From: Frank Brehm Date: Tue, 1 Nov 2016 05:25:29 +0000 (+0100) Subject: daily autocommit X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=0874ca5bf125873a1e30e0405c96ebc77fc8ed80;p=config%2Fsarah%2Fetc.git daily autocommit --- diff --git a/iptables/rules.v4 b/iptables/rules.v4 index 6cc2071..9b67364 100644 --- a/iptables/rules.v4 +++ b/iptables/rules.v4 @@ -1,27 +1,29 @@ -# Generated by iptables-save v1.4.21 on Mon Sep 26 10:19:33 2016 +# Generated by iptables-save v1.4.21 on Mon Oct 31 17:39:27 2016 *nat -:PREROUTING ACCEPT [112659:8532624] -:INPUT ACCEPT [81886:6621185] -:OUTPUT ACCEPT [1331185:87166714] -:POSTROUTING ACCEPT [1331185:87166714] +:PREROUTING ACCEPT [279570:21965744] +:INPUT ACCEPT [171819:15785399] +:OUTPUT ACCEPT [3628675:238952734] +:POSTROUTING ACCEPT [3628675:238952734] COMMIT -# Completed on Mon Sep 26 10:19:33 2016 -# Generated by iptables-save v1.4.21 on Mon Sep 26 10:19:33 2016 +# Completed on Mon Oct 31 17:39:27 2016 +# Generated by iptables-save v1.4.21 on Mon Oct 31 17:39:27 2016 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [54:12032] +:OUTPUT ACCEPT [2508:182100] :fail2ban-dovecot - [0:0] :fail2ban-postfix - [0:0] :fail2ban-roundcube - [0:0] :fail2ban-sshd - [0:0] :fail2ban-sshd-ddos - [0:0] +:mysql - [0:0] -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j fail2ban-postfix -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j fail2ban-dovecot -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j fail2ban-roundcube -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-sshd-ddos -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-sshd -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT @@ -38,6 +40,7 @@ COMMIT -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 3306 -j mysql -A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1 -A INPUT -j REJECT --reject-with icmp-port-unreachable -A fail2ban-dovecot -j RETURN @@ -45,5 +48,11 @@ COMMIT -A fail2ban-roundcube -j RETURN -A fail2ban-sshd -j RETURN -A fail2ban-sshd-ddos -j RETURN +-A mysql -s 127.0.0.1/32 -j ACCEPT +-A mysql -s 185.48.118.130/32 -j ACCEPT +-A mysql -s 10.12.20.5/32 -j ACCEPT +-A mysql -s 10.12.20.2/32 -j ACCEPT +-A mysql -j NFLOG --nflog-prefix "MySQL Reject " --nflog-threshold 1 +-A mysql -j REJECT --reject-with icmp-port-unreachable COMMIT -# Completed on Mon Sep 26 10:19:33 2016 +# Completed on Mon Oct 31 17:39:27 2016 diff --git a/iptables/rules.v6 b/iptables/rules.v6 index f143a0e..c1cdb0f 100644 --- a/iptables/rules.v6 +++ b/iptables/rules.v6 @@ -1,8 +1,9 @@ -# Generated by ip6tables-save v1.4.21 on Mon Sep 26 10:19:33 2016 +# Generated by ip6tables-save v1.4.21 on Mon Oct 31 17:39:27 2016 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [2483383:366152517] +:OUTPUT ACCEPT [0:0] +:mysql - [0:0] -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT @@ -13,7 +14,15 @@ -A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT -A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 3306 -j mysql -A INPUT -j NFLOG --nflog-prefix "IPv6 INPUT Reject " --nflog-threshold 1 -A INPUT -j REJECT --reject-with icmp6-port-unreachable +-A mysql -s ::1/128 -j ACCEPT +-A mysql -s 2001:6f8:1db7::5/128 -j ACCEPT +-A mysql -s fe80::1:95ff:fe97:8a08/128 -j ACCEPT +-A mysql -s 2001:6f8:1db7::2/128 -j ACCEPT +-A mysql -s fe80::1:d8ff:fea2:5ec1/128 -j ACCEPT +-A mysql -j NFLOG --nflog-prefix "IPv6 MySQL Reject " --nflog-threshold 1 +-A mysql -j REJECT --reject-with icmp6-port-unreachable COMMIT -# Completed on Mon Sep 26 10:19:33 2016 +# Completed on Mon Oct 31 17:39:27 2016 diff --git a/mysql/my.cnf b/mysql/my.cnf index f571416..40bfaad 100644 --- a/mysql/my.cnf +++ b/mysql/my.cnf @@ -45,7 +45,8 @@ skip-external-locking # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. -bind-address = 127.0.0.1 +#bind-address = 127.0.0.1 +bind-address = * # # * Fine Tuning #