mirror of
https://codeberg.org/hyperreal/techne
synced 2024-11-01 14:23:06 +01:00
Edit firewall.org, freebsd.org
This commit is contained in:
parent
3d37bb0b8c
commit
459b71e0a3
@ -1,32 +1,29 @@
|
|||||||
#+title: Firewalld
|
#+title: Firewalld
|
||||||
#+setupfile: ../org-templates/page.org
|
#+setupfile: ../org-templates/page.org
|
||||||
|
|
||||||
** Allow connections only from certain IP addresses
|
** Allow connections only from tailnet
|
||||||
|
|
||||||
Source: [[https://serverfault.com/a/798120][FirewallD: Allow connections only from certain IP addresses]]
|
Create a new zone for the ~tailscale0~ interface.
|
||||||
|
|
||||||
- Do not use rich rules for this.
|
#+BEGIN_SRC shell
|
||||||
- A firewalld zone corresponds to a set of services that you want to allow, and the sources of the traffic to those services.
|
sudo firewall-cmd --permanent --new-zone=tailnet
|
||||||
- Traffic sources can be designated in two ways: by interface, or by source IP address. Traffic that matches /any/ source passes this check.
|
sudo firewall-cmd --permanent --zone=tailnet --add-interface=tailscale0
|
||||||
|
|
||||||
Create a new zone for Kali Linux IP addresses:
|
|
||||||
#+begin_src shell
|
|
||||||
sudo firewall-cmd --permanent --new-zone=kali
|
|
||||||
sudo firewall-cmd --reload
|
sudo firewall-cmd --reload
|
||||||
#+end_src
|
#+END_SRC
|
||||||
|
|
||||||
Enable the services allow for kali zone:
|
Add services and ports to the ~tailnet~ zone.
|
||||||
#+begin_src shell
|
|
||||||
sudo firewall-cmd --zone=kali --permanent --add-service=ssh
|
|
||||||
sudo firewall-cmd --zone=kali --permanent --add-service=rsyncd
|
|
||||||
sudo firewall-cmd --reload
|
|
||||||
#+end_src
|
|
||||||
|
|
||||||
Add the IP addresses allowed to reach the above services. Ensure there are no interfaces designated to this zone.
|
#+BEGIN_SRC shell
|
||||||
#+begin_src shell
|
sudo firewall-cmd --permanent --zone=tailnet --add-service={http,https,ssh}
|
||||||
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv4 addr 1>
|
sudo firewall-cmd --permanent --zone=tailnet --add-port=9100/tcp
|
||||||
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv6 addr>
|
|
||||||
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv4 addr 2>
|
|
||||||
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv4 addr 3>
|
|
||||||
sudo firewall-cmd --reload
|
sudo firewall-cmd --reload
|
||||||
#+end_src
|
#+END_SRC
|
||||||
|
|
||||||
|
Ensure the ~public~ zone does not have any interfaces or sources.
|
||||||
|
|
||||||
|
#+BEGIN_SRC shell
|
||||||
|
sudo firewall-cmd --permanent --zone=public --remove-interface=eth0
|
||||||
|
sudo firewall-cmd --reload
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
The firewall should now only allow traffic coming from the tailnet interface, ~tailscale0~.
|
||||||
|
17
freebsd.org
17
freebsd.org
@ -1,5 +1,9 @@
|
|||||||
#+title: FreeBSD
|
#+title: FreeBSD
|
||||||
|
|
||||||
|
** USB 3.1 Type-C to RJ45 Gigabit Ethernet adapter
|
||||||
|
|
||||||
|
The [[https://www.amazon.com/dp/B08989MYQ2][Amazon Basics Aluminum USB 3.1 Type-C to RJ45 Gigabit Ethernet Adapter]] works well with FreeBSD 14.1-RELEASE. It uses the *AX88179* chipset from ASIX Electronics Corp.
|
||||||
|
|
||||||
** Install the ports tree
|
** Install the ports tree
|
||||||
|
|
||||||
Source: [[https://docs.freebsd.org/en/books/handbook/ports/#ports-using-installation-methods][Chapter 4. Installing Applications: Packages and Ports | FreeBSD Documentation Portal]]
|
Source: [[https://docs.freebsd.org/en/books/handbook/ports/#ports-using-installation-methods][Chapter 4. Installing Applications: Packages and Ports | FreeBSD Documentation Portal]]
|
||||||
@ -61,3 +65,16 @@ zfs mount -a
|
|||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
You should now be able to edit files, add/remove packages, etc.
|
You should now be able to edit files, add/remove packages, etc.
|
||||||
|
|
||||||
|
** Mount encrypted zroot in LiveCD
|
||||||
|
|
||||||
|
Boot into the LiveCD environment.
|
||||||
|
|
||||||
|
#+BEGIN_SRC shell
|
||||||
|
mkdir /tmp/mnt
|
||||||
|
geli attach /dev/nda0p4
|
||||||
|
zpool import -f -R /tmp/mnt zroot
|
||||||
|
zfs mount zroot/ROOT/default
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
The root directory of the zroot, ~zroot/ROOT/default~, is labeled to not be automounted when imported, hence the need for the last command.
|
||||||
|
Loading…
Reference in New Issue
Block a user