From: Frank Brehm Date: Thu, 27 Oct 2016 06:10:47 +0000 (+0200) Subject: committing changes in /etc after emerge run X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=efbc5e84c9c952d23ae7f4a95a6e969da3fd1945;p=config%2Fbruni%2Fetc.git committing changes in /etc after emerge run Package changes: --- diff --git a/ppp/firewall-masq b/ppp/firewall-masq deleted file mode 100644 index 14b99711..00000000 --- a/ppp/firewall-masq +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/sh -# -# firewall-masq This script sets up firewall rules for a machine -# acting as a masquerading gateway -# -# Copyright (C) 2000 Roaring Penguin Software Inc. This software may -# be distributed under the terms of the GNU General Public License, version -# 2 or any later version. -# LIC: GPL - -# Interface to Internet -EXTIF=ppp+ - -# NAT-Tables are different, so we can use ACCEPT everywhere (?) -iptables -t nat -P PREROUTING ACCEPT -iptables -t nat -P OUTPUT ACCEPT -iptables -t nat -P POSTROUTING ACCEPT - -# Flush the NAT-Table -iptables -t nat -F - -iptables -t filter -P INPUT DROP -iptables -t filter -F - -# Allow incoming SSH -#iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 22 -j ACCEPT - -# Log & Deny the rest of the privileged ports -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p udp --dport 0:1023 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j DROP -iptables -t filter -A INPUT -i $EXTIF -p udp --dport 0:1023 -j DROP - -# Log & Deny NFS -iptables -t filter -A INPUT -i $EXTIF -p udp --dport 2049 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 2049 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p udp --dport 2049 -j DROP -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 2049 -j DROP - -# Log & Deny X11 -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 6000:6063 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 6000:6063 -j DROP - -# Log & Deny XFS -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 7100 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 7100 -j DROP - -# Deny TCP connection attempts -iptables -t filter -A INPUT -i $EXTIF -p tcp --syn -j LOG -iptables -t filter -A INPUT -i $EXTIF -p tcp --syn -j DROP - -# Deny ICMP echo-requests -iptables -t filter -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP - -# Do masquerading -iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE - -# Enable forwarding -echo 1 > /proc/sys/net/ipv4/ip_forward - -# no IP spoofing -if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ] ; then - for i in /proc/sys/net/ipv4/conf/*/rp_filter; do - echo 1 > $i - done -fi - -# Disable Source Routed Packets -for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do - echo 0 > $i -done diff --git a/ppp/firewall-standalone b/ppp/firewall-standalone deleted file mode 100644 index 15b310e4..00000000 --- a/ppp/firewall-standalone +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# -# firewall-standalone This script sets up firewall rules for a standalone -# machine -# -# Copyright (C) 2005 Roaring Penguin Software Inc. This software may -# be distributed under the terms of the GNU General Public License, version -# 2 or any later version. -# LIC: GPL - -# Interface to Internet -EXTIF=ppp+ - -iptables -P INPUT ACCEPT -iptables -P OUTPUT ACCEPT -iptables -P FORWARD DROP - -iptables -F FORWARD -iptables -F INPUT -iptables -F OUTPUT - -# Deny TCP and UDP packets to privileged ports -iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j LOG -iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j LOG -iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j DROP -iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j DROP - -# Deny TCP connection attempts -iptables -A INPUT -i $EXTIF -p tcp --syn -j LOG -iptables -A INPUT -i $EXTIF -p tcp --syn -j DROP - -# Deny ICMP echo-requests -iptables -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP - diff --git a/ppp/plugins/README b/ppp/plugins/README deleted file mode 100644 index f7dfb762..00000000 --- a/ppp/plugins/README +++ /dev/null @@ -1 +0,0 @@ -# Directory created by rp-pppoe for kernel-mode plugin diff --git a/ppp/plugins/rp-pppoe.so b/ppp/plugins/rp-pppoe.so deleted file mode 120000 index a7bfcce1..00000000 --- a/ppp/plugins/rp-pppoe.so +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/pppd/2.4.7/rp-pppoe.so \ No newline at end of file diff --git a/ppp/pppoe-server-options b/ppp/pppoe-server-options deleted file mode 100644 index b442db48..00000000 --- a/ppp/pppoe-server-options +++ /dev/null @@ -1,6 +0,0 @@ -# PPP options for the PPPoE server -# LIC: GPL -require-pap -login -lcp-echo-interval 10 -lcp-echo-failure 2 diff --git a/ppp/pppoe.conf b/ppp/pppoe.conf deleted file mode 100644 index bdef40c6..00000000 --- a/ppp/pppoe.conf +++ /dev/null @@ -1,145 +0,0 @@ -#*********************************************************************** -# -# pppoe.conf -# -# Configuration file for rp-pppoe. Edit as appropriate and install in -# /etc/ppp/pppoe.conf -# -# NOTE: This file is used by the pppoe-start, pppoe-stop, pppoe-connect and -# pppoe-status shell scripts. It is *not* used in any way by the -# "pppoe" executable. -# -# Copyright (C) 2000 Roaring Penguin Software Inc. -# -# This file may be distributed under the terms of the GNU General -# Public License. -# -# LIC: GPL -# $Id$ -#*********************************************************************** - -# When you configure a variable, DO NOT leave spaces around the "=" sign. - -# Ethernet card connected to DSL modem -# -# NB: Gentoo overrides ETH when pppoe-start is called from the -# networking scripts. This setting has no effect in that case. -ETH=eth1 - -# PPPoE user name. You may have to supply "@provider.com" Sympatico -# users in Canada do need to include "@sympatico.ca" -# Sympatico uses PAP authentication. Make sure /etc/ppp/pap-secrets -# contains the right username/password combination. -# For Magma, use xxyyzz@magma.ca -USER=bxxxnxnx@sympatico.ca - -# Bring link up on demand? Default is to leave link up all the time. -# If you want the link to come up on demand, set DEMAND to a number indicating -# the idle time after which the link is brought down. -DEMAND=no -#DEMAND=300 - -# DNS type: SERVER=obtain from server; SPECIFY=use DNS1 and DNS2; -# NOCHANGE=do not adjust. -DNSTYPE=SERVER - -# Obtain DNS server addresses from the peer (recent versions of pppd only) -# In old config files, this used to be called USEPEERDNS. Changed to -# PEERDNS for better Red Hat compatibility -PEERDNS=yes - -DNS1= -DNS2= - -# Make the PPPoE connection your default route. Set to -# DEFAULTROUTE=no if you don't want this. -DEFAULTROUTE=yes - -### ONLY TOUCH THE FOLLOWING SETTINGS IF YOU'RE AN EXPERT - -# How long pppoe-start waits for a new PPP interface to appear before -# concluding something went wrong. If you use 0, then pppoe-start -# exits immediately with a successful status and does not wait for the -# link to come up. Time is in seconds. -# -# WARNING WARNING WARNING: -# -# If you are using rp-pppoe on a physically-inaccessible host, set -# CONNECT_TIMEOUT to 0. This makes SURE that the machine keeps trying -# to connect forever after pppoe-start is called. Otherwise, it will -# give out after CONNECT_TIMEOUT seconds and will not attempt to -# connect again, making it impossible to reach. -CONNECT_TIMEOUT=30 - -# How often in seconds pppoe-start polls to check if link is up -CONNECT_POLL=2 - -# Specific desired AC Name -ACNAME= - -# Specific desired service name -SERVICENAME= - -# Character to echo at each poll. Use PING="" if you don't want -# anything echoed -PING="." - -# File where the pppoe-connect script writes its process-ID. -# Three files are actually used: -# $PIDFILE contains PID of pppoe-connect script -# $PIDFILE.pppoe contains PID of pppoe process -# $PIDFILE.pppd contains PID of pppd process -# -# NB: Gentoo overrides PIDFILE when pppoe-start is run from the -# networking scripts. This setting has no effect in that case. -PIDFILE="/var/run/rp-pppoe.pid" - -# Do you want to use synchronous PPP? "yes" or "no". "yes" is much -# easier on CPU usage, but may not work for you. It is safer to use -# "no", but you may want to experiment with "yes". "yes" is generally -# safe on Linux machines with the n_hdlc line discipline; unsafe on others. -SYNCHRONOUS=no - -# Do you want to clamp the MSS? Here's how to decide: -# - If you have only a SINGLE computer connected to the DSL modem, choose -# "no". -# - If you have a computer acting as a gateway for a LAN, choose "1412". -# The setting of 1412 is safe for either setup, but uses slightly more -# CPU power. -CLAMPMSS=1412 -#CLAMPMSS=no - -# LCP echo interval and failure count. -LCP_INTERVAL=20 -LCP_FAILURE=3 - -# PPPOE_TIMEOUT should be about 4*LCP_INTERVAL -PPPOE_TIMEOUT=80 - -# Firewalling: One of NONE, STANDALONE or MASQUERADE -FIREWALL=NONE - -# Linux kernel-mode plugin for pppd. If you want to try the kernel-mode -# plugin, use LINUX_PLUGIN=rp-pppoe.so -LINUX_PLUGIN= - -# Any extra arguments to pass to pppoe. Normally, use a blank string -# like this: -PPPOE_EXTRA="" - -# Rumour has it that "Citizen's Communications" with a 3Com -# HomeConnect DSL Modem DualLink requires these extra options: -# PPPOE_EXTRA="-f 3c12:3c13 -S ISP" - -# Any extra arguments to pass to pppd. Normally, use a blank string -# like this: -PPPD_EXTRA="" - - -########## DON'T CHANGE BELOW UNLESS YOU KNOW WHAT YOU ARE DOING -# If you wish to COMPLETELY overrride the pppd invocation: -# Example: -# OVERRIDE_PPPD_COMMAND="pppd call dsl" - -# If you want pppoe-connect to exit when connection drops: -# RETRY_ON_FAILURE=no