gitolite/c3d2-wiki
gitolite
/
c3d2-wiki
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
c3d2-wiki/Server%2Fglobal.mw

640 lines
19 KiB
Plaintext
Raw Permalink Blame History

= global.hq.c3d2.de =
== Samba Active Directory für DynDNS Updates mit GSS-TSIG ==
; Ziel: einfacher DynDNS Update Dienst (mit [[wikipedia:Kerberos protocol|Kerberos]] & [[wikipedia:Generic Security Service Algorithm for Secret Key Transaction | GSS-TSIG]] Absicherung) für '''Wunschname'''''.space.c3d2.de''
{{NiftyDiv|
Farbe=#aafd72|
Inhalt=
[[pentapad:global.hq.c3d2.de]] als aktuelle DNS Reservierungsliste
}}
== Client Installation / Einrichtung ==
benötigt werden:
* Samba(4)
* Kerberos(5)
* Kerberos(5) Client Package (klist/kinit etc.)
* DNSUtils
* [https://github.com/plitc/samba-nsupdate/blob/master/do-nsupdate.sh do-nsupdate.sh] Mini-Skript (Linux/Mac/FreeBSD)
Samba muss '''nicht''' auf dem Client-Rechner (als Dienst) konfiguriert werden!
=== Installation ===
{{NiftyDiv|
Farbe=#b4d9fa|
Inhalt=
do-nsupdate.sh
ab Version 15 werden fehlende Komponenten automatisch nachinstalliert
}}
==== Allgemein ====
<source lang="bash">
git clone https://github.com/plitc/samba-nsupdate.git
cp ~/samba-nsupdate/do-nsupdate.conf $HOME/do-nsupdate.conf
chmod 775 $HOME/do-nsupdate.sh
$HOME/do-nsupdate.sh
</source>
==== (Debian) Linux ====
<source lang="bash">
apt-get install samba krb5-user krb5-clients dnsutils
</source>
==== (Free)BSD ====
<source lang="bash">
cd /usr/ports/net/samba4/ && make install clean
</source>
optional
<source lang="bash">
cd /usr/ports/security/krb5/ && make install clean
</source>
==== MacOS ====
benötigt:
* min. 10.9.x (für SMB2 Support)
Active-Directory Mitgliedschaft erforderlich!
==== Windows ====
benötigt:
* min. Vista (SMB2 entspricht SMB2.0 Vista SP1+ Windows 2008)
* nsupdate erfolgt über $COMPUTERNAME Konto
Active-Directory Mitgliedschaft erforderlich!
=== do-nsupdate.sh Benutzung ===
# Mini-Skript herunterladen
# bearbeiten (mit Texteditor eigener Wahl)
# ausführen
<source lang="bash">
KERBEROSADMINUSER="username@SPACE.C3D2.DE"
ADMACHINENAME="wunschname.space.c3d2.de"
ADSERVERNAME="space.c3d2.de"
ADSERVERZONE="space.c3d2.de"
ADMACHINETTL="3600"
</source>
<source lang="bash">
chmod 775 do-nsupdate.sh
</source>
<source lang="bash">
./do-nsupdate.sh
</source>
=== do-nsupdate.sh Beispiel ===
<source lang="bash">
[daniel@freebie:~]$ ./do-nsupdate.sh
username@SPACE.C3D2.DE's Password:
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;space.c3d2.de. IN SOA
;; UPDATE SECTION:
wunschname.space.c3d2.de. 0 ANY A
wunschname.space.c3d2.de. 3600 IN A XXX.XXX.XXX.XXX
wunschname.space.c3d2.de. 0 ANY AAAA
wunschname.space.c3d2.de. 3600 IN AAAA ZZZZ:ZZZZ:ZZZZ::YYYY
</source>
So lässt sich schnell ein DNS Update durchführen um fix im neuen Netz seine Dienste bereitstellen zu können.
'''That's it!'''
{{NiftyDiv|
Farbe=#b4d9fa|
Inhalt=
== Active Directory - Verzeichnis Administratoren ==
derzeit: [[user:daniel.plominski|daniel]]
... weitere Freiwillige? ...
}}
{{NiftyDiv|
Farbe=#f4b9c4|
Inhalt=
== Active Directory - User hinzufügen ==
samba-tool user add USERNAME
samba-tool group addmembers DnsAdmins USERNAME
}}
== lxc Container ==
* Debian Jessie
* Samba 4.1.3 / Kerberos 5
* IPv4: 217.115.11.136
* IPv6: 2001:4dd0:fb82:c3d2:a800:5bff:fe06:c2b7
=== DNS ===
* global.hq.c3d2.de
=== DNS Nameserver / Records ===
* space.c3d2.de. IN NS global.hq.c3d2.de.
