From: Frank Brehm <frank@brehm-online.com>
Date: Mon, 15 Oct 2018 22:07:04 +0000 (+0200)
Subject: daily autocommit
X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=57018efa988668478e04c3e69998284e29899c17;p=config%2Fbruni%2Fetc-mint.git

daily autocommit
---

diff --git a/iptables/rules.v4 b/iptables/rules.v4
index 870cd64..21f2951 100644
--- a/iptables/rules.v4
+++ b/iptables/rules.v4
@@ -1,47 +1,13 @@
-# Generated by iptables-save v1.6.1 on Mon Sep 10 09:36:11 2018
-*nat
-:PREROUTING ACCEPT [738:307739]
-:INPUT ACCEPT [647:302131]
-:OUTPUT ACCEPT [2377:231463]
-:POSTROUTING ACCEPT [2390:230591]
--A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
--A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
--A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
--A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
--A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
--A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
--A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
--A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
--A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
--A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
--A POSTROUTING -o eth1 -j MASQUERADE
-COMMIT
-# Completed on Mon Sep 10 09:36:11 2018
-# Generated by iptables-save v1.6.1 on Mon Sep 10 09:36:11 2018
-*mangle
-:PREROUTING ACCEPT [29110:23617436]
-:INPUT ACCEPT [28972:23609086]
-:FORWARD ACCEPT [77:5730]
-:OUTPUT ACCEPT [18987:2640204]
-:POSTROUTING ACCEPT [19717:2724769]
--A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
--A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-COMMIT
-# Completed on Mon Sep 10 09:36:11 2018
-# Generated by iptables-save v1.6.1 on Mon Sep 10 09:36:11 2018
+# Generated by iptables-save v1.6.1 on Mon Oct 15 23:49:06 2018
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
-:OUTPUT ACCEPT [26:2734]
+:OUTPUT ACCEPT [70:17009]
 :ssh_spam - [0:0]
 -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
 -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
 -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
 -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
--A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
--A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
--A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
--A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ssh_spam
@@ -56,6 +22,7 @@ COMMIT
 -A INPUT -s 10.12.11.0/24 -i enp2s0 -j ACCEPT
 -A INPUT -s 10.12.11.0/24 -i eth0 -j ACCEPT
 -A INPUT -s 10.12.11.0/24 -i br0 -j ACCEPT
+-A INPUT -i virbr0 -j ACCEPT
 -A INPUT -i tun0 -j NFLOG --nflog-prefix  "INPUT ACCEPT tun0" --nflog-threshold 1
 -A INPUT -i tun0 -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
@@ -79,6 +46,11 @@ COMMIT
 -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
 -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
 -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
+-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
+-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
+-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
+-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A FORWARD -m conntrack --ctstate RELATED -j ACCEPT
 -A FORWARD -p icmp -j ACCEPT
@@ -90,6 +62,7 @@ COMMIT
 -A FORWARD -j DROP
 -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
 -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
+-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
 -A ssh_spam -s 216.32.92.138/32 -j DROP
 -A ssh_spam -s 133.9.187.135/32 -m comment --comment "Waseda-Net Japan" -j DROP
 -A ssh_spam -s 125.65.42.0/24 -j DROP
@@ -103,4 +76,40 @@ COMMIT
 -A ssh_spam -s 106.240.0.0/12 -j DROP
 -A ssh_spam -s 58.208.0.0/13 -m comment --comment CHINANET-JS -j DROP
 COMMIT
-# Completed on Mon Sep 10 09:36:11 2018
+# Completed on Mon Oct 15 23:49:06 2018
+# Generated by iptables-save v1.6.1 on Mon Oct 15 23:49:06 2018
+*mangle
+:PREROUTING ACCEPT [2390952:956348385]
+:INPUT ACCEPT [2386571:956136688]
+:FORWARD ACCEPT [506:38300]
+:OUTPUT ACCEPT [1266823:209971073]
+:POSTROUTING ACCEPT [1347695:219412193]
+-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+COMMIT
+# Completed on Mon Oct 15 23:49:06 2018
+# Generated by iptables-save v1.6.1 on Mon Oct 15 23:49:06 2018
+*nat
+:PREROUTING ACCEPT [157427:48880613]
+:INPUT ACCEPT [152316:48607199]
+:OUTPUT ACCEPT [118292:17186995]
+:POSTROUTING ACCEPT [116641:16784686]
+-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
+-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
+-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
+-A POSTROUTING -o eth1 -j MASQUERADE
+COMMIT
+# Completed on Mon Oct 15 23:49:06 2018
diff --git a/iptables/rules.v6 b/iptables/rules.v6
index 9ff0861..ad724e3 100644
--- a/iptables/rules.v6
+++ b/iptables/rules.v6
@@ -1,17 +1,8 @@
-# Generated by ip6tables-save v1.6.1 on Mon Sep 10 09:36:11 2018
-*mangle
-:PREROUTING ACCEPT [196:39445]
-:INPUT ACCEPT [97:18102]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [122:16450]
-:POSTROUTING ACCEPT [193:29388]
-COMMIT
-# Completed on Mon Sep 10 09:36:11 2018
-# Generated by ip6tables-save v1.6.1 on Mon Sep 10 09:36:11 2018
+# Generated by ip6tables-save v1.6.1 on Mon Oct 15 23:49:06 2018
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
-:OUTPUT ACCEPT [122:16450]
+:OUTPUT ACCEPT [689:85197]
 :f_mail - [0:0]
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED -j ACCEPT
@@ -60,4 +51,13 @@ COMMIT
 -A f_mail -j NFLOG --nflog-prefix  "IPv6 F_MAIL Reject " --nflog-threshold 1
 -A f_mail -j REJECT --reject-with icmp6-port-unreachable
 COMMIT
-# Completed on Mon Sep 10 09:36:11 2018
+# Completed on Mon Oct 15 23:49:06 2018
+# Generated by ip6tables-save v1.6.1 on Mon Oct 15 23:49:06 2018
+*mangle
+:PREROUTING ACCEPT [11068:3531070]
+:INPUT ACCEPT [1931:312595]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [689:85197]
+:POSTROUTING ACCEPT [1265:163377]
+COMMIT
+# Completed on Mon Oct 15 23:49:06 2018
diff --git a/logrotate.d/ulogd2 b/logrotate.d/ulogd2
index 56c691e..8ec1541 100644
--- a/logrotate.d/ulogd2
+++ b/logrotate.d/ulogd2
@@ -1,8 +1,14 @@
 /var/log/ulog/*.log /var/log/ulog/*.pcap {
+    dateext
     missingok
+    minsize 4M
+    rotate 10
+    notifempty
+    daily
     compress
-    sharedscripts
+    delaycompress
     create 640 ulog adm
+    sharedscripts
     postrotate
 	invoke-rc.d ulogd2 reload > /dev/null
     endscript
diff --git a/ulogd.conf b/ulogd.conf
index 331d538..46f297a 100644
--- a/ulogd.conf
+++ b/ulogd.conf
@@ -328,3 +328,5 @@ host="127.0.0.1"
 port="2003"
 # Prefix of data name sent to graphite server
 prefix="netfilter.nfacct"
+
+# vim: filetype=dosini