From 1675e3070a4570ecc25096bcb1be612233075f74 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Mon, 10 Sep 2018 22:17:10 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to apt run --- .etckeeper | 2 ++ iptables/rules.v4 | 73 ++++++++++++++++++++++++++++----------------- iptables/rules.v6 | 24 +++++++-------- postfix/generic | 14 +++++++++ postfix/generic.db | Bin 0 -> 12288 bytes postfix/main.cf | 1 + 6 files changed, 74 insertions(+), 40 deletions(-) create mode 100644 postfix/generic create mode 100644 postfix/generic.db diff --git a/.etckeeper b/.etckeeper index ac3d09a..7b7be78 100755 --- a/.etckeeper +++ b/.etckeeper @@ -2398,6 +2398,8 @@ maybe chmod 0644 'polkit-1/nullbackend.conf.d/50-nullbackend.conf' maybe chmod 0755 'postfix' maybe chmod 0644 'postfix/dynamicmaps.cf' maybe chmod 0755 'postfix/dynamicmaps.cf.d' +maybe chmod 0644 'postfix/generic' +maybe chmod 0644 'postfix/generic.db' maybe chmod 0644 'postfix/main.cf' maybe chmod 0644 'postfix/main.cf.proto' maybe chmod 0644 'postfix/makedefs.out' diff --git a/iptables/rules.v4 b/iptables/rules.v4 index 67c01cf..870cd64 100644 --- a/iptables/rules.v4 +++ b/iptables/rules.v4 @@ -1,13 +1,47 @@ -# Generated by iptables-save v1.6.1 on Sat Sep 8 08:56:14 2018 +# Generated by iptables-save v1.6.1 on Mon Sep 10 09:36:11 2018 +*nat +:PREROUTING ACCEPT [738:307739] +:INPUT ACCEPT [647:302131] +:OUTPUT ACCEPT [2377:231463] +:POSTROUTING ACCEPT [2390:230591] +-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN +-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE +-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN +-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE +-A POSTROUTING -o eth1 -j MASQUERADE +COMMIT +# Completed on Mon Sep 10 09:36:11 2018 +# Generated by iptables-save v1.6.1 on Mon Sep 10 09:36:11 2018 +*mangle +:PREROUTING ACCEPT [29110:23617436] +:INPUT ACCEPT [28972:23609086] +:FORWARD ACCEPT [77:5730] +:OUTPUT ACCEPT [18987:2640204] +:POSTROUTING ACCEPT [19717:2724769] +-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill +-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill +COMMIT +# Completed on Mon Sep 10 09:36:11 2018 +# Generated by iptables-save v1.6.1 on Mon Sep 10 09:36:11 2018 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [12549:2037978] +:OUTPUT ACCEPT [26:2734] :ssh_spam - [0:0] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT +-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT +-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT +-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT +-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ssh_spam @@ -40,6 +74,11 @@ -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable +-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT +-A FORWARD -i virbr0 -o virbr0 -j ACCEPT +-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable +-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED -j ACCEPT -A FORWARD -p icmp -j ACCEPT @@ -50,8 +89,9 @@ -A FORWARD -j NFLOG --nflog-prefix "FORWARD Drop " --nflog-threshold 1 -A FORWARD -j DROP -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT +-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT -A ssh_spam -s 216.32.92.138/32 -j DROP --A ssh_spam -s 133.9.187.135/32 -j DROP +-A ssh_spam -s 133.9.187.135/32 -m comment --comment "Waseda-Net Japan" -j DROP -A ssh_spam -s 125.65.42.0/24 -j DROP -A ssh_spam -s 61.184.0.0/16 -j DROP -A ssh_spam -s 61.183.0.0/16 -j DROP @@ -61,29 +101,6 @@ -A ssh_spam -s 106.51.0.0/17 -j DROP -A ssh_spam -s 93.183.207.0/24 -j DROP -A ssh_spam -s 106.240.0.0/12 -j DROP +-A ssh_spam -s 