maybe chmod 0644 'mysql/mariadb.conf.d/50-mysql-clients.cnf'
maybe chmod 0644 'mysql/mariadb.conf.d/50-mysqld_safe.cnf'
maybe chmod 0644 'mysql/mariadb.conf.d/50-server.cnf'
-maybe chmod 0644 'mysql/my.cnf'
maybe chmod 0644 'mysql/my.cnf.2021.04.08.22.02.11'
maybe chmod 0644 'mysql/my.cnf.fallback'
maybe chmod 0644 'nanorc'
maybe chmod 0644 'network/interfaces.d/50-cloud-init'
maybe chmod 0644 'networks'
maybe chmod 0755 'nftables.conf'
+maybe chmod 0755 'nftables.conf.2021.04.08.22.02.11'
maybe chmod 0755 'nginx'
maybe chmod 0755 'nginx/conf-available'
maybe chmod 0644 'nginx/conf-available/0-general.conf'
|_| |_|\___|_|\__, |\__,_|
|___/
-Mathematik, die auf Konviktion, Überführung ausgeht, weshalb
-gute Köpfe sich an ihr ärgern.
- -- Goethe, Maximen und Reflektionen, Nr. 1339
+Wer für Harmonie ist, muß auch bereit sein, das Harmonium zu spielen.
+ -- Franz Josef Strauß
-Today is Pungenday, the 25th day of Discord in the YOLD 3187
+Today is Prickle-Prickle, the 26th day of Discord in the YOLD 3187
+++ /dev/null
-# The MariaDB configuration file
-#
-# The MariaDB/MySQL tools read configuration files in the following order:
-# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults,
-# 2. "/etc/mysql/conf.d/*.cnf" to set global options.
-# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
-# 4. "~/.my.cnf" to set user-specific options.
-#
-# If the same option is defined multiple times, the last one will apply.
-#
-# One can use all long options that the program supports.
-# Run program with --help to get a list of available options and with
-# --print-defaults to see which it would actually understand and use.
-
-#
-# This group is read both both by the client and the server
-# use it for options that affect everything
-#
-[client-server]
-
-# Import all .cnf files from configuration directory
-!includedir /etc/mysql/conf.d/
-!includedir /etc/mysql/mariadb.conf.d/
--- /dev/null
+/etc/alternatives/my.cnf
\ No newline at end of file
flush ruleset
+# `inet` applies to both IPv4 and IPv6.
table inet filter {
- chain input {
- type filter hook input priority 0;
- }
- chain forward {
- type filter hook forward priority 0;
- }
- chain output {
- type filter hook output priority 0;
- }
+ chain input {
+ type filter hook input priority 0;
+
+ # accept any localhost traffic
+ iif lo accept
+
+ # no ping floods:
+ ip protocol icmp icmp type echo-request limit rate over 10/second burst 4 packets drop
+ ip6 nexthdr icmpv6 icmpv6 type echo-request limit rate over 10/second burst 4 packets drop
+
+ # accept traffic originated from us
+ ct state established,related accept
+
+ # accept ICMP & IGMP
+ ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } accept
+ ip protocol icmp icmp type { destination-unreachable, router-solicitation, router-advertisement, time-exceeded, parameter-problem } accept
+ ip protocol igmp accept
+
+ # ssh
+ tcp dport 22 accept
+
+ # http/https
+ tcp dport 80 accept
+ tcp dport 443 accept
+
+ # smtp/submission
+ tcp dport 25 accept
+ tcp dport 587 accept
+
+ # pop3/pop3s
+ tcp dport 110 accept
+ tcp dport 995 accept
+
+ # imap/imaps
+ tcp dport 143 accept
+ tcp dport 993 accept
+
+ # count and drop any other traffic
+ counter drop
+ }
+
+ chain output {
+ type filter hook output priority 0;
+ policy accept;
+ }
+
+ chain forward {
+ type filter hook forward priority 0;
+ policy drop;
+ }
}
--- /dev/null
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+ chain input {
+ type filter hook input priority 0;
+ }
+ chain forward {
+ type filter hook forward priority 0;
+ }
+ chain output {
+ type filter hook output priority 0;
+ }
+}
--- /dev/null
+/lib/systemd/system/nftables.service
\ No newline at end of file
projects / config / helga-hetzner / etc.git / commitdiff