Untitled

~ # cat /etc/conf.d/net
# WAN #
#
config_enp0s31f6="dhcp"
#
# LAN #
#
bridge_br0="enp1s0 enp2s0f0 enp2s0f1 enp2s0f2 enp2s0f3"
config_br0="192.168.1.11/24 2001:db8::11/64"
bridge_ageing_time_br0="0"
bridge_stp_state_br0="1"
bridge_forward_delay_br0="0"
bridge_hello_time_br0="1000"
bridge_bridge_priority_br0="0"
#
# WWAN (backup) #
#modules_wlan0="wpa_supplicant"
#config_wlp0s20f0u10="dhcp"


cat /var/lib/iptables/rules-save
# Generated by iptables-save v1.8.9 on Wed Sep 20 12:29:02 2023
*filter
:INPUT ACCEPT [27797241404:15907207518606]
:FORWARD DROP [196976:10714156]
:OUTPUT ACCEPT [38678167935:37148549968304]
[240133242:191854119009] -A INPUT -i lo -j ACCEPT
[109322591620:196714361153610] -A INPUT -i br0 -j ACCEPT
[29446:1278124] -A INPUT ! -i br0 -p tcp -m tcp --dport 22 -j REJECT --reject-with icmp-port-unreachable
[24916:1592823] -A INPUT ! -i br0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
[9619:4386610] -A INPUT ! -i br0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
[243063:55575386] -A INPUT ! -i br0 -p udp -m udp --dport 137:139 -j REJECT --reject-with icmp-port-unreachable
[200:10821] -A INPUT ! -i br0 -p tcp -m tcp --dport 58846 -j REJECT --reject-with icmp-port-unreachable
[912:38540] -A INPUT ! -i br0 -p tcp -m tcp --dport 8112 -j REJECT --reject-with icmp-port-unreachable
[1982:83316] -A INPUT ! -i br0 -p tcp -m tcp --dport 8200 -j REJECT --reject-with icmp-port-unreachable
[8850223624:9586955332030] -A FORWARD -d 192.168.1.0/24 -i enp0s31f6 -j ACCEPT
[4512888605:580052774428] -A FORWARD -s 192.168.1.0/24 -i br0 -j ACCEPT
COMMIT
# Completed on Wed Sep 20 12:29:02 2023
# Generated by iptables-save v1.8.9 on Wed Sep 20 12:29:02 2023
*mangle
:PREROUTING ACCEPT [304104204946:391360519978101]
:INPUT ACCEPT [280120422100:374135947100518]
:FORWARD ACCEPT [23945083345:17219713113758]
:OUTPUT ACCEPT [85136553984:86645296768663]
:POSTROUTING ACCEPT [109116823485:103873796421364]
COMMIT
# Completed on Wed Sep 20 12:29:02 2023
# Generated by iptables-save v1.8.9 on Wed Sep 20 12:29:02 2023
*nat
:PREROUTING ACCEPT [1883218325:173042805551]
:INPUT ACCEPT [1704539209:149579813533]
:OUTPUT ACCEPT [858394002:63741400962]
:POSTROUTING ACCEPT [0:0]
[999803407:82679354670] -A POSTROUTING -j MASQUERADE


cat /etc/local.d/qos.start
#!/bin/sh

## Paths and definition
ext=enp0s31f6           # Change for your device!
ext_ingress=ifb0        # Use a unique ifb per rate limiter!
# Set these as per your provider's settings, at 90% to start with
ext_up=20Mbit           # Max theoretical: for this example, up is 7.5Mbit
ext_down=500Mbit        # Max theoretical: for this example, down is 90Mbit
#### commands ####
tc qdisc del dev $ext root
tc qdisc del dev $ext ingress
tc qdisc add dev $ext root cake bandwidth $ext_up
tc qdisc add dev $ext handle ffff: ingress
ifconfig $ext_ingress up
ifconfig $ext_ingress txqueuelen 1000
tc qdisc del dev $ext_ingress root
tc qdisc add dev $ext_ingress root cake bandwidth $ext_down #besteffort
tc filter add dev $ext parent ffff: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev $ext_ingress


cat /etc/ddclient.conf
protocol=noip
server=dynupdate.no-ip.com
use=if, if=enp0s31f6
login=aha...
password=aha...
aha.ddns.net


cat /etc/sysctl.conf
# /etc/sysctl.conf
#
# For more information on how this file works, please see
# the manpages sysctl(8) and sysctl.conf(5).
#
# In order for this file to work properly, you must first
# enable 'Sysctl support' in the kernel.
#
# Look in /proc/sys/ for all the things you can setup.
#

