
|
||||
print_arduino(0)
|
||||
elif mode[1] == 'humid':
|
||||
print_arduino(1)
|
||||
elif mode[1] == 'query':
|
||||
query_arduino()
|
||||
else:
|
||||
print('Usage: script.py [temp] [humid]')
|
||||
|
76
scripts/blackhole.py
Normal file
76
scripts/blackhole.py
Normal file
|
@ -0,0 +1,76 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
# simple ip blackhole list :)
|
||||
# afx Nov 2016
|
||||
#
|
||||
# requires Pygtail
|
||||
# should be installed to iptables filtered machine with DROP and LOG policy
|
||||
# the idea is that any traffic coming to this serviceless machine can be assumed
|
||||
# as bad and then listed for further processing
|
||||
|
||||
from pygtail import Pygtail
|
||||
|
||||
import sys
|
||||
import signal
|
||||
import re
|
||||
import time
|
||||
import json
|
||||
|
||||
kernlog = '/var/log/kern.log'
|
||||
dbfile = '/var/www/html/blacklist.txt'
|
||||
|
||||
#add whitelisted ips here:
|
||||
whitelist = [ '1.2.3.4',
|
||||
'5.6.7.8' ]
|
||||
|
||||
######
|
||||
|
||||
def signal_handler(signal, frame):
|
||||
print('You\'ve pressed Ctrl+C. Listing stats and exiting...')
|
||||
print('')
|
||||
print(json.dumps(stats))
|
||||
sys.exit(0)
|
||||
|
||||
signal.signal(signal.SIGINT, signal_handler)
|
||||
|
||||
print('.o.oOo.o. blackhole.py by afx .o.oOo.o.')
|
||||
print('^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^')
|
||||
print('Whitelist: {}'.format(whitelist))
|
||||
blacklist = []
|
||||
stats = {}
|
||||
try:
|
||||
blackfile = open(dbfile, 'r')
|
||||
for item in blackfile:
|
||||
blacklist.append(item.strip())
|
||||
blackfile.close()
|
||||
print('Blacklist: {}'.format(blacklist))
|
||||
except Exception as e:
|
||||
print(e)
|
||||
print('Blacklist empty.')
|
||||
print('')
|
||||
|
||||
while True:
|
||||
time.sleep(1)
|
||||
for line in Pygtail(kernlog):
|
||||
query = re.findall( r'SRC=[0-9]+(?:\.[0-9]+){3}', line )
|
||||
newip = query[0][4:]
|
||||
if newip in whitelist:
|
||||
print('{} whitelisted'.format(newip))
|
||||
continue
|
||||
elif newip in blacklist:
|
||||
try:
|
||||
oldcounter = stats[newip]
|
||||
except:
|
||||
oldcounter = 0
|
||||
counter = oldcounter + 1
|
||||
stats.update({ newip: counter })
|
||||
print('{} -> {}'.format(newip, str(stats[newip])))
|
||||
else:
|
||||
print('{} blackholed'.format(newip))
|
||||
blacklist.append(newip)
|
||||
blackfile = open(dbfile, 'w')
|
||||
for item in blacklist:
|
||||
blackfile.write("%s\n" % item)
|
||||
blackfile.close()
|
||||
|
||||
#EOF
|
29
scripts/clean-maildir.sh
Normal file
29
scripts/clean-maildir.sh
Normal file
|
@ -0,0 +1,29 @@
|
|||
#!/bin/sh
|
||||
# Time to wait before removing mails from the Junk folder (Default: 7 days) Set 0 to turn off.
|
||||
junk_max_hours=$((24*2))
|
||||
# Time to wait before removing mails from the Trash folder (Default: 30 days) Set 0 to turn off.
|
||||
trash_max_hours=$((24*10))
|
||||
for domain in /var/vmail/*
|
||||
do
|
||||
if [ -d "$domain" ]
|
||||
then
|
||||
for user in $domain/*
|
||||
do
|
||||
if [ "$junk_max_hours" -gt "0" ]
|
||||
then
|
||||
if [ -d "$user/Maildir/.Junk" ]
|
||||
then
|
||||
tmpreaper -m $junk_max_hours $user/Maildir/.Junk/{cur,new}
|
||||
fi
|
||||
fi
|
||||
if [ "$trash_max_hours" -gt "0" ]
|
||||
then
|
||||
if [ -d "$user/Maildir/.Trash" ]
|
||||
then
|
||||
tmpreaper -m $trash_max_hours $user/Maildir/.Trash/{cur,new}
|
||||
fi
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
49
scripts/cronic.sh
Normal file
49
scripts/cronic.sh
Normal file
|
@ -0,0 +1,49 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Cronic v2 - cron job report wrapper
|
||||
# Copyright 2007 Chuck Houpt. No rights reserved, whatsoever.
|
||||
# Public Domain CC0: http://creativecommons.org/publicdomain/zero/1.0/
|
||||
|
||||
set -eu
|
||||
|
||||
OUT=/tmp/cronic.out.$$
|
||||
ERR=/tmp/cronic.err.$$
|
||||
TRACE=/tmp/cronic.trace.$$
|
||||
|
||||
set +e
|
||||
"$@" >$OUT 2>$TRACE
|
||||
RESULT=$?