* _dns-update._tcp IN SRV 5 0 53 space.c3d2.de.
* _dns-update._udp IN SRV 5 0 53 space.c3d2.de.
* space IN MX 10 mail.c3d2.de.
* space IN TXT "v=spf1 mx -all"
* b._dns-sd._udp 60 PTR space.c3d2.de.
* db._dns-sd._udp 60 PTR space.c3d2.de.
* dr._dns-sd._udp 60 PTR space.c3d2.de.
* lb._dns-sd._udp 60 PTR space.c3d2.de.
* r._dns-sd._udp 60 PTR space.c3d2.de.
== Server Installation ==
<source lang="bash">
apt-get install samba
</source>
<source lang="bash">
service samba stop
</source>
<source lang="bash">
rm /etc/samba/smb.conf
</source>
<source lang="bash">
rm -rfv /var/lib/samba
</source>
<source lang="bash">
mkdir /var/lib/samba
</source>
<source lang="bash">
mkdir /var/lib/samba/private
</source>
=== neue Samba Provisionierung ===
<source lang="bash">
/usr/bin/samba-tool domain provision --use-ntvfs --use-rfc2307 --function-level=2008_R2 --realm=SPACE.C3D2.DE --domain=SPACE --adminpass='GEHEIM' --server-role='dc' --dns-backend=SAMBA_INTERNAL
</source>
Samba läuft mit virtuellen sysvol NTACLs, zukünftig fehlende +s3fs Daemon Unterstützung da --use-xattrs=yes nicht in dem lxc Container mit btrfs unterstützt wird!
<source lang="bash">
[root@global:~]# /usr/bin/samba-tool domain provision --use-ntvfs --use-rfc2307 --function-level=2008_R2 --realm=SPACE.C3D2.DE --domain=SPACE --adminpass='GEHEIM' --server-role='dc' --dns-backend=SAMBA_INTERNAL
You are not root or your system do not support xattr, using tdb backend for attributes.
not using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.
Looking up IPv4 addresses
Looking up IPv6 addresses
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=space,DC=c3d2,DC=de
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=space,DC=c3d2,DC=de
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: global
NetBIOS Domain: SPACE
DNS Domain: space.c3d2.de
DOMAIN SID: S-1-5-21-0123456789-123456789-0123456789
</source>
=== smb.conf - Anpassung ===
<source lang="bash">
vi /etc/samba/smb.conf
</source>
<source lang="text">
# Global parameters
[global]
workgroup = SPACE
realm = SPACE.C3D2.DE
netbios name = GLOBAL
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes # LDAP Provisionierung nach RFC2307
