Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ~ # cat /etc/conf.d/net
- # WAN #
- #
- config_enp0s31f6="dhcp"
- #
- # LAN #
- #
- bridge_br0="enp1s0 enp2s0f0 enp2s0f1 enp2s0f2 enp2s0f3"
- config_br0="192.168.1.11/24 2001:db8::11/64"
- bridge_ageing_time_br0="0"
- bridge_stp_state_br0="1"
- bridge_forward_delay_br0="0"
- bridge_hello_time_br0="1000"
- bridge_bridge_priority_br0="0"
- #
- # WWAN (backup) #
- #modules_wlan0="wpa_supplicant"
- #config_wlp0s20f0u10="dhcp"
- cat /var/lib/iptables/rules-save
- # Generated by iptables-save v1.8.9 on Wed Sep 20 12:29:02 2023
- *filter
- :INPUT ACCEPT [27797241404:15907207518606]
- :FORWARD DROP [196976:10714156]
- :OUTPUT ACCEPT [38678167935:37148549968304]
- [240133242:191854119009] -A INPUT -i lo -j ACCEPT
- [109322591620:196714361153610] -A INPUT -i br0 -j ACCEPT
- [29446:1278124] -A INPUT ! -i br0 -p tcp -m tcp --dport 22 -j REJECT --reject-with icmp-port-unreachable
- [24916:1592823] -A INPUT ! -i br0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
- [9619:4386610] -A INPUT ! -i br0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
- [243063:55575386] -A INPUT ! -i br0 -p udp -m udp --dport 137:139 -j REJECT --reject-with icmp-port-unreachable
- [200:10821] -A INPUT ! -i br0 -p tcp -m tcp --dport 58846 -j REJECT --reject-with icmp-port-unreachable
- [912:38540] -A INPUT ! -i br0 -p tcp -m tcp --dport 8112 -j REJECT --reject-with icmp-port-unreachable
- [1982:83316] -A INPUT ! -i br0 -p tcp -m tcp --dport 8200 -j REJECT --reject-with icmp-port-unreachable
- [8850223624:9586955332030] -A FORWARD -d 192.168.1.0/24 -i enp0s31f6 -j ACCEPT
- [4512888605:580052774428] -A FORWARD -s 192.168.1.0/24 -i br0 -j ACCEPT
- COMMIT
- # Completed on Wed Sep 20 12:29:02 2023
- # Generated by iptables-save v1.8.9 on Wed Sep 20 12:29:02 2023
- *mangle
- :PREROUTING ACCEPT [304104204946:391360519978101]
- :INPUT ACCEPT [280120422100:374135947100518]
- :FORWARD ACCEPT [23945083345:17219713113758]
- :OUTPUT ACCEPT [85136553984:86645296768663]
- :POSTROUTING ACCEPT [109116823485:103873796421364]
- COMMIT
- # Completed on Wed Sep 20 12:29:02 2023
- # Generated by iptables-save v1.8.9 on Wed Sep 20 12:29:02 2023
- *nat
- :PREROUTING ACCEPT [1883218325:173042805551]
- :INPUT ACCEPT [1704539209:149579813533]
- :OUTPUT ACCEPT [858394002:63741400962]
- :POSTROUTING ACCEPT [0:0]
- [999803407:82679354670] -A POSTROUTING -j MASQUERADE
- cat /etc/local.d/qos.start
- #!/bin/sh
- ## Paths and definition
- ext=enp0s31f6 # Change for your device!
- ext_ingress=ifb0 # Use a unique ifb per rate limiter!
- # Set these as per your provider's settings, at 90% to start with
- ext_up=20Mbit # Max theoretical: for this example, up is 7.5Mbit
- ext_down=500Mbit # Max theoretical: for this example, down is 90Mbit
- #### commands ####
- tc qdisc del dev $ext root
- tc qdisc del dev $ext ingress
- tc qdisc add dev $ext root cake bandwidth $ext_up
- tc qdisc add dev $ext handle ffff: ingress
- ifconfig $ext_ingress up
- ifconfig $ext_ingress txqueuelen 1000
- tc qdisc del dev $ext_ingress root
- tc qdisc add dev $ext_ingress root cake bandwidth $ext_down #besteffort
- tc filter add dev $ext parent ffff: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev $ext_ingress
- cat /etc/ddclient.conf
- protocol=noip
- server=dynupdate.no-ip.com
- use=if, if=enp0s31f6
- login=aha...
- password=aha...
- aha.ddns.net
- cat /etc/sysctl.conf
- # /etc/sysctl.conf
- #
- # For more information on how this file works, please see
- # the manpages sysctl(8) and sysctl.conf(5).
- #
- # In order for this file to work properly, you must first
- # enable 'Sysctl support' in the kernel.
- #
- # Look in /proc/sys/ for all the things you can setup.
- #
- # When the kernel panics, automatically reboot in 3 seconds
- kernel.panic = 3
- # WAN-LAN IPv4 router settings
- net.ipv4.ip_forward=1
- net.ipv4.conf.default.rp_filter = 1
- net.ipv4.conf.all.rp_filter = 1
- #net.ipv4.conf.default.log_martians=0
- net.ipv4.conf.all.log_martians=0
- #net.ipv6.conf.all.autoconf=0
- #net.ipv6.conf.default.autoconf=0
- #net.ipv6.conf.all.accept_ra=0
- #net.ipv6.conf.default.accept_ra=0
- # page cache, IO, FS tweaks
- fs.inotify.max_user_watches=524288
- vm.dirty_background_ratio = 25
- vm.dirty_ratio = 50
- vm.dirty_expire_centisecs = 0
- vm.dirty_writeback_centisecs = 0
- #vm.vfs_cache_pressure = 50
- #vm.swappiness = 0
- # custom network socket tuning test
- net.core.somaxconn = 65535
- #net.core.netdev_max_backlog = 250000
- #net.ipv4.ipfrag_max_dist = 1000
- net.ipv4.tcp_ecn = 1
- net.ipv4.tcp_invalid_ratelimit = 0
- net.ipv4.tcp_low_latency = 1
- net.ipv4.tcp_max_syn_backlog = 250000
- #net.ipv4.tcp_max_reordering = 1000
- net.ipv4.tcp_retrans_collapse = 0
- #net.ipv4.tcp_syncookies = 0
- net.ipv4.tcp_fastopen = 3
- net.ipv4.icmp_echo_ignore_broadcasts = 0
- net.ipv4.icmp_ratelimit = 0
- #
- #net.core.rmem_max = 4194304
- #net.core.wmem_max = 4194304
- #net.core.rmem_default = 4194304
- #net.core.wmem_default = 4194304
- #net.core.optmem_max = 4194304
- #net.ipv4.tcp_rmem = 4096 87380 4194304
- #net.ipv4.tcp_wmem = 4096 65536 4194304
- cat /etc/samba/smb.conf
- [global]
- #smb ports = 2222 2000
- server string = Samba Server %v
- workgroup = WORKGROUP
- domain master = yes
- wins support = yes
- username map = /etc/samba/smbusers
- #unix password sync = yes
- #passwd program = /bin/passwd %u
- #server min protocol = SMB2
- vfs objects = acl_xattr btrfs io_uring
- inherit owner = yes
- inherit permissions = yes
- inherit acls = yes
- fstype = Samba
- #block size = 65536
- #socket options = TCP_NODELAY IPTOS_LOWDELAY
- load printers = no
- printcap name = /dev/null
- #aio read size = 1
- #aio write size = 1
- #aio max threads = 2
- #aio write behind = true
- [data]
- path = /mnt/data
- writable = yes
- valid users = én
- hosts allow = 192.168.1.
- [surveillance]
- path = /mnt/data/surveillance
- writable = yes
- valid users = én és más
- [temp]
- path = /mnt/temp
- writable = yes
- valid users = én
- hosts allow = 192.168.1.
- ~ # cat /etc/udev/rules.d/60-ioschedulers.rules
- # set scheduler bfq for all SATA drives
- ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/scheduler}="bfq"
- #ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/read_ahead_kb}="0"
- # set scheduler none for all NVMe drives
- ACTION=="add|change", KERNEL=="nvme[0-9]*", ATTR{queue/scheduler}="none"
- ~ # cat /etc/dhcpcd.conf
- noipv6rs
- noipv6
- # A sample configuration for dhcpcd.
- # See dhcpcd.conf(5) for details.
- # Allow users of this group to interact with dhcpcd via the control socket.
- #controlgroup wheel
- # Inform the DHCP server of our hostname for DDNS.
- hostname
- # Use the hardware address of the interface for the Client ID.
- clientid
- # or
- # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
- # Some non-RFC compliant DHCP servers do not reply with this set.
- # In this case, comment out duid and enable clientid above.
- #duid
- # Persist interface configuration when dhcpcd exits.
- persistent
- # vendorclassid is set to blank to avoid sending the default of
- # dhcpcd-<version>:<os>:<machine>:<platform>
- vendorclassid
- # A list of options to request from the DHCP server.
- option domain_name_servers, domain_name, domain_search
- option classless_static_routes
- # Respect the network MTU. This is applied to DHCP routes.
- option interface_mtu
- # Request a hostname from the network
- option host_name
- # Most distributions have NTP support.
- option ntp_servers
- # Rapid commit support.
- # Safe to enable by default because it requires the equivalent option set
- # on the server to actually work.
- option rapid_commit
- # A ServerID is required by RFC2131.
- require dhcp_server_identifier
- # Generate SLAAC address using the Hardware Address of the interface
- #slaac hwaddr
- # OR generate Stable Private IPv6 Addresses based from the DUID
- slaac private
- # Custom edits
- noarp
- # define static profile (to boot smoothly withouth the cablemodem)
- timeout 10
- profile static_enp0s31f6
- static ip_address=192.168.100.11/24
- static routers=192.168.100.1
- static domain_name_servers=192.168.100.1
- interface enp0s31f6
- #fallback static_enp0s31f6
- ~ # cat /etc/dnsmasq.conf
- interface=br0
- no-ping
- dhcp-range=192.168.1.12,192.168.1.250,20m
- dhcp-range=2001:db8::12,2001:db8::250,20m
- enable-ra
- #local=/localnet/
- domain=aha.ddns.net
- dhcp-host=aa:aa:aa:aa:aa:aa,WiFi_AP_1,192.168.1.akármi
- ... és így tovább
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement