From: Frank Brehm Date: Tue, 28 May 2019 04:26:35 +0000 (+0200) Subject: daily autocommit X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=fea6cb4383edf644114f26eb2a4dd1271ae46ee0;p=config%2Fns1%2Fetc.git daily autocommit --- diff --git a/.etckeeper b/.etckeeper index 085140b..910e6e8 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1780,6 +1780,8 @@ maybe chmod 0644 'systemd/resolved.conf' maybe chmod 0755 'systemd/system' maybe chmod 0644 'systemd/system.conf' maybe chmod 0755 'systemd/system/default.target.wants' +maybe chmod 0755 'systemd/system/fail2ban.service.d' +maybe chmod 0644 'systemd/system/fail2ban.service.d/netfilter.conf' maybe chmod 0755 'systemd/system/getty.target.wants' maybe chmod 0755 'systemd/system/getty@.service.d' maybe chmod 0644 'systemd/system/getty@.service.d/noclear.conf' diff --git a/iptables/rules.v4 b/iptables/rules.v4 index 7fac94f..c8b1321 100644 --- a/iptables/rules.v4 +++ b/iptables/rules.v4 @@ -1,26 +1,10 @@ -# Generated by iptables-save v1.6.0 on Wed Apr 17 10:32:49 2019 +# Generated by iptables-save v1.6.0 on Mon May 27 11:41:44 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [151:34894] -:f2b-apache - [0:0] -:f2b-apache-modsecurity - [0:0] -:f2b-apache-nohome - [0:0] -:f2b-apache-noscript - [0:0] -:f2b-apache-overflows - [0:0] -:f2b-postfix - [0:0] -:f2b-ssh - [0:0] -:f2b-sshd - [0:0] +:OUTPUT ACCEPT [79:11463] :icinga2 - [0:0] :rejects - [0:0] --A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh --A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix --A INPUT -p tcp -m multiport --dports 0:65535 -j f2b-sshd --A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-nohome --A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity --A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-overflows --A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-noscript --A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT @@ -36,57 +20,6 @@ -A INPUT -j rejects -A INPUT -p tcp -m multiport --dports 445 -j REJECT --reject-with icmp-port-unreachable -A INPUT -j REJECT --reject-with icmp-port-unreachable --A f2b-apache -j RETURN --A f2b-apache -j RETURN --A f2b-apache -j RETURN --A f2b-apache -j RETURN --A f2b-apache -j RETURN --A f2b-apache-modsecurity -j RETURN --A f2b-apache-modsecurity -j RETURN --A f2b-apache-modsecurity -j RETURN --A f2b-apache-modsecurity -j RETURN --A f2b-apache-modsecurity -j RETURN --A f2b-apache-nohome -j RETURN --A f2b-apache-nohome -j RETURN --A f2b-apache-nohome -j RETURN --A f2b-apache-nohome -j RETURN --A f2b-apache-nohome -j RETURN --A f2b-apache-noscript -j RETURN --A f2b-apache-noscript -j RETURN --A f2b-apache-noscript -j RETURN --A f2b-apache-noscript -j RETURN --A f2b-apache-noscript -j RETURN --A f2b-apache-overflows -j RETURN --A f2b-apache-overflows -j RETURN --A f2b-apache-overflows -j RETURN --A f2b-apache-overflows -j RETURN --A f2b-apache-overflows -j RETURN --A f2b-postfix -j RETURN --A f2b-postfix -j RETURN --A f2b-postfix -j RETURN --A f2b-postfix -j RETURN --A f2b-postfix -j RETURN --A f2b-ssh -s 58.242.83.39/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 58.242.83.38/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 34.220.15.156/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 40.73.0.32/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 132.232.18.180/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 160.120.130.219/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 119.29.197.54/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 91.234.24.6/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 45.55.20.128/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 212.64.0.80/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -s 58.242.83.8/32 -j REJECT --reject-with icmp-port-unreachable --A f2b-ssh -j RETURN --A f2b-ssh -j RETURN --A f2b-ssh -j RETURN --A f2b-ssh -j RETURN --A f2b-ssh -j RETURN --A f2b-sshd -j RETURN --A f2b-sshd -j RETURN --A f2b-sshd -j RETURN --A f2b-sshd -j RETURN --A f2b-sshd -j RETURN -A icinga2 -s 185.102.95.107/32 -j ACCEPT -A icinga2 -s 162.254.24.33/32 -j ACCEPT -A icinga2 -s 185.48.118.128/32 -j ACCEPT @@ -105,4 +38,4 @@ -A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable -A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable COMMIT -# Completed on Wed Apr 17 10:32:49 2019 +# Completed on Mon May 27 11:41:44 2019 diff --git a/iptables/rules.v6 b/iptables/rules.v6 index 32f866f..2e61329 100644 --- a/iptables/rules.v6 +++ b/iptables/rules.v6 @@ -1,8 +1,8 @@ -# Generated by ip6tables-save v1.6.0 on Wed Apr 17 10:32:49 2019 +# Generated by ip6tables-save v1.6.0 on Mon May 27 11:41:44 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [863770:361407270] +:OUTPUT ACCEPT [81943:35489398] -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT @@ -25,4 +25,4 @@ -A FORWARD -j NFLOG --nflog-prefix "IPv6 FORWARD Reject " --nflog-threshold 1 -A FORWARD -j REJECT --reject-with icmp6-port-unreachable COMMIT -# Completed on Wed Apr 17 10:32:49 2019 +# Completed on Mon May 27 11:41:44 2019 diff --git a/systemd/system/fail2ban.service.d/netfilter.conf b/systemd/system/fail2ban.service.d/netfilter.conf new file mode 100644 index 0000000..be0fa83 --- /dev/null +++ b/systemd/system/fail2ban.service.d/netfilter.conf @@ -0,0 +1,5 @@ +[Unit] +After=netfilter-persistent.service +PartOf=netfilter-persistent.service + +# vim: syntax=systemd