posix:eadb = /var/lib/samba/private/eadb.tdb
### dns forwarder = 172.22.99.251 # soll kein public resolver werden
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc
### ### ### C3D2 ### ### ###
server string = %h - Global.HQ.C3D2.de
### interfaces = 217.115.11.136 2001:4dd0:fb82:c3d2:a800:5bff:fe06:c2b7
### bind interfaces only = No
# allow dynamic dns update / true = nonsecure + signed
allow dns updates = signed
# debian specific
nsupdate command = /usr/sbin/samba_dnsupdate
### ### # server options
### server min protocol = SMB2_02 (ab Windows 7)
server min protocol = SMB2
server max protocol = SMB3
disable netbios = yes
smb ports = 445
server signing = auto
# protocol stream encryption for smbclient
smb encrypt = auto
### ### # client options (for local services / smbclient etc.)
### client min protocol = SMB2_02
client min protocol = SMB2
client max protocol = SMB3
client ldap sasl wrapping = seal
client signing = auto
client schannel = auto
lanman auth = No
ntlm auth = No
client use spnego = Yes
client ntlmv2 auth = Yes
client lanman auth = No
client plaintext auth = No
### ### ### C3D2 ### ### ###
[netlogon]
path = /var/lib/samba/sysvol/space.c3d2.de/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
### ### ### C3D2 ### ### ###
#
# EOF
</source>
=== Samba Checks ===
<source lang="bash">
samba-tool testparm
</source>
<source lang="bash">
samba-tool dbcheck
</source>
<source lang="bash">
samba-tool ntacl sysvolcheck
</source>
=== krb5.conf - Anpassung ===
<source lang="bash">
vi /var/lib/samba/private/krb5.conf
</source>
<source lang="text">
[libdefaults]
default_realm = SPACE.C3D2.DE
dns_lookup_realm = true
dns_lookup_kdc = true
default_etypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5
forwardable = true
proxiable = true
ticket_lifetime = 86400
[realms]
SPACE.C3D2.DE = {
kdc = localhost:88
admin_server = localhost:749
default_domain = space.c3d2.de
}
[domain_realm]
.space.c3d2.de = SPACE.C3D2.DE
space.c3d2.de = SPACE.C3D2.DE
[logging]
default = FILE:/var/log/samba/krb5libs.log
kdc = FILE:/var/log/samba/krb5kdc.log
admin_server = FILE:/var/log/samba/kadmind.log
; [kdc]
; allow-anonymous = false
; require-preauth = true
; enable-kerberos4 = false
; # EOF
</source>
=== BTRFS Snapshot ===
<source lang="bash">
btrfs subvolume snapshot /var/lib/lxc/global/rootfs /var/lib/lxc/global/rootfs-snap-smb4-`date -u +%Y.%m.%d-%H.%M.%S`
</source>
=== Samba Server starten ===
<source lang="bash">
service samba start
</source>
== Tests ==
=== DNS - SRV Record ===
<source lang="bash">
[root@vps11:~]# dig SRV @global.hq.c3d2.de _kerberos._tcp.space.c3d2.de
zsh: correct '@global.hq.c3d2.de' to 'global.hq.c3d2.de' [nyae]? n
; <<>> DiG 9.8.4-P2 <<>> SRV @global.hq.c3d2.de _kerberos._tcp.space.c3d2.de
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9702
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;_kerberos._tcp.space.c3d2.de. IN SRV
;; ANSWER SECTION:
_kerberos._tcp.space.c3d2.de. 900 IN SRV 0 100 88 global.space.c3d2.de.
;; Query time: 1 msec
;; SERVER: 2001:4dd0:fb82:c3d2:a800:5bff:fe06:c2b7#53(2001:4dd0:fb82:c3d2:a800:5bff:fe06:c2b7)
;; WHEN: Sat Jan 11 06:01:49 2014
;; MSG SIZE rcvd: 73
</source>
=== Kerberos Ticket ===
<source lang="bash">
[daniel@freebie:~]$ klist
Credentials cache: FILE:/tmp/krb5cc_1001
Principal: username@SPACE.C3D2.DE
Issued Expires Principal
Jan 11 06:11:43 Jan 11 16:11:42 krbtgt/SPACE.C3D2.DE@SPACE.C3D2.DE
Jan 11 06:11:43 Jan 11 16:11:42 DNS/global.space.c3d2.de@SPACE.C3D2.DE
</source>
'''That's it!'''
== Server Optimierungen ==
{{Broken
|Reason= IPv6 Beispiel-Tables von squeeze/wheezy funktionieren derzeit im lxc Container unter jessie nicht
}}
=== Firewall: IPv6 Rules ===
<source lang="bash">
sudo apt-get install iptables
</source>
<source lang="bash">
sudo vi /root/set_firewall_ipv6.sh
</source>
<source lang="text">
#!/bin/bash
# A bash shell script for ip6tables to protect single hosting / dedicated / vps / colo server running CentOS / Debian / RHEL / or any other Linux distribution.
# -------------------------------------------------------------------------
# Copyright (c) 2007 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
# Last updated on Jan-23, 2008 : Added support for tcp packets
# Last updated on Oct-01, 2012 : Daniel Plominski (PLITC)
# ---------------------------------------------------------------------------
IPT6="/sbin/ip6tables"
# Interfaces
PUB_IF="eth0"
PUB_LO="lo0"
### PUB_ETH1="eth1"
### PUB_ETH2="eth2"
### PUB_ETH3="eth3"
# Custom chain names
CHAINS="chk_tcp6_packets_chain chk_tcp_inbound chk_udp_inbound chk_icmp_packets"
echo "Starting IPv6 firewall..."