|
||||
set -e
|
||||
|
||||
PATTERN="^${PS4:0:1}\\+${PS4:1}"
|
||||
if grep -aq "$PATTERN" $TRACE
|
||||
then
|
||||
! grep -av "$PATTERN" $TRACE > $ERR
|
||||
else
|
||||
ERR=$TRACE
|
||||
fi
|
||||
|
||||
if [ $RESULT -ne 0 -o -s "$ERR" ]
|
||||
then
|
||||
echo "Cronic detected failure or error output for the command:"
|
||||
echo "$@"
|
||||
echo
|
||||
echo "RESULT CODE: $RESULT"
|
||||
echo
|
||||
echo "ERROR OUTPUT:"
|
||||
cat "$ERR"
|
||||
echo
|
||||
echo "STANDARD OUTPUT:"
|
||||
cat "$OUT"
|
||||
if [ $TRACE != $ERR ]
|
||||
then
|
||||
echo
|
||||
echo "TRACE-ERROR OUTPUT:"
|
||||
cat "$TRACE"
|
||||
fi
|
||||
fi
|
||||
|
||||
rm -f "$OUT"
|
||||
rm -f "$ERR"
|
||||
rm -f "$TRACE"
|
||||
|
333
scripts/iptables-vlan.sh
Normal file
333
scripts/iptables-vlan.sh
Normal file
|
@ -0,0 +1,333 @@
|
|||
#!/bin/bash
|
||||
|
||||
SYSCTL="/sbin/sysctl -w"
|
||||
|
||||
IPT="/sbin/iptables"
|
||||
IPTS="/sbin/iptables-save"
|
||||
IPTR="/sbin/iptables-restore"
|
||||
|
||||
# Internet Interface
|
||||
INET_IFACE="eth1"
|
||||
INET_IP="1.2.3.4"
|
||||
INET_ADMIN="2.3.4.5"
|
||||
|
||||
VPN_IFACE="tun+"
|
||||
VPN_IP="10.8.0.1"
|
||||
VPN_NET="10.8.0.0/8"
|
||||
VPN_BCAST="10.255.255.255"
|
||||
|
||||
# Local Interface Information
|
||||
LOCAL_IFACE="eth0"
|
||||
LOCAL_IP="192.168.5.1"
|
||||
LOCAL_NET="192.168.5.0/24"
|
||||
LOCAL_BCAST="192.168.5.255"
|
||||
|
||||
EVOIP_IFACE="vlan1234"
|
||||
EVOIP_IP="10.20.5.50"
|
||||
EVOIP_NET="10.20.5.48/29"
|
||||
EVOIP_BCAST="10.20.5.55"
|
||||
|
||||
VIDEO_IFACE="vlan1015"
|
||||
VIDEO_IP="192.168.15.1"
|
||||
VIDEO_NET="192.168.15.0/24"
|
||||
VIDEO_BCAST="192.168.15.255"
|
||||
|
||||
VOIP_IFACE="vlan1016"
|
||||
VOIP_IP="192.168.16.1"
|
||||
VOIP_NET="192.168.16.0/24"
|
||||
VOIP_BCAST="192.168.16.255"
|
||||
|
||||
WIFI_IFACE="vlan1017"
|
||||
WIFI_IP="192.168.17.1"
|
||||
WIFI_NET="192.168.17.0/24"
|
||||
WIFI_BCAST="192.168.17.255"
|
||||
|
||||
# Localhost Interface
|
||||
|
||||
LO_IFACE="lo"
|
||||
LO_IP="127.0.0.1"
|
||||
|
||||
# Save and Restore arguments handled here
|
||||
if [ "$1" = "save" ]
|
||||
then
|
||||
echo -n "Saving firewall to /etc/sysconfig/iptables ... "
|
||||
$IPTS > /etc/scripts/iptables
|
||||
echo "done"
|
||||
exit 0
|
||||
elif [ "$1" = "restore" ]
|
||||
then
|
||||
echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
|
||||
$IPTR < /etc/scripts/iptables
|
||||
echo "done"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Loading kernel modules ..."