# When the kernel panics, automatically reboot in 3 seconds
kernel.panic = 3

# WAN-LAN IPv4 router settings
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
#net.ipv4.conf.default.log_martians=0
net.ipv4.conf.all.log_martians=0
#net.ipv6.conf.all.autoconf=0
#net.ipv6.conf.default.autoconf=0
#net.ipv6.conf.all.accept_ra=0
#net.ipv6.conf.default.accept_ra=0

# page cache, IO, FS tweaks
fs.inotify.max_user_watches=524288
vm.dirty_background_ratio = 25
vm.dirty_ratio = 50
vm.dirty_expire_centisecs = 0
vm.dirty_writeback_centisecs = 0
#vm.vfs_cache_pressure = 50
#vm.swappiness = 0

# custom network socket tuning test
net.core.somaxconn = 65535
#net.core.netdev_max_backlog = 250000
#net.ipv4.ipfrag_max_dist = 1000
net.ipv4.tcp_ecn = 1
net.ipv4.tcp_invalid_ratelimit = 0
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_max_syn_backlog = 250000
#net.ipv4.tcp_max_reordering = 1000
net.ipv4.tcp_retrans_collapse = 0
#net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_fastopen = 3
net.ipv4.icmp_echo_ignore_broadcasts = 0
net.ipv4.icmp_ratelimit = 0
#
#net.core.rmem_max = 4194304
#net.core.wmem_max = 4194304
#net.core.rmem_default = 4194304
#net.core.wmem_default = 4194304
#net.core.optmem_max = 4194304
#net.ipv4.tcp_rmem = 4096 87380 4194304
#net.ipv4.tcp_wmem = 4096 65536 4194304


cat /etc/samba/smb.conf
[global]
#smb ports = 2222 2000
server string = Samba Server %v
workgroup = WORKGROUP
domain master = yes
wins support = yes
username map = /etc/samba/smbusers
#unix password sync = yes
#passwd program = /bin/passwd %u
#server min protocol = SMB2
vfs objects = acl_xattr btrfs io_uring
inherit owner = yes
inherit permissions = yes
inherit acls = yes
fstype = Samba
#block size = 65536
#socket options = TCP_NODELAY IPTOS_LOWDELAY
load printers = no
printcap name = /dev/null
#aio read size = 1
#aio write size = 1
#aio max threads = 2
#aio write behind = true

[data]
path = /mnt/data
writable = yes
valid users = én
hosts allow = 192.168.1.

[surveillance]
path = /mnt/data/surveillance
writable = yes
valid users = én és más

[temp]
path = /mnt/temp
writable = yes
valid users = én
hosts allow = 192.168.1.


~ # cat /etc/udev/rules.d/60-ioschedulers.rules
# set scheduler bfq for all SATA drives
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/scheduler}="bfq"
#ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/read_ahead_kb}="0"
# set scheduler none for all NVMe drives
ACTION=="add|change", KERNEL=="nvme[0-9]*", ATTR{queue/scheduler}="none"


~ # cat /etc/dhcpcd.conf
noipv6rs
noipv6
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
#duid

# Persist interface configuration when dhcpcd exits.
persistent

# vendorclassid is set to blank to avoid sending the default of
# dhcpcd-<version>:<os>:<machine>:<platform>
vendorclassid

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search
option classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu

# Request a hostname from the network
option host_name

# Most distributions have NTP support.
option ntp_servers

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private

# Custom edits
noarp

# define static profile (to boot smoothly withouth the cablemodem)
timeout 10
profile static_enp0s31f6
static ip_address=192.168.100.11/24
static routers=192.168.100.1
static domain_name_servers=192.168.100.1
interface enp0s31f6
#fallback static_enp0s31f6


~ # cat /etc/dnsmasq.conf
interface=br0
no-ping
dhcp-range=192.168.1.12,192.168.1.250,20m
dhcp-range=2001:db8::12,2001:db8::250,20m
enable-ra
#local=/localnet/
domain=aha.ddns.net
dhcp-host=aa:aa:aa:aa:aa:aa,WiFi_AP_1,192.168.1.akármi
... és így tovább