# first clean old mess
$IPT6 -F
$IPT6 -X
$IPT6 -Z
for table in $(</proc/net/ip6_tables_names)
do
$IPT6 -t $table -F
$IPT6 -t $table -X
$IPT6 -t $table -Z
done
$IPT6 -P INPUT ACCEPT
$IPT6 -P OUTPUT ACCEPT
$IPT6 -P FORWARD ACCEPT
# Set default DROP all
$IPT6 -P INPUT DROP
$IPT6 -P OUTPUT DROP
$IPT6 -P FORWARD DROP
# Create the chain
for c in $CHAINS
do $IPT6 --new-chain $c
done
# Input policy
$IPT6 -A INPUT -i $PUB_LO -j ACCEPT
### $IPT6 -A INPUT -i $PUB_ETH1 -j ACCEPT
### $IPT6 -A INPUT -i $PUB_ETH2 -j ACCEPT
### $IPT6 -A INPUT -i $PUB_ETH3 -j ACCEPT
$IPT6 -A INPUT -i $PUB_IF -j chk_tcp6_packets_chain
$IPT6 -A INPUT -i $PUB_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT6 -A INPUT -i $PUB_IF -p tcp -j chk_tcp_inbound
$IPT6 -A INPUT -i $PUB_IF -p udp -j chk_udp_inbound
$IPT6 -A INPUT -i $PUB_IF -p icmp -j chk_icmp_packets
$IPT6 -A INPUT -i $PUB_IF -p ipv6-icmp -j chk_icmp_packets
$IPT6 -A INPUT -i $PUB_IF -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "INPUT OUTPUT "
$IPT6 -A INPUT -i $PUB_IF -j DROP
# Output policy
$IPT6 -A OUTPUT -o $PUB_LO -j ACCEPT
### $IPT6 -A OUTPUT -o $PUB_ETH1 -j ACCEPT
### $IPT6 -A OUTPUT -o $PUB_ETH2 -j ACCEPT
### $IPT6 -A OUTPUT -o $PUB_ETH3 -j ACCEPT
$IPT6 -A OUTPUT -o $PUB_IF -j ACCEPT
$IPT6 -A OUTPUT -o $PUB_IF -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "DROP OUTPUT "
### Custom chains ###
# Bad packets chk
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp packets"
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp packets"
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "BAD tcp"
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp"
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp "
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp "
$IPT6 -A chk_tcp6_packets_chain -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
$IPT6 -A chk_tcp6_packets_chain -p tcp -j RETURN
### ### ### C3D2 ### ### ###
# Global - SSH
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 22 -j ACCEPT
# Global - DNS
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 53 -j ACCEPT
# Global - Kerberos Auth
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 88 -j ACCEPT
# Global - NetBIOS Name
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 137 -j ACCEPT
# Global - NetBIOS Datagram
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 138 -j ACCEPT
# Global - NetBIOS Session
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 139 -j ACCEPT
# Global - LDAP
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 389 -j ACCEPT
# Global - CIFS
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 445 -j ACCEPT
# Global - Kerberos Change/Set Password
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 464 -j ACCEPT
# Global - Microsoft EPMAP - DCE/RPC
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 135 -j ACCEPT
# Global - LDAPS
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 636 -j ACCEPT
# Global - Kerberos Admin
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 749 -j ACCEPT
# Global - reserved
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 1024 -j ACCEPT
# Global - msft-gc
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 3268 -j ACCEPT
# Global - msft-gc-ssl
$IPT6 -A chk_tcp_inbound -p tcp -m tcp --dport 3269 -j ACCEPT
###############################
# do not modify following rule
$IPT6 -A chk_tcp_inbound -p tcp -j RETURN
###############################
#
### ### ### C3D2 ### ### ###
### ### ### C3D2 ### ### ###
# Global - DNS
$IPT6 -A chk_tcp_inbound -p udp -m udp --dport 53 -j ACCEPT
# Global - Kerberos Auth
$IPT6 -A chk_tcp_inbound -p udp -m udp --dport 88 -j ACCEPT
# Global - NetBIOS Name
$IPT6 -A chk_tcp_inbound -p udp -m udp --dport 137 -j ACCEPT
# Global - NetBIOS Datagram
$IPT6 -A chk_tcp_inbound -p udp -m udp --dport 138 -j ACCEPT
# Global - NetBIOS Session
$IPT6 -A chk_tcp_inbound -p udp -m udp --dport 139 -j ACCEPT
# Global - LDAP
$IPT6 -A chk_tcp_inbound -p udp -m udp --dport 389 -j ACCEPT
# Global - CIFS
$IPT6 -A chk_tcp_inbound -p udp -m udp --dport 445 -j ACCEPT
# Global - Kerberos Change/Set Password
$IPT6 -A chk_tcp_inbound -p udp -m udp --dport 464 -j ACCEPT
###############################
# do not modify following rule
$IPT6 -A chk_udp_inbound -p udp -j RETURN
###############################
# ICMP - allow ping pong
$IPT6 -A chk_icmp_packets -p ipv6-icmp -j ACCEPT
$IPT6 -A chk_icmp_packets -p icmp -j RETURN
### ### ### C3D2 ### ### ###
# EOF
</source>
<source lang="bash">
sudo chmod 555 /root/set_firewall_ipv6.sh
</source>
<source lang="bash">
sudo chattr +i /root/set_firewall_ipv6.sh</source>
<source lang="bash">
vi /etc/rc.local
</source>
<source lang="text">
#!/bin/sh -e
#
/root/set_firewall_ipv6.sh
#
exit 0
</source>
=== Firewallregeln aktivieren ===
<source lang="bash">
/root/set_firewall_ipv6.sh
</source>
<source lang="bash">
ip6tables -S
</source>
[[Kategorie:Infrastruktur]]
Reference in New Issue View Git Blame Copy Permalink