|
||||
|
||||
/sbin/modprobe ip_tables
|
||||
/sbin/modprobe ip_conntrack
|
||||
/sbin/modprobe iptable_filter
|
||||
/sbin/modprobe iptable_mangle
|
||||
/sbin/modprobe iptable_nat
|
||||
/sbin/modprobe ipt_LOG
|
||||
/sbin/modprobe ipt_limit
|
||||
/sbin/modprobe ipt_MASQUERADE
|
||||
#/sbin/modprobe ipt_owner
|
||||
#/sbin/modprobe ipt_REJECT
|
||||
#/sbin/modprobe ipt_mark
|
||||
#/sbin/modprobe ipt_tcpmss
|
||||
/sbin/modprobe multiport
|
||||
/sbin/modprobe ipt_state
|
||||
#/sbin/modprobe ipt_unclean
|
||||
/sbin/modprobe ip_nat_ftp
|
||||
/sbin/modprobe ip_conntrack_ftp
|
||||
#/sbin/modprobe ip_conntrack_irc
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/ip_forward
|
||||
else
|
||||
$SYSCTL net.ipv4.ip_forward="1"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
|
||||
else
|
||||
$SYSCTL net.ipv4.tcp_syncookies="1"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
|
||||
else
|
||||
$SYSCTL net.ipv4.conf.all.rp_filter="1"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
|
||||
else
|
||||
$SYSCTL net.ipv4.icmp_echo_ignore_broadcasts="1"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
|
||||
else
|
||||
$SYSCTL net.ipv4.conf.all.accept_source_route="0"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
|
||||
else
|
||||
$SYSCTL net.ipv4.conf.all.secure_redirects="1"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
|
||||
else
|
||||
$SYSCTL net.ipv4.conf.all.log_martians="1"
|
||||
fi
|
||||
|
||||
###############################################################################
|
||||
echo "Flushing Tables ..."
|
||||
|
||||
# Reset Default Policies
|
||||
$IPT -P INPUT ACCEPT
|
||||
$IPT -P FORWARD ACCEPT
|
||||
$IPT -P OUTPUT ACCEPT
|
||||
$IPT -t nat -P PREROUTING ACCEPT
|
||||
$IPT -t nat -P POSTROUTING ACCEPT
|
||||
$IPT -t nat -P OUTPUT ACCEPT
|
||||
$IPT -t mangle -P PREROUTING ACCEPT
|
||||
$IPT -t mangle -P OUTPUT ACCEPT
|
||||
|
||||
$IPT -F
|
||||
$IPT -t nat -F
|
||||
$IPT -t mangle -F
|
||||
$IPT -X
|
||||
$IPT -t nat -X
|
||||
$IPT -t mangle -X
|
||||
|
||||
if [ "$1" = "stop" ]
|
||||
then
|
||||
echo "Firewall completely flushed! Now running with no firewall."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
$IPT -P INPUT DROP
|
||||
$IPT -P OUTPUT DROP
|
||||
$IPT -P FORWARD DROP
|
||||
###############################################################################
|
||||
|
||||
#$IPT -N bad_packets
|
||||
#$IPT -N bad_tcp_packets
|
||||
$IPT -N icmp_packets
|
||||
$IPT -N udp_inbound
|
||||
$IPT -N udp_outbound
|
||||
$IPT -N tcp_inbound
|
||||
$IPT -N tcp_outbound
|
||||
|
||||
#$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j LOG --log-prefix "fp=bad_packets:2 a=DROP "
|
||||
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP
|
||||
#$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG --log-prefix "fp=bad_packets:1 a=DROP "
|
||||
$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP
|
||||
$IPT -A bad_packets -p tcp -j bad_tcp_packets
|
||||
$IPT -A bad_packets -p ALL -j RETURN
|
||||
|
||||
$IPT -A bad_tcp_packets -p tcp -i $LOCAL_IFACE -j RETURN
|
||||
#$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "fp=bad_tcp_packets:1 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
|
||||
#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "fp=bad_tcp_packets:2 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP
|
||||
#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "fp=bad_tcp_packets:3 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP
|
||||
#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix "fp=bad_tcp_packets:4 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
|
||||
#$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "fp=bad_tcp_packets:5 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
|
||||
#$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "fp=bad_tcp_packets:6 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
|
||||
#$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "fp=bad_tcp_packets:7 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
|
||||
$IPT -A bad_tcp_packets -p tcp -j RETURN
|
||||
|
||||
#$IPT -A icmp_packets --fragment -p ICMP -j LOG --log-prefix "fp=icmp_packets:1 a=DROP "
|
||||
$IPT -A icmp_packets --fragment -p ICMP -j DROP
|
||||
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP
|
||||
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
|
||||
$IPT -A icmp_packets -p ICMP -j RETURN
|
||||
#$IPT -A icmp_packets -p ICMP -j ACCEPT
|
||||
|
||||
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 137 -j DROP
|
||||
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 138 -j DROP
|
||||
$IPT -A udp_inbound -p UDP -s 0/0 --source-port 67 --destination-port 68 -j ACCEPT
|
||||
$IPT -A udp_inbound -m state --state NEW -p UDP -s 0/0 --destination-port 1194 -j ACCEPT #vpn
|
||||
$IPT -A udp_inbound -p UDP -j RETURN
|
||||
|
||||
$IPT -A tcp_inbound -p TCP -s $INET_ADMIN --destination-port 2222 -j ACCEPT #ssh
|
||||
$IPT -A tcp_inbound -p TCP -j RETURN
|
||||
|
||||
$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT
|
||||
$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT
|
||||
|
||||
###############################################################################
|
||||
echo "Process INPUT chain ..."
