daily autocommit

diff --git a/iptables/rules.v4 b/iptables/rules.v4
index 01d9d260fdafb3bb7fd0bad6de775c53708af7e9..8576690e178788c62d87f9a79c62e5b4e4ee2d84 100644 (file)
--- a/iptables/rules.v4
+++ b/iptables/rules.v4
@@ -1,9 +1,18 @@
-# Generated by iptables-save v1.6.0 on Wed Jul 19 21:42:25 2017
+# Generated by iptables-save v1.6.0 on Thu Jul 20 10:13:13 2017
+*nat
+:PREROUTING ACCEPT [7691:490389]
+:INPUT ACCEPT [1504:145068]
+:OUTPUT ACCEPT [9822:727415]
+:POSTROUTING ACCEPT [9822:727415]
+COMMIT
+# Completed on Thu Jul 20 10:13:13 2017
+# Generated by iptables-save v1.6.0 on Thu Jul 20 10:13:13 2017
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
-:OUTPUT ACCEPT [66:13536]
+:OUTPUT ACCEPT [120:16499]
 :mysql - [0:0]
+:rejects - [0:0]
 -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
@@ -23,6 +32,7 @@
 -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 3306 -j mysql
+-A INPUT -j rejects
 -A INPUT -j NFLOG --nflog-prefix  "INPUT Reject " --nflog-threshold 1
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
 -A mysql -s 127.0.0.1/32 -j ACCEPT
@@ -31,13 +41,17 @@
 -A mysql -s 10.12.20.2/32 -j ACCEPT
 -A mysql -j NFLOG --nflog-prefix  "MySQL Reject " --nflog-threshold 1
 -A mysql -j REJECT --reject-with icmp-port-unreachable
+-A rejects -s 134.119.179.226/32 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 23 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 445 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 1433 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 1900 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 2323 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p udp -m udp --dport 5060 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable
+-A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
 COMMIT
-# Completed on Wed Jul 19 21:42:25 2017
-# Generated by iptables-save v1.6.0 on Wed Jul 19 21:42:25 2017
-*nat
-:PREROUTING ACCEPT [76:3960]
-:INPUT ACCEPT [23:1804]
-:OUTPUT ACCEPT [19:1598]
-:POSTROUTING ACCEPT [19:1598]
-COMMIT
-# Completed on Wed Jul 19 21:42:25 2017
+# Completed on Thu Jul 20 10:13:13 2017

diff --git a/iptables/rules.v6 b/iptables/rules.v6
index 10c2a109b3769ad19e564b7bb70186e808ac6cc6..26f60a1eac3027dfbda30ac44e89ef037ef11877 100644 (file)
--- a/iptables/rules.v6
+++ b/iptables/rules.v6
@@ -1,8 +1,8 @@
-# Generated by ip6tables-save v1.6.0 on Wed Jul 19 21:42:25 2017
+# Generated by ip6tables-save v1.6.0 on Thu Jul 20 10:13:13 2017
 *filter
 :INPUT DROP [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [67:4588]
 :mysql - [0:0]
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED -j ACCEPT
@@ -25,4 +25,4 @@
 -A mysql -j NFLOG --nflog-prefix  "IPv6 MySQL Reject " --nflog-threshold 1
 -A mysql -j REJECT --reject-with icmp6-port-unreachable
 COMMIT
-# Completed on Wed Jul 19 21:42:25 2017
+# Completed on Thu Jul 20 10:13:13 2017

diff --git a/logwatch/conf/services/iptables.conf b/logwatch/conf/services/iptables.conf
index 854e3105da75fe2143f2ac2bb96d89ddafc5e01d..36d66dafc42480076eedd29b8794cd18d508ec27 100644 (file)
--- a/logwatch/conf/services/iptables.conf
+++ b/logwatch/conf/services/iptables.conf
@@ -24,12 +24,12 @@ $iptables_ip_lookup = Yes
 # Set this to enable a filter on iptables/ipchains displays
 # This will block out hosts who have less than the specified
 # number of hits between all ports.  Defaults to 0.
-$iptables_host_min_count = 0
+$iptables_host_min_count = 5
 
 # If both of the following settings are enabled, two output lists
 # will be produced. If none is set, the old style output is prduced.
 # Set this to generate old style output (sorted by source hosts)
-#$iptables_list_by_host = 0
+$iptables_list_by_host = 1
 # Set this to generate new style output (sorted by targeted service)
 $iptables_list_by_service = 1
 

diff --git a/motd b/motd
index 46dec075778c85f72bc6a5ff3e5368eeed0efef2..1cc5394fb1926aa8fac26ee05c8cd88e90afafe6 100644 (file)
--- a/motd
+++ b/motd
@@ -6,8 +6,8 @@ Debian GNU/Linux 9.0 (stretch)
 |____/ \__,_|_|  \__,_|_| |_|
                              
 
-Abwesenheit kann das Leben retten. 
-Die meisten, die starben, waren dabei in der Nähe!
+Reue ist Verstand, der zu spät kommt.
+               -- Ernst Freiherr von Feuchtersleben
 
-Today is Sweetmorn, the 55th day of Confusion in the YOLD 3183
+Today is Boomtime, the 56th day of Confusion in the YOLD 3183