From: Frank Brehm Date: Tue, 2 Jan 2018 13:30:15 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to apt run X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=e2e8e73834d7041f6d4d0e1650f88348339acb71;p=config%2Fsarah%2Fetc.git saving uncommitted changes in /etc prior to apt run --- diff --git a/.etckeeper b/.etckeeper index 31e568b..df0a03c 100755 --- a/.etckeeper +++ b/.etckeeper @@ -272,6 +272,7 @@ maybe chmod 0644 'default/hwclock' maybe chmod 0644 'default/icinga2' maybe chmod 0600 'default/iptables' maybe chmod 0644 'default/iptables.bak' +maybe chmod 0600 'default/iptables.save' maybe chmod 0644 'default/keyboard' maybe chmod 0644 'default/locale' maybe chmod 0644 'default/mysql' diff --git a/default/iptables b/default/iptables index 76fab36..109756b 100644 --- a/default/iptables +++ b/default/iptables @@ -1,26 +1,28 @@ -# Generated by iptables-save v1.6.0 on Tue Oct 10 22:18:16 2017 +# Generated by iptables-save v1.6.0 on Tue Jan 2 14:06:45 2018 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [1165:267654] +:OUTPUT ACCEPT [480:122160] :f2b-dovecot - [0:0] :f2b-postfix - [0:0] :f2b-roundcube - [0:0] :f2b-ssh - [0:0] :f2b-sshd - [0:0] :f2b-sshd-ddos - [0:0] +:icinga2 - [0:0] :mysql - [0:0] :rejects - [0:0] +-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd-ddos +-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh +-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-postfix -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-dovecot -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-roundcube --A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd-ddos -A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix --A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-postfix --A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -s 101.236.0.0/16 -p tcp -m tcp --dport 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT @@ -37,6 +39,7 @@ -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3306 -j mysql +-A INPUT -p tcp -m tcp --dport 5665 -j icinga2 -A INPUT -j rejects -A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1 -A INPUT -j REJECT --reject-with icmp-port-unreachable @@ -44,21 +47,23 @@ -A f2b-postfix -j RETURN -A f2b-postfix -j RETURN -A f2b-roundcube -j RETURN --A f2b-ssh -s 113.176.163.41/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 58.242.83.7/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 82.99.241.130/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 185.160.106.135/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 58.218.198.168/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 218.65.30.61/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 103.99.0.194/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 91.194.90.69/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 193.201.224.212/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-ssh -j RETURN --A f2b-sshd -s 113.176.163.41/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 58.242.83.7/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 82.99.241.130/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 185.160.106.135/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 58.218.198.168/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 203.101.160.157/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 218.65.30.61/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 103.99.0.194/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 91.194.90.69/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 193.201.224.212/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -j RETURN -A f2b-sshd-ddos -j RETURN +-A icinga2 -s 185.102.95.107/32 -j ACCEPT +-A icinga2 -s 162.254.24.33/32 -j ACCEPT +-A icinga2 -s 185.48.118.128/32 -j ACCEPT +-A icinga2 -s 185.48.118.130/32 -j ACCEPT +-A icinga2 -j REJECT --reject-with icmp-port-unreachable -A mysql -s 127.0.0.1/32 -j ACCEPT -A mysql -s 185.48.118.130/32 -j ACCEPT -A mysql -s 10.12.20.5/32 -j ACCEPT @@ -78,12 +83,12 @@ -A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable -A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable COMMIT -# Completed on Tue Oct 10 22:18:16 2017 -# Generated by iptables-save v1.6.0 on Tue Oct 10 22:18:16 2017 +# Completed on Tue Jan 2 14:06:45 2018 +# Generated by iptables-save v1.6.0 on Tue Jan 2 14:06:45 2018 *nat -:PREROUTING ACCEPT [601546:44803933] -:INPUT ACCEPT [196228:19381261] -:OUTPUT ACCEPT [996083:74607655] -:POSTROUTING ACCEPT [996083:74607655] +:PREROUTING ACCEPT [1463851:98453694] +:INPUT ACCEPT [1031109:73204844] +:OUTPUT ACCEPT [1871784:140582153] +:POSTROUTING ACCEPT [1871784:140582153] COMMIT -# Completed on Tue Oct 10 22:18:16 2017 +# Completed on Tue Jan 2 14:06:45 2018 diff --git a/default/iptables.save b/default/iptables.save new file mode 100644 index 0000000..76fab36 --- /dev/null +++ b/default/iptables.save @@ -0,0 +1,89 @@ +# Generated by iptables-save v1.6.0 on Tue Oct 10 22:18:16 2017 +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [1165:267654] +:f2b-dovecot - [0:0] +:f2b-postfix - [0:0] +:f2b-roundcube - [0:0] +:f2b-ssh - [0:0] +:f2b-sshd - [0:0] +:f2b-sshd-ddos - [0:0] +:mysql - [0:0] +:rejects - [0:0] +-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-dovecot +-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-roundcube +-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd-ddos +-A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix +-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-postfix +-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh +-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd +-A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -p udp -m udp --dport 68 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 3306 -j mysql +-A INPUT -j rejects +-A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1 +-A INPUT -j REJECT --reject-with icmp-port-unreachable +-A f2b-dovecot -j RETURN +-A f2b-postfix -j RETURN +-A f2b-postfix -j RETURN +-A f2b-roundcube -j RETURN +-A f2b-ssh -s 113.176.163.41/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 58.242.83.7/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 82.99.241.130/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 