|
||||
|
||||
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
|
||||
#$IPT -A INPUT -p ALL -j bad_packets
|
||||
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
|
||||
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT
|
||||
|
||||
$IPT -A INPUT -p ALL -i $WIFI_IFACE -s $WIFI_NET -j ACCEPT
|
||||
$IPT -A INPUT -p ALL -i $WIFI_IFACE -d $WIFI_BCAST -j ACCEPT
|
||||
|
||||
$IPT -A INPUT -p ALL -i $VIDEO_IFACE -s $VIDEO_NET -j ACCEPT
|
||||
$IPT -A INPUT -p ALL -i $VIDEO_IFACE -d $VIDEO_BCAST -j ACCEPT
|
||||
|
||||
$IPT -A INPUT -p ALL -i $VOIP_IFACE -s $VOIP_NET -j ACCEPT
|
||||
$IPT -A INPUT -p ALL -i $VOIP_IFACE -d $VOIP_BCAST -j ACCEPT
|
||||
|
||||
$IPT -A INPUT -p ALL -i $VPN_IFACE -j ACCEPT
|
||||
$IPT -A INPUT -p ALL -i $EVOIP_IFACE -j ACCEPT
|
||||
|
||||
$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
|
||||
$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound
|
||||
$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound
|
||||
$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
|
||||
|
||||
#$IPT -A INPUT -m pkttype --pkt-type broadcast -j DROP
|
||||
#$IPT -A INPUT -j LOG --log-prefix "fp=INPUT:99 a=DROP "
|
||||
|
||||
###############################################################################
|
||||
echo "Process FORWARD chain ..."
|
||||
|
||||
#$IPT -A FORWARD -p ALL -j bad_packets
|
||||
$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound
|
||||
$IPT -A FORWARD -p udp -i $LOCAL_IFACE -j udp_outbound
|
||||
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT
|
||||
|
||||
#forward VIDEO vlan1015 to internet but not to the local network!
|
||||
###$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -d $LOCAL_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
|
||||
###$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -d $LOCAL_NET -j DROP
|
||||
$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -d $LOCAL_NET -j ACCEPT
|
||||
$IPT -A FORWARD -p ALL -i $VIDEO_IFACE -s $VIDEO_NET -j ACCEPT
|
||||
|
||||
#forward VOIP vlan1016 to internet but not to the local network!
|
||||
$IPT -A FORWARD -p ALL -i $VOIP_IFACE -d $LOCAL_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
|
||||
$IPT -A FORWARD -p ALL -i $VOIP_IFACE -d $LOCAL_NET -j DROP
|
||||
$IPT -A FORWARD -p ALL -i $VOIP_IFACE -s $VOIP_NET -j ACCEPT
|
||||
|
||||
#forward WIFI vlan1017 to internet but not to the local network!
|
||||
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $LOCAL_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
|
||||
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $LOCAL_NET -j DROP
|
||||
#wifi to DVR allowed:
|
||||
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d 192.168.15.2 -j ACCEPT
|
||||
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d 192.168.15.1 -j ACCEPT
|
||||
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $VIDEO_NET -j DROP
|
||||
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $VOIP_NET -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
|
||||
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -d $VOIP_NET -j DROP
|
||||
$IPT -A FORWARD -p ALL -i $WIFI_IFACE -s $WIFI_NET -j ACCEPT
|
||||
|
||||
#forward VPN
|
||||
$IPT -A FORWARD -p ALL -i $VPN_IFACE -s $VPN_NET -j ACCEPT
|
||||
#$IPT -A FORWARD -i $VPN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
$IPT -A FORWARD -i $EVOIP_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
$IPT -A FORWARD -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
|
||||
|
||||
###############################################################################
|
||||
echo "Process OUTPUT chain ..."
|
||||
|
||||
$IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP
|
||||
$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
|
||||
$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
|
||||
|
||||
$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT
|
||||
$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT
|
||||
|
||||
$IPT -A OUTPUT -p ALL -s $VIDEO_IP -j ACCEPT
|
||||
$IPT -A OUTPUT -p ALL -o $VIDEO_IFACE -j ACCEPT
|
||||
|
||||
$IPT -A OUTPUT -p ALL -s $WIFI_IP -j ACCEPT
|
||||
$IPT -A OUTPUT -p ALL -o $WIFI_IFACE -j ACCEPT
|
||||
|
||||
$IPT -A OUTPUT -p ALL -s $VOIP_IP -j ACCEPT
|
||||
$IPT -A OUTPUT -p ALL -o $VOIP_IFACE -j ACCEPT
|
||||
|
||||
$IPT -A OUTPUT -p ALL -o $VPN_IFACE -j ACCEPT
|
||||
|
||||
$IPT -A OUTPUT -p ALL -o $EVOIP_IFACE -j ACCEPT
|
||||
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
|
||||
$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP "
|
||||
|
||||
###############################################################################
|
||||
echo "Load rules for nat table ..."
