From 8f14b9a3e4e6a387e84d69e6657dc89d88edfd9d Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Wed, 30 Jan 2019 06:34:35 +0100
Subject: [PATCH] daily autocommit

---
 .etckeeper        |  7 +++++++
 iptables/rules.v4 | 23 ++++++++++++++++++++---
 iptables/rules.v6 |  6 +++---
 3 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/.etckeeper b/.etckeeper
index 103521c..6e7acc6 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -25,6 +25,9 @@ mkdir -p './initramfs-tools/scripts/nfs-top'
 mkdir -p './initramfs-tools/scripts/panic'
 mkdir -p './insserv/overrides'
 mkdir -p './kernel/install.d'
+mkdir -p './letsencrypt/renewal-hooks/deploy'
+mkdir -p './letsencrypt/renewal-hooks/post'
+mkdir -p './letsencrypt/renewal-hooks/pre'
 mkdir -p './logwatch/scripts/services'
 mkdir -p './modprobe.d'
 mkdir -p './network/if-pre-up.d'
@@ -1273,6 +1276,10 @@ maybe chmod 0755 'letsencrypt/live/ns1.uhu-banane.de'
 maybe chmod 0755 'letsencrypt/live/ns1.uhu-banane.de-0001'
 maybe chmod 0644 'letsencrypt/options-ssl-apache.conf'
 maybe chmod 0755 'letsencrypt/renewal'
+maybe chmod 0755 'letsencrypt/renewal-hooks'
+maybe chmod 0755 'letsencrypt/renewal-hooks/deploy'
+maybe chmod 0755 'letsencrypt/renewal-hooks/post'
+maybe chmod 0755 'letsencrypt/renewal-hooks/pre'
 maybe chmod 0644 'letsencrypt/renewal/cloud.uhu-banane.de.conf'
 maybe chmod 0644 'letsencrypt/renewal/ns1.uhu-banane.de-0001.conf'
 maybe chmod 0644 'letsencrypt/renewal/ns1.uhu-banane.de.conf'
diff --git a/iptables/rules.v4 b/iptables/rules.v4
index 5010d33..875b6ed 100644
--- a/iptables/rules.v4
+++ b/iptables/rules.v4
@@ -1,8 +1,8 @@
-# Generated by iptables-save v1.6.0 on Sat Aug 25 13:28:10 2018
+# Generated by iptables-save v1.6.0 on Tue Jan 29 22:32:37 2019
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [197:30645]
+:OUTPUT ACCEPT [123:32094]
 :f2b-apache - [0:0]
 :f2b-apache-modsecurity - [0:0]
 :f2b-apache-nohome - [0:0]
@@ -38,19 +38,36 @@
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
 -A f2b-apache -j RETURN
 -A f2b-apache -j RETURN
+-A f2b-apache -j RETURN
+-A f2b-apache-modsecurity -j RETURN
 -A f2b-apache-modsecurity -j RETURN
 -A f2b-apache-modsecurity -j RETURN
 -A f2b-apache-nohome -j RETURN
 -A f2b-apache-nohome -j RETURN
+-A f2b-apache-nohome -j RETURN
+-A f2b-apache-noscript -j RETURN
 -A f2b-apache-noscript -j RETURN
 -A f2b-apache-noscript -j RETURN
 -A f2b-apache-overflows -j RETURN
 -A f2b-apache-overflows -j RETURN
+-A f2b-apache-overflows -j RETURN
+-A f2b-postfix -j RETURN
 -A f2b-postfix -j RETURN
 -A f2b-postfix -j RETURN
+-A f2b-ssh -s 58.242.83.38/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 34.220.15.156/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 40.73.0.32/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 132.232.18.180/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 160.120.130.219/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 119.29.197.54/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 91.234.24.6/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 45.55.20.128/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 212.64.0.80/32 -j REJECT --reject-with icmp-port-unreachable
 -A f2b-ssh -s 58.242.83.8/32 -j REJECT --reject-with icmp-port-unreachable
 -A f2b-ssh -j RETURN
 -A f2b-ssh -j RETURN
+-A f2b-ssh -j RETURN
+-A f2b-sshd -j RETURN
 -A f2b-sshd -j RETURN
 -A f2b-sshd -j RETURN
 -A icinga2 -s 185.102.95.107/32 -j ACCEPT
@@ -71,4 +88,4 @@
 -A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable
 -A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
 COMMIT
-# Completed on Sat Aug 25 13:28:10 2018
+# Completed on Tue Jan 29 22:32:37 2019
diff --git a/iptables/rules.v6 b/iptables/rules.v6
index 4945fad..44f8416 100644
--- a/iptables/rules.v6
+++ b/iptables/rules.v6
@@ -1,8 +1,8 @@
-# Generated by ip6tables-save v1.6.0 on Sat Aug 25 13:28:10 2018
+# Generated by ip6tables-save v1.6.0 on Tue Jan 29 22:32:37 2019
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [3133:1530061]
+:OUTPUT ACCEPT [56683:24592992]
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED -j ACCEPT
 -A INPUT -p ipv6-icmp -j ACCEPT
@@ -25,4 +25,4 @@
 -A FORWARD -j NFLOG --nflog-prefix  "IPv6 FORWARD Reject " --nflog-threshold 1
 -A FORWARD -j REJECT --reject-with icmp6-port-unreachable
 COMMIT
-# Completed on Sat Aug 25 13:28:10 2018
+# Completed on Tue Jan 29 22:32:37 2019
-- 
2.39.5