185.160.106.135/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 58.218.198.168/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -j RETURN +-A f2b-sshd -s 113.176.163.41/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 58.242.83.7/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 82.99.241.130/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 185.160.106.135/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 58.218.198.168/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -j RETURN +-A f2b-sshd-ddos -j RETURN +-A mysql -s 127.0.0.1/32 -j ACCEPT +-A mysql -s 185.48.118.130/32 -j ACCEPT +-A mysql -s 10.12.20.5/32 -j ACCEPT +-A mysql -s 10.12.20.2/32 -j ACCEPT +-A mysql -j NFLOG --nflog-prefix "MySQL Reject " --nflog-threshold 1 +-A mysql -j REJECT --reject-with icmp-port-unreachable +-A rejects -s 134.119.179.226/32 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 23 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 445 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 1433 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 1900 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 2323 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p udp -m udp --dport 5060 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable +COMMIT +# Completed on Tue Oct 10 22:18:16 2017 +# Generated by iptables-save v1.6.0 on Tue Oct 10 22:18:16 2017 +*nat +:PREROUTING ACCEPT [601546:44803933] +:INPUT ACCEPT [196228:19381261] +:OUTPUT ACCEPT [996083:74607655] +:POSTROUTING ACCEPT [996083:74607655] +COMMIT +# Completed on Tue Oct 10 22:18:16 2017 diff --git a/iptables/rules.v4 b/iptables/rules.v4 index 07ad151..b41f5f8 100644 --- a/iptables/rules.v4 +++ b/iptables/rules.v4 @@ -1,8 +1,8 @@ -# Generated by iptables-save v1.6.0 on Fri Oct 13 16:05:30 2017 +# Generated by iptables-save v1.6.0 on Tue Jan 2 14:06:59 2018 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [89:42172] +:OUTPUT ACCEPT [557:134458] :f2b-dovecot - [0:0] :f2b-postfix - [0:0] :f2b-roundcube - [0:0] @@ -12,16 +12,17 @@ :icinga2 - [0:0] :mysql - [0:0] :rejects - [0:0] +-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd-ddos -A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-postfix -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-dovecot -A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-roundcube --A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd-ddos -A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -s 101.236.0.0/16 -p tcp -m tcp --dport 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT @@ -43,104 +44,19 @@ -A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1 -A INPUT -j REJECT --reject-with icmp-port-unreachable -A f2b-dovecot -j RETURN --A f2b-postfix -s 93.107.109.90/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-postfix -s 144.76.221.187/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-postfix -j RETURN -A f2b-postfix -j RETURN -A f2b-roundcube -j RETURN --A f2b-ssh -s 112.216.20.126/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 192.169.231.194/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 103.215.24.251/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 204.12.217.242/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 58.242.83.8/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 200.115.134.237/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 181.51.187.91/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 142.54.101.146/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 202.29.39.242/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 208.184.100.106/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 41.208.150.114/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 190.110.90.34/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 192.210.192.172/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 190.95.162.186/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 45.4.148.12/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 61.147.125.175/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 117.239.246.55/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 175.207.13.114/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 201.149.99.162/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 187.216.113.99/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 190.205.54.150/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 82.49.158.38/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 121.156.65.122/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 118.193.178.203/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 75.127.147.2/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 220.118.150.190/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 122.228.158.54/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 187.85.207.19/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 201.102.183.87/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 118.47.51.57/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 117.149.135.245/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 182.254.146.248/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 178.219.174.77/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 96.88.170.121/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 114.113.69.226/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 68.83.223.19/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 118.122.114.217/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 59.126.254.98/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 200.57.117.119/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 118.89.238.120/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 110.45.146.187/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 183.134.99.50/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 201.20.116.124/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 115.248.66.139/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 218.65.30.61/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 103.99.0.194/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 