|
||||
|
||||
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
|
||||
$IPT -t nat -A POSTROUTING -o $EVOIP_IFACE -j MASQUERADE
|
||||
$IPT -t nat -A POSTROUTING -s $VPN_NET -o $INET_IFACE -j MASQUERADE #vpn
|
||||
|
||||
###
|
||||
echo "Loading extra rules ..."
|
||||
|
||||
#VOIP
|
||||
$IPT -I FORWARD -p udp -i $EVOIP_IFACE -d 192.168.16.2 --dport 5060 -j ACCEPT
|
||||
$IPT -t nat -I PREROUTING -p udp -i $EVOIP_IFACE --dport 5060 -j DNAT --to 192.168.16.2:5060
|
||||
$IPT -I FORWARD -p udp -i $EVOIP_IFACE -d 192.168.16.2 --dport 10000:20000 -j ACCEPT
|
||||
$IPT -t nat -I PREROUTING -p udp -i $EVOIP_IFACE --dport 10000:20000 -j DNAT --to 192.168.16.2:10000-20000
|
||||
|
||||
#NVR
|
||||
$IPT -I FORWARD -p tcp -i $INET_IFACE -s 0/0 -d 192.168.15.251 --dport 8001 -j ACCEPT
|
||||
$IPT -t nat -I PREROUTING -p tcp -i $INET_IFACE --dport 8001 -j DNAT --to 192.168.15.251:8001
|
||||
$IPT -t nat -I PREROUTING -p tcp -i $WIFI_IFACE -s $WIFI_NET -d $INET_IP --dport 8001 -j DNAT --to 192.168.15.251:8001
|
||||
$IPT -t nat -I POSTROUTING -p tcp -o $WIFI_IFACE -s $VIDEO_NET -d 192.168.15.251 --dport 8001 -j SNAT --to $INET_IP
|
||||
#substream
|
||||
$IPT -I FORWARD -p tcp -i $INET_IFACE -s 0/0 -d 192.168.15.251 --dport 554 -j ACCEPT
|
||||
$IPT -t nat -I PREROUTING -p tcp -i $INET_IFACE --dport 554 -j DNAT --to 192.168.15.251:554
|
||||
$IPT -t nat -I PREROUTING -p tcp -i $WIFI_IFACE -s $WIFI_NET -d $INET_IP --dport 554 -j DNAT --to 192.168.15.250:554
|
||||
$IPT -t nat -I POSTROUTING -p tcp -o $WIFI_IFACE -s $VIDEO_NET -d 192.168.15.251 --dport 554 -j SNAT --to $INET_IP
|
267
scripts/iptables.sh
Normal file
267
scripts/iptables.sh
Normal file
|
@ -0,0 +1,267 @@
|
|||
#!/bin/bash
|
||||
|
||||
### iptables.sh for ipv4
|
||||
|
||||
SYSCTL="/sbin/sysctl -w"
|
||||
|
||||
IPT="/sbin/iptables"
|
||||
IPTS="/sbin/iptables-save"
|
||||
IPTR="/sbin/iptables-restore"
|
||||
|
||||
# Internet Interface
|
||||
INET_IFACE="pub"
|
||||
#INET_IFACE2="pub2"
|
||||
INET_ADMIN="1.2.3.4"
|
||||
INET_ORB="2.3.4.5"
|
||||
|
||||
# Local Interface Information
|
||||
LOCAL_IFACE="dmz"
|
||||
LOCAL_IP="192.168.0.5"
|
||||
LOCAL_NET="192.168.0.0/24"
|
||||
LOCAL_BCAST="192.168.0.255"
|
||||
|
||||
# Localhost Interface
|
||||
|
||||
LO_IFACE="lo"
|
||||
LO_IP="127.0.0.1"
|
||||
|
||||
# Save and Restore arguments handled here
|
||||
if [ "$1" = "save" ]
|
||||
then
|
||||
echo -n "Saving firewall to /etc/sysconfig/iptables ... "
|
||||
$IPTS > /etc/scripts/iptables
|
||||
echo "done"
|
||||
exit 0
|
||||
elif [ "$1" = "restore" ]
|
||||
then
|
||||
echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
|
||||
$IPTR < /etc/scripts/iptables
|
||||
echo "done"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Loading kernel modules ..."
