iankelling.org
/
git
/
automated-distro-installer
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bunch of etiona updates
[automated-distro-installer]
/
wrt-setup-local
diff --git
a/wrt-setup-local
b/wrt-setup-local
index b4af55d7bd3afe453edd081c0fa950d4d8932bbc..38a276d65edf1f9bd57aea795f3b347b40821d0c 100755
(executable)
--- a/
wrt-setup-local
+++ b/
wrt-setup-local
@@
-349,36
+349,75
@@
config rule
option dest_port 22
config redirect
option dest_port 22
config redirect
- option name ssh
alt
+ option name ssh
kd
option src wan
option src wan
- option src_dport 22
2
2
+ option src_dport 22
0
2
option dest_port 22
option dest_port 22
- option dest_ip $l.
3
+ option dest_ip $l.
2
option dest lan
config rule
option src wan
option target ACCEPT
option dest lan
config rule
option src wan
option target ACCEPT
- option dest_port 22
2
2
+ option dest_port 22
0
2
+config redirect
+ option name sshfrodo
+ option src wan
+ option src_dport 2203
+ option dest_port 22
+ option dest_ip $l.3
+ option dest lan
config rule
option src wan
option target ACCEPT
config rule
option src wan
option target ACCEPT
- option dest_port 22
20
+ option dest_port 22
03
+config redirect
+ option name sshx2
+ option src wan
+ option src_dport 2205
+ option dest_port 22
+ option dest_ip $l.5
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 2205
config redirect
config redirect
+ option name sshx3
option src wan
option src wan
- option src_dport 443
+ option src_dport 2207
+ option dest_port 22
+ option dest_ip $l.7
option dest lan
option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 2207
+
+config redirect
+ option name sshtp
+ option src wan
+ option src_dport 2208
+ option dest_port 22
option dest_ip $l.8
option dest_ip $l.8
- option
proto tcp
+ option
dest lan
config rule
option src wan
option target ACCEPT
config rule
option src wan
option target ACCEPT
- option dest_port 443
- option proto tcp
+ option dest_port 2208
+
+
+config rule
+ option name sshwrt
+ option src wan
+ option target ACCEPT
+ option dest_port 2220
+
config redirect
config redirect
+ option name vpntp
option src wan
option src_dport 1196
option dest lan
option src wan
option src_dport 1196
option dest lan
@@
-392,6
+431,7
@@
config rule
config redirect
config redirect
+ option name httptp
option src wan
option src_dport 80
option dest lan
option src wan
option src_dport 80
option dest lan
@@
-403,6
+443,19
@@
config rule
option dest_port 80
option proto tcp
option dest_port 80
option proto tcp
+config redirect
+ option name httpstp
+ option src wan
+ option src_dport 443
+ option dest lan
+ option dest_ip $l.8
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 443
+ option proto tcp
+
config redirect
option name syncthing
option src wan
config redirect
option name syncthing
option src wan
@@
-435,10
+488,10
@@
config rule
option family ipv6
config rule
option family ipv6
config rule
- option name http-ipv6
+ option name http
s
-ipv6
option src wan
option dest lan
option src wan
option dest lan
- option dest_port
80
+ option dest_port
443
option target ACCEPT
option family ipv6
option target ACCEPT
option family ipv6
@@
-471,13
+524,14
@@
$l.1 wrt
$l.2 kd
$l.3 frodo
$l.4 wrt2
$l.2 kd
$l.3 frodo
$l.4 wrt2
-$l.5 x2
+$l.5 x2
faiserver
$l.6 demohost
$l.7 x3
$l.6 demohost
$l.7 x3
-$l.8 tp b8.nz
faiserver
+$l.8 tp b8.nz
$l.9 bb8
$l.14 wrt3
72.14.176.105 li
$l.9 bb8
$l.14 wrt3
72.14.176.105 li
+172.105.84.95 l2
# netns creation looks for next free subnet starting at 10.173, but I only
# use one, and I would keep this one as the first created.
# netns creation looks for next free subnet starting at 10.173, but I only
# use one, and I would keep this one as the first created.
@@
-521,6
+575,14
@@
EOF
# to start.
mkdir -p /mnt/usb/tftpboot
v cedit /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
# to start.
mkdir -p /mnt/usb/tftpboot
v cedit /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
+server=/dmarctest.b8.nz/#
+server=/_domainkey.b8.nz/#
+server=/_dmarc.b8.nz/#
+server=/ns1.b8.nz/#
+server=/ns2.b8.nz/#
+mx-host=b8.nz,mail.iankelling.org,10
+txt-record=b8.nz,"v=spf1 a ?all"
+
# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
stop-dns-rebind
# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
stop-dns-rebind