58.208.0.0/13 -m comment --comment CHINANET-JS -j DROP COMMIT -# Completed on Sat Sep 8 08:56:14 2018 -# Generated by iptables-save v1.6.1 on Sat Sep 8 08:56:14 2018 -*mangle -:PREROUTING ACCEPT [4147926:1783697462] -:INPUT ACCEPT [4138943:1783249271] -:FORWARD ACCEPT [860:85551] -:OUTPUT ACCEPT [1507972:309460513] -:POSTROUTING ACCEPT [1716341:333808167] --A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -COMMIT -# Completed on Sat Sep 8 08:56:14 2018 -# Generated by iptables-save v1.6.1 on Sat Sep 8 08:56:14 2018 -*nat -:PREROUTING ACCEPT [251857:120251084] -:INPUT ACCEPT [242673:119791895] -:OUTPUT ACCEPT [172111:34294620] -:POSTROUTING ACCEPT [167146:33201777] --A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN --A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE --A POSTROUTING -o eth1 -j MASQUERADE -COMMIT -# Completed on Sat Sep 8 08:56:14 2018 +# Completed on Mon Sep 10 09:36:11 2018 diff --git a/iptables/rules.v6 b/iptables/rules.v6 index b946623..9ff0861 100644 --- a/iptables/rules.v6 +++ b/iptables/rules.v6 @@ -1,8 +1,17 @@ -# Generated by ip6tables-save v1.6.1 on Sat Sep 8 08:56:14 2018 +# Generated by ip6tables-save v1.6.1 on Mon Sep 10 09:36:11 2018 +*mangle +:PREROUTING ACCEPT [196:39445] +:INPUT ACCEPT [97:18102] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [122:16450] +:POSTROUTING ACCEPT [193:29388] +COMMIT +# Completed on Mon Sep 10 09:36:11 2018 +# Generated by ip6tables-save v1.6.1 on Mon Sep 10 09:36:11 2018 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [992:120194] +:OUTPUT ACCEPT [122:16450] :f_mail - [0:0] -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED -j ACCEPT @@ -51,13 +60,4 @@ -A f_mail -j NFLOG --nflog-prefix "IPv6 F_MAIL Reject " --nflog-threshold 1 -A f_mail -j REJECT --reject-with icmp6-port-unreachable COMMIT -# Completed on Sat Sep 8 08:56:14 2018 -# Generated by ip6tables-save v1.6.1 on Sat Sep 8 08:56:14 2018 -*mangle -:PREROUTING ACCEPT [20964:7428896] -:INPUT ACCEPT [2281:389623] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [992:120194] -:POSTROUTING ACCEPT [1736:224931] -COMMIT -# Completed on Sat Sep 8 08:56:14 2018 +# Completed on Mon Sep 10 09:36:11 2018 diff --git a/postfix/generic b/postfix/generic new file mode 100644 index 0000000..0c55e27 --- /dev/null +++ b/postfix/generic @@ -0,0 +1,14 @@ + +# root +root root@bruni.home.brehm-online.com +root@localhost root@bruni.home.brehm-online.com +root@bruni root@bruni.home.brehm-online.com + +frank frank@brehm-online.com +frank@localhost frank@brehm-online.com +frank@bruni frank@brehm-online.com + +doris doris@hennig-berlin.org +doris@localhost doris@hennig-berlin.org +doris@bruni doris@hennig-berlin.org + diff --git a/postfix/generic.db b/postfix/generic.db new file mode 100644 index 0000000000000000000000000000000000000000..708b9435c434cb61ef2d25bb8e5020d1cfdf0cb0 GIT binary patch literal 12288 zcmeI&K}y3w6oBCu1!)C&x)5A?fd&s?Aq#h&!Ae@wCYsK`v>w2{F7y_90l`a%2(G<> zYj@7Hq{f1+D;N3?Bpu#7Uc;Bwn~8`>*=VIs0J{rPg=-P(~=zuw+E zIBXwHmqLxIPKY#pji;-;GasL3b4LIH1Q0*~0R#|0009ILKmdW?7MSnR*JWR2<4s@m zQSbFmZ}d`6wWB`DKmY**5I_I{1Q0*~0R#|0;NJ;E&f0O(b?2stb34r9uFLXa%bKz< zS=_Tjsb$pXi?Su^yVRWdvh%g7xc|E)NfMn{SB#Q8Go~1{x|#D&6k9i_7E0So%iNB} zlXn*S|N1$9Lymp_|E{n4tPgst*LtBoG8;cR{}0~~aQ;6dV}bwz2q1s}0tg_000Iag i@V5nO8vu)%{^YYEU(){95|{M&lYNP*;s0(YKt2G``;{30 literal 0 HcmV?d00001 diff --git a/postfix/main.cf b/postfix/main.cf index 3c93ae7..71840eb 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -64,3 +64,4 @@ tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual +smtp_generic_maps = ${default_database_type}:/etc/postfix/generic -- 2.39.5