|
||||
|
||||
/sbin/modprobe ip_tables
|
||||
/sbin/modprobe ip_conntrack
|
||||
# /sbin/modprobe iptable_filter
|
||||
# /sbin/modprobe iptable_mangle
|
||||
# /sbin/modprobe iptable_nat
|
||||
# /sbin/modprobe ipt_LOG
|
||||
# /sbin/modprobe ipt_limit
|
||||
# /sbin/modprobe ipt_MASQUERADE
|
||||
# /sbin/modprobe ipt_owner
|
||||
# /sbin/modprobe ipt_REJECT
|
||||
# /sbin/modprobe ipt_mark
|
||||
# /sbin/modprobe ipt_tcpmss
|
||||
# /sbin/modprobe multiport
|
||||
# /sbin/modprobe ipt_state
|
||||
# /sbin/modprobe ipt_unclean
|
||||
/sbin/modprobe ip_nat_ftp
|
||||
/sbin/modprobe ip_conntrack_ftp
|
||||
/sbin/modprobe ip_conntrack_irc
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/ip_forward
|
||||
else
|
||||
$SYSCTL net.ipv4.ip_forward="1"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
|
||||
else
|
||||
$SYSCTL net.ipv4.tcp_syncookies="1"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
|
||||
else
|
||||
$SYSCTL net.ipv4.conf.all.rp_filter="1"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
|
||||
else
|
||||
$SYSCTL net.ipv4.icmp_echo_ignore_broadcasts="1"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
|
||||
else
|
||||
$SYSCTL net.ipv4.conf.all.accept_source_route="0"
|
||||
fi
|
||||
|
||||
if [ "$SYSCTL" = "" ]
|
||||
then
|
||||
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
|
||||
else
|
||||
$SYSCTL net.ipv4.conf.all.secure_redirects="1"
|
||||
fi
|
||||
|
||||
#if [ "$SYSCTL" = "" ]
|
||||
#then
|
||||
# echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
|
||||
#else
|
||||
# $SYSCTL net.ipv4.conf.all.log_martians="1"
|
||||
#fi
|
||||
|
||||
|
||||
###############################################################################
|
||||
|
||||
echo "Flushing Tables ..."
|
||||
|
||||
# Reset Default Policies
|
||||
$IPT -P INPUT ACCEPT
|
||||
$IPT -P FORWARD ACCEPT
|
||||
$IPT -P OUTPUT ACCEPT
|
||||
$IPT -t nat -P PREROUTING ACCEPT
|
||||
$IPT -t nat -P POSTROUTING ACCEPT
|
||||
$IPT -t nat -P OUTPUT ACCEPT
|
||||
$IPT -t mangle -P PREROUTING ACCEPT
|
||||
$IPT -t mangle -P OUTPUT ACCEPT
|
||||
|
||||
$IPT -F
|
||||
$IPT -t nat -F
|
||||
$IPT -t mangle -F
|
||||
$IPT -X
|
||||
$IPT -t nat -X
|
||||
$IPT -t mangle -X
|
||||
|
||||
if [ "$1" = "stop" ]
|
||||
then
|
||||
echo "Firewall completely flushed! Now running with no firewall."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
$IPT -P INPUT DROP
|
||||
$IPT -P OUTPUT DROP
|
||||
$IPT -P FORWARD DROP
|
||||
|
||||
###############################################################################
|
||||
|
||||
$IPT -N bad_packets
|
||||
$IPT -N bad_tcp_packets
|
||||
$IPT -N icmp_packets
|
||||
$IPT -N udp_inbound
|
||||
$IPT -N udp_outbound
|
||||
$IPT -N tcp_inbound
|
||||
$IPT -N tcp_outbound
|
||||
|
||||
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j LOG --log-prefix "fp=bad_packets:2 a=DROP "
|
||||
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP
|
||||
|
||||
$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG --log-prefix "fp=bad_packets:1 a=DROP "
|
||||
$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP
|
||||
$IPT -A bad_packets -p tcp -j bad_tcp_packets
|
||||
$IPT -A bad_packets -p ALL -j RETURN
|
||||
|
||||
$IPT -A bad_tcp_packets -p tcp -i $LOCAL_IFACE -j RETURN
|
||||
|
||||
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "fp=bad_tcp_packets:1 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
|
||||
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "fp=bad_tcp_packets:2 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP
|
||||
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "fp=bad_tcp_packets:3 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP
|
||||
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix "fp=bad_tcp_packets:4 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
|
||||
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "fp=bad_tcp_packets:5 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
|
||||
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "fp=bad_tcp_packets:6 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
|
||||
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "fp=bad_tcp_packets:7 a=DROP "
|
||||
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
|
||||
|
||||
$IPT -A bad_tcp_packets -p tcp -j RETURN
|
||||
|
||||
### ICMP
|
||||
#$IPT -A icmp_packets --fragment -p ICMP -j LOG \
|
||||
# --log-prefix "fp=icmp_packets:1 a=DROP "
|
||||
#$IPT -A icmp_packets --fragment -p ICMP -j DROP
|
||||
#$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP
|
||||
#$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
|
||||
#$IPT -A icmp_packets -p ICMP -j RETURN
|
||||
$IPT -A icmp_packets -p ICMP -j ACCEPT
|
||||
|
||||
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 137 -j DROP
|
||||
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 138 -j DROP
|
||||
$IPT -A udp_inbound -p UDP -s 0/0 --source-port 67 --destination-port 68 -j ACCEPT
|
||||
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 53 -j ACCEPT
|
||||
$IPT -A udp_inbound -p UDP -j RETURN
|
||||
|
||||
$IPT -A tcp_inbound -p TCP -s $INET_ORB --destination-port 10000 -j ACCEPT
|
||||
$IPT -A tcp_inbound -p TCP -s $INET_ORB --destination-port 10001 -j ACCEPT
|
||||
$IPT -A tcp_inbound -p TCP -s $INET_ADMIN --destination-port 22 -j ACCEPT
|
||||
$IPT -A tcp_inbound -p TCP -j RETURN
|
||||
|
||||
$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT
|
||||
$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT
|
||||
|
||||
|
||||
###############################################################################
|
||||
echo "Process INPUT chain ..."
|
||||
|
||||
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
|
||||
$IPT -A INPUT -p ALL -j bad_packets
|
||||
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
|
||||
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT
|
||||
$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
|
||||
-j ACCEPT
|
||||
|
||||
$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound
|
||||
#$IPT -A INPUT -p TCP -i $INET_IFACE2 -j tcp_inbound
|
||||
$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound
|
||||
$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
|
||||
|
||||
$IPT -A INPUT -m pkttype --pkt-type broadcast -j DROP
|
||||
$IPT -A INPUT -j LOG --log-prefix "fp=INPUT:99 a=DROP "
|
||||
|
||||
###############################################################################
|
||||
echo "Process FORWARD chain ..."
|
||||
|
||||
$IPT -A FORWARD -p ALL -j bad_packets
|
||||
$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound
|
||||
$IPT -A FORWARD -p udp -i $LOCAL_IFACE -j udp_outbound
|
||||
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT
|
||||
$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
|
||||
-j ACCEPT
|
||||
$IPT -A FORWARD -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
|
||||
|
||||
###############################################################################
|
||||
echo "Process OUTPUT chain ..."
|
||||
|
||||
#$IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP
|
||||
$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
|
||||
$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
|
||||
$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT
|
||||
$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT
|
||||
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
|
||||
#$IPT -A OUTPUT -p ALL -o $INET_IFACE2 -j ACCEPT
|
||||
$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP "
|
||||
|
||||
###############################################################################
|
||||
echo "Load rules for nat table ..."
|
||||
|
||||
### MASQUERADE
|
||||
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
|
||||
|
||||
###
|
||||
###
|
||||
###
|
||||
echo "Loading additiona rules ..."
|
||||
|
||||
### VPN
|
||||
#$IPT -I INPUT -i tun+ -j ACCEPT
|
||||
#$IPT -I OUTPUT -o tun+ -j ACCEPT
|
||||
|
127
scripts/mpd-playlists.sh
Normal file
127
scripts/mpd-playlists.sh
Normal file
|
@ -0,0 +1,127 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# kozunak.sh - kozunak.org radio sheduler by afx
|
||||
|
||||
# Usage: kozunak.sh <subdir>
|
||||
|
||||
#SETTINGS
|
||||
radiodir="/srv/sftp/radio" #location of the music parent dir
|
||||
mpdconf="/usr/local/etc/musicpd.conf" #location of mpd.conf
|
||||
alwaysrestart=0 #debug purpouses
|
||||
|
||||
################################################
|
||||
|
||||
#BOOT
|
||||
prefix="kozunak.sh: [`date "+%H:%M"`]"
|
||||
if [ ! -d $radiodir/$1 ] || [ "$1" == "" ] ; then
|
||||
echo "$prefix no such playlist $1"
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ ! -x $mpdconf ] ; then
|
||||
echo "cant find musicpd.conf!"
|
||||
exit
|
||||
fi
|
||||
|
||||
hour=`date +%H`
|
||||
if [ "$hour" = "06" ] || [ $alwaysrestart == 1 ]; then
|
||||
echo "$prefix server restart"
|
||||
musicpd --kill
|
||||
sleep 2
|
||||
rm -f /var/run/mpd/database
|
||||
#mpd --create-db $mpdconf
|
||||
musicpd $mpdconf
|
||||
fi
|
||||
|
||||
#FIX
|
||||
IFS='
|
||||
'
|
||||
for i in 1 2
|
||||
do
|
||||
|
||||
#SCAN FILES
|
||||
find "$radiodir/$1/" -depth 1 -name "*.flac" | while read flac ; do
|
||||