91.194.90.69/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 193.201.224.212/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-ssh -j RETURN --A f2b-sshd -s 112.216.20.126/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 192.169.231.194/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 103.215.24.251/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 204.12.217.242/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 58.242.83.8/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 113.195.145.79/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 200.115.134.237/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 181.51.187.91/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 142.54.101.146/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 202.29.39.242/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 208.184.100.106/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 41.208.150.114/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 190.110.90.34/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 192.210.192.172/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 190.95.162.186/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 45.4.148.12/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 61.147.125.175/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 117.239.246.55/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 175.207.13.114/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 201.149.99.162/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 187.216.113.99/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 190.205.54.150/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 82.49.158.38/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 121.156.65.122/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 118.193.178.203/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 75.127.147.2/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 220.118.150.190/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 122.228.158.54/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 58.242.83.25/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 187.85.207.19/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 201.102.183.87/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 118.47.51.57/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 117.149.135.245/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 182.254.146.248/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 178.219.174.77/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 96.88.170.121/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 114.113.69.226/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 68.83.223.19/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 118.122.114.217/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 59.126.254.98/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 200.57.117.119/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 118.89.238.120/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 110.45.146.187/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 183.134.99.50/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 201.20.116.124/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-sshd -s 115.248.66.139/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 203.101.160.157/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 218.65.30.61/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 103.99.0.194/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 91.194.90.69/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 193.201.224.212/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -j RETURN -A f2b-sshd-ddos -j RETURN -A icinga2 -s 185.102.95.107/32 -j ACCEPT @@ -167,12 +83,12 @@ -A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable -A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable COMMIT -# Completed on Fri Oct 13 16:05:30 2017 -# Generated by iptables-save v1.6.0 on Fri Oct 13 16:05:30 2017 +# Completed on Tue Jan 2 14:06:59 2018 +# Generated by iptables-save v1.6.0 on Tue Jan 2 14:06:59 2018 *nat -:PREROUTING ACCEPT [22475:1674801] -:INPUT ACCEPT [8440:806301] -:OUTPUT ACCEPT [41015:3061282] -:POSTROUTING ACCEPT [41015:3061282] +:PREROUTING ACCEPT [1463852:98453754] +:INPUT ACCEPT [1031110:73204904] +:OUTPUT ACCEPT [1871784:140582153] +:POSTROUTING ACCEPT [1871784:140582153] COMMIT -# Completed on Fri Oct 13 16:05:30 2017 +# Completed on Tue Jan 2 14:06:59 2018 diff --git a/iptables/rules.v6 b/iptables/rules.v6 index 208245f..45d55f1 100644 --- a/iptables/rules.v6 +++ b/iptables/rules.v6 @@ -1,8 +1,8 @@ -# Generated by ip6tables-save v1.6.0 on Fri Oct 13 16:05:30 2017 +# Generated by ip6tables-save v1.6.0 on Tue Jan 2 14:06:59 2018 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [126:8052] +:OUTPUT ACCEPT [2367:139293] :mysql - [0:0] -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED -j ACCEPT @@ -25,4 +25,4 @@ -A mysql -j NFLOG --nflog-prefix "IPv6 MySQL Reject " --nflog-threshold 1 -A mysql -j REJECT --reject-with icmp6-port-unreachable COMMIT -# Completed on Fri Oct 13 16:05:30 2017 +# Completed on Tue Jan 2 14:06:59 2018 diff --git a/motd b/motd index d85935f..08e1577 100644 --- a/motd +++ b/motd @@ -6,9 +6,8 @@ Debian GNU/Linux 9.3 (stretch) |____/ \__,_|_| \__,_|_| |_| -Reich wird man nicht vom Geld, was man verdient, sondern von dem Geld, -was man nicht ausgibt. - -- Henry Ford +Freude läßt sich nur ganz auskosten, wenn sich ein anderer mitfreut. + -- Mark Twain (eigl. Samuel Langhorne Clemens) Today is Boomtime, the 2nd day of Chaos in the YOLD 3184 diff --git a/ssh/sshd_config b/ssh/sshd_config index bd8270e..b42b81d 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -16,8 +16,8 @@ HostKey /etc/ssh/ssh_host_ed25519_key UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key -KeyRegenerationInterval 3600 -ServerKeyBits 1024 +#KeyRegenerationInterval 3600 +#ServerKeyBits 1024 # Logging SyslogFacility AUTH @@ -29,14 +29,14 @@ LoginGraceTime 120 PermitRootLogin without-password StrictModes yes -RSAAuthentication yes +#RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no +#RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication