port = "5665"
}
+object Endpoint "helga.uhu-banane.de" {
+ host = "helga.uhu-banane.de"
+ port = "5665"
+}
+
object Endpoint "sarah.uhu-banane.de" {
host = "sarah.uhu-banane.de"
port = "5665"
parent = "master"
}
+object Zone "helga.uhu-banane.de" {
+ endpoints = [ "helga.uhu-banane.de" ]
+ parent = "master"
+}
+
object Zone "sarah.uhu-banane.de" {
endpoints = [ "sarah.uhu-banane.de" ]
parent = "master"
vars.client_endpoint = name //follows the convention that host name == endpoint name
}
+object Host "helga.uhu-banane.de" {
+ check_command = "hostalive" //check is executed on the master
+ address = "188.34.187.246"
+
+ vars.os = "Linux"
+ vars.os_family = "Debian"
+ # All about DNS server
+ vars.is_ns = true
+
+ vars.is_mta = true
+
+ vars.mailq_warning = 100
+ vars.mailq_critical = 300
+
+ # vars.smtp_address = "mail.uhu-banane.net"
+ vars.smtp_address = "mail.brehm-berlin.de"
+ vars.smtp_port = 25
+ vars.smtp_helo_fqdn = "icinga2.uhu-banane.de"
+ vars.smtp_starttls = true
+
+ vars.is_imap_server = true
+
+ vars.imap_address = "mail.brehm-berlin.de"
+ vars.imap_port = 993
+ vars.imap_ssl = true
+ vars.imap_ipv4 = true
+
+ /* Define http vhost attributes for service apply rules in `services.conf`. */
+ vars.http_vhosts["http"] = {
+ http_uri = "/"
+ }
+
+ /* Define disks and attributes for service apply rules in `services.conf`. */
+ vars.disks["disk"] = {
+ /* No parameters. */
+ }
+
+ vars.disks["disk /"] = {
+ disk_partitions = "/"
+ }
+
+ vars.disks["disk /home"] = {
+ disk_partitions = "/home"
+ }
+
+ vars.disks["disk /opt"] = {
+ disk_partitions = "/opt"
+ }
+
+ vars.disks["disk /var/backup"] = {
+ disk_partitions = "/var/backup"
+ }
+
+ vars.disks["disk /var/vmail"] = {
+ disk_partitions = "/var/vmail"
+ }
+
+ vars.disks["disk /var/lib/mysql"] = {
+ disk_partitions = "/var/lib/mysql"
+ }
+
+ /* Define notification mail attributes for notification apply rules in `notifications.conf`. */
+ vars.notification["mail"] = {
+ /* The UserGroup `icingaadmins` is defined in `users.conf`. */
+ groups = [ "icingaadmins" ]
+ }
+ vars.client_endpoint = name //follows the convention that host name == endpoint name
+}
+
object Host "sarah.uhu-banane.de" {
check_command = "hostalive" //check is executed on the master
address = "185.48.118.130"
-# Generated by xtables-save v1.8.2 on Wed Jan 6 22:58:39 2021
+# Generated by xtables-save v1.8.2 on Thu Apr 15 12:32:06 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [125:27461]
+:OUTPUT ACCEPT [21517411:75902220119]
:icinga2 - [0:0]
:rejects - [0:0]
+:f2b-ssh - [0:0]
+:f2b-apache-noscript - [0:0]
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-noscript
+-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh
-A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A icinga2 -s 185.102.95.107/32 -j ACCEPT
-A icinga2 -s 162.254.24.33/32 -j ACCEPT
-A icinga2 -s 185.48.118.128/32 -j ACCEPT
+-A icinga2 -s 188.34.187.246/32 -j ACCEPT
-A icinga2 -s 185.48.118.130/32 -j ACCEPT
-A icinga2 -j REJECT --reject-with icmp-port-unreachable
-A rejects -s 134.119.179.226/32 -j REJECT --reject-with icmp-port-unreachable
-A rejects -p udp -m udp --dport 5060 -j REJECT --reject-with icmp-port-unreachable
-A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable
-A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 222.209.232.64/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 104.248.236.10/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 106.13.93.99/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 134.209.96.131/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 49.88.112.116/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 81.68.250.31/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 5.88.135.45/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 104.248.36.3/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 138.68.184.70/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -j RETURN
+-A f2b-apache-noscript -j RETURN
COMMIT
-# Completed on Wed Jan 6 22:58:39 2021
+# Completed on Thu Apr 15 12:32:06 2021
-# Generated by xtables-save v1.8.2 on Wed Jan 6 22:58:39 2021
+# Generated by xtables-save v1.8.2 on Thu Apr 15 12:32:06 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [127:75361]
+:OUTPUT ACCEPT [38377729:17002516969]
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A FORWARD -j NFLOG --nflog-prefix "IPv6 FORWARD Reject " --nflog-threshold 1
-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
COMMIT
-# Completed on Wed Jan 6 22:58:39 2021
+# Completed on Thu Apr 15 12:32:06 2021
projects / config / ns1 / etc.git / commitdiff