tmp1flac_a=`metaflac --show-tag=Artist "$flac"`
|
||||
tmp2flac_a=${tmp1flac_a:7}
|
||||
tmp1flac_n=`metaflac --show-tag=Title "$flac"`
|
||||
tmp2flac_n=${tmp1flac_n:6}
|
||||
baseflac=$(basename "$flac")
|
||||
dirflac=$(dirname "$flac")
|
||||
newflac=$(echo "$tmp2flac_a - $tmp2flac_n.flac" | tr ' ' '_' | tr '?' '_' | tr '/' '_' | tr -d '#' | tr -d '\n')
|
||||
if [ "$tmp2flac_a" == "" ] || [ "$tmp2flac_n" == "" ] ; then
|
||||
if [ "${baseflac:0:2}" == "__" ] ; then
|
||||
newflac=$(echo "$baseflac" | tr ' ' '_' | tr '?' '_' | tr '/' '_')
|
||||
else
|
||||
newflac=$(echo "__$baseflac" | tr ' ' '_' | tr '?' '_' | tr '/' '_')
|
||||
fi
|
||||
fi
|
||||
if [ "$baseflac" != "$newflac" ] ; then
|
||||
echo "$prefix found $baseflac -> $newflac"
|
||||
mv "$flac" "$dirflac/$newflac"
|
||||
fi
|
||||
done
|
||||
find "$radiodir/$1/" -depth 1 -name "*.mp3" | while read mp3 ; do
|
||||
tmpmp3_a=`id3info "$mp3" | grep -i '^=== TPE1 ' | sed 's/^=== TPE1.*: //'`
|
||||
if [ "$tmpmp3_a" == "" ] ; then
|
||||
tmpmp3_a=`id3v2 -l "$mp3" | grep -i '^TP1 ' | sed 's/^TP1.*: //'`
|
||||
fi
|
||||
tmpmp3_n=`id3info "$mp3" | grep -i '^=== TIT2 ' | sed 's/^=== TIT2.*: //'`
|
||||
if [ "$tmpmp3_n" == "" ] ; then
|
||||
tmpmp3_n=`id3v2 -l "$mp3" | grep -i '^TT2 ' | sed 's/^TT2.*: //'`
|
||||
fi
|
||||
basemp3=$(basename "$mp3")
|
||||
dirmp3=$(dirname "$mp3")
|
||||
newmp3=$(echo "$tmpmp3_a - $tmpmp3_n.mp3" | tr ' ' '_' | tr '?' '_' | tr '/' '_' | tr -d '#' | tr -d '\n')
|
||||
if [ "$tmpmp3_a" == "" ] || [ "$tmpmp3_n" == "" ] ; then
|
||||
if [ "${basemp3:0:2}" == "__" ] ; then
|
||||
newmp3=$(echo "$basemp3" | tr ' ' '_' | tr '?' '_' | tr '/' '_')
|
||||
else
|
||||
newmp3=$(echo "__$basemp3" | tr ' ' '_' | tr '?' '_' | tr '/' '_')
|
||||
fi
|
||||
fi
|
||||
if [ "$basemp3" != "$newmp3" ] ; then
|
||||
echo "$prefix found $basemp3 -> $newmp3"
|
||||
mv "$mp3" "$dirmp3/$newmp3"
|
||||
fi
|
||||
done
|
||||
done
|
||||
unset IFS
|
||||
|
||||
#INIT MPD
|
||||
musicdir=`awk '/^music_directory/ {print $2}' $mpdconf | cut -d '"' -f2`
|
||||
crnt=`mpc -f %file% | head -n 1`
|
||||
find $musicdir/* -not -name "$crnt" -exec rm {} +
|
||||
mpc --no-status crop
|
||||
|
||||
#IMPORT IN MPD
|
||||
count=0
|
||||
find "$radiodir/$1/" -depth 1 -name "*" > /tmp/kozunak.temp
|
||||
while read fle ; do
|
||||
bsfile=$(basename "$fle")
|
||||
if [ "$bsfile" = "$crnt" ] ; then
|
||||
continue
|
||||
fi
|
||||
ln -s "$fle" "$musicdir/$bsfile"
|
||||
chown nobody:ftpsrv "$musicdir/$bsfile"
|
||||
chmod g+w "$musicdir/$bsfile"
|
||||
let "count+=1"
|
||||
done < /tmp/kozunak.temp
|
||||
mpc --no-status --wait update
|
||||
sleep 20
|
||||
mpc ls | mpc add
|
||||
mpc --no-status random on
|
||||
mpc --no-status repeat on
|
||||
if [ "$hour" = "06" ] || [ $alwaysrestart == 1 ]; then
|
||||
mpc --no-status play
|
||||
else
|
||||
mpc --no-status next
|
||||
mpc --no-status next
|
||||
sleep 2
|
||||
mpc --no-status del 1
|
||||
rm "$musicdir/$crnt"
|
||||
fi
|
||||
|
||||
#CHANGE BACKGROUND
|
||||
#rnd=`/root/scripts/devrandom 1 4`
|
||||
|
||||
#ln -fs /usr/local/www/nginx/purple$rnd.jpg /usr/local/www/nginx/purple.jpg
|
25
scripts/mssqldump.bat
Normal file
25
scripts/mssqldump.bat
Normal file
|
@ -0,0 +1,25 @@
|
|||
@ECHO ON
|
||||
SETLOCAL
|
||||
|
||||
del c:\sqlbackup\*.bak
|
||||
|
||||
REM Get date in format YYYY-MM-DD (assumes the locale is the United States)
|
||||
FOR /F "tokens=1,2,3,4 delims=/ " %%A IN ('Date /T') DO SET NowDate=%%D-%%B-%%C
|
||||
|
||||
REM Build a list of databases to backup
|
||||
SET DBList=%SystemDrive%SQLDBList.txt
|
||||