Compare commits
3 Commits
6c98bfb6c3
...
214091f580
| Author | SHA1 | Date | |
|---|---|---|---|
| 214091f580 | |||
| 82b2f63580 | |||
| fad0a57f67 |
@ -1,16 +1,26 @@
|
|||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEBVVTDmX2XZJDtT7k+KBUN+j9NZq9boCQuHbcJRCPBu windows10.thu.pc
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHh1jekLDzTUDoiVnrPE5PUcpkAlY8KnCup2lKj2H+hw ubuntu2204.alpha.pc
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTwBtjCH6PAU4a61zkdeJ+8pouhztqGi5OIggqnIpyL ubuntu2004.thu.pc
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkqPZESXHYjbCzw51mrQLQEZ+muaBinRVYltz1CEQLl windows10.lenovo.laptop
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkqPZESXHYjbCzw51mrQLQEZ+muaBinRVYltz1CEQLl windows10.lenovo.laptop
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMy/Yvj5sQz6HkLL5ZKcQEuRHhDhNkj/DUaKcSXE4/V7 ubuntu2004.lenovo.laptop
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMy/Yvj5sQz6HkLL5ZKcQEuRHhDhNkj/DUaKcSXE4/V7 ubuntu2004.lenovo.laptop
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXOIi59RqrsORYqCantMkpxJPw6Ty5O8u9kfLKSJDtH ubuntu2204.lenovo.laptop
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXOIi59RqrsORYqCantMkpxJPw6Ty5O8u9kfLKSJDtH ubuntu2204.lenovo.laptop
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHwC4lNhx6Kym+qOYO/IVokQXFVJmhQhGLcQka8UWPeT Terminus
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7R3yS28mJvUc+Qh/Xj79WuBgbTdbmC9y353ZKnTz66 macmini
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJk2kZkpH38Jpv5PlUBP4HMbpMZHeHHzHM2lE6sdqFl mba13
|
||||||
|
|
||||||
|
# WinSCP
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZF1QW8weKduhY2JlPkqI7P3+6k9QBl1PbhqaajIaRy winscp.thu.pc
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZF1QW8weKduhY2JlPkqI7P3+6k9QBl1PbhqaajIaRy winscp.thu.pc
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOHW3PmPjR9awivFipLuD2/zEoH4LhzPyxv7pb/IDIpF winscp.lenovo.laptop
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOHW3PmPjR9awivFipLuD2/zEoH4LhzPyxv7pb/IDIpF winscp.lenovo.laptop
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7R3yS28mJvUc+Qh/Xj79WuBgbTdbmC9y353ZKnTz66 macmini
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJk2kZkpH38Jpv5PlUBP4HMbpMZHeHHzHM2lE6sdqFl mba13.mac.laptop
|
# Terminus
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHwC4lNhx6Kym+qOYO/IVokQXFVJmhQhGLcQka8UWPeT Terminus
|
||||||
|
|
||||||
|
# for work
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUJKU+jfw63rZ7TSa8Zx7yS5yu6Zsm2dQBNuE4CWhnv windows10.hf
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ37I8rVeQQTXujBMbpYWWYEpgx4MnczKrDuSFCTTXMH ubuntu2404.hf
|
||||||
|
|
||||||
# for rsync
|
# for rsync
|
||||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBXZrcPKdwOguuB0IGuhES90obnGvn1UI5+nZy1PrzF+ RsyncForUser
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBXZrcPKdwOguuB0IGuhES90obnGvn1UI5+nZy1PrzF+ nas220-rsync.old
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBAqyLOdwt1Y+krVh0ZuNAy1dcR6w3Don6yIvLXwjDwl nas220-rsync.new
|
||||||
|
|
||||||
# obsoleted
|
# obsoleted
|
||||||
|
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEBVVTDmX2XZJDtT7k+KBUN+j9NZq9boCQuHbcJRCPBu windows10.alpha.pc
|
||||||
|
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTwBtjCH6PAU4a61zkdeJ+8pouhztqGi5OIggqnIpyL ubuntu2004.alpha.pc
|
||||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRlSQRXPW80ezdepIabFhPG5q/0kgImedf/HLdkl06/ JuiceSSH
|
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRlSQRXPW80ezdepIabFhPG5q/0kgImedf/HLdkl06/ JuiceSSH
|
||||||
|
|||||||
@ -15,15 +15,23 @@ add_input_tcp_filter() {
|
|||||||
check_and_add_iptables INPUT -p tcp -m tcp --dport "$1" -m comment --comment "$2" -j ACCEPT
|
check_and_add_iptables INPUT -p tcp -m tcp --dport "$1" -m comment --comment "$2" -j ACCEPT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
add_input_udp_filter() {
|
||||||
|
check_and_add_iptables INPUT -p udp -m udp --dport "$1" -m comment --comment "$2" -j ACCEPT
|
||||||
|
}
|
||||||
|
|
||||||
# allow basic services
|
# allow basic services
|
||||||
add_input_tcp_filter 22 SSH
|
add_input_tcp_filter 22 SSH
|
||||||
add_input_tcp_filter 2263 SSH
|
add_input_tcp_filter 2263 SSH
|
||||||
add_input_tcp_filter 80 HTTP
|
add_input_tcp_filter 80 HTTP
|
||||||
add_input_tcp_filter 443 HTTPS
|
add_input_tcp_filter 443 HTTPS
|
||||||
|
|
||||||
|
# allow TCP
|
||||||
|
# add_input_tcp_filter 111 Tencent
|
||||||
|
# add_input_udp_filter 111 Tencent
|
||||||
|
|
||||||
# allow DNS
|
# allow DNS
|
||||||
check_and_add_iptables INPUT -p tcp --dport 53 -j ACCEPT -m comment --comment "DNS"
|
# add_input_tcp_filter 53 DNS
|
||||||
check_and_add_iptables INPUT -p udp --dport 53 -j ACCEPT -m comment --comment "DNS"
|
# add_input_udp_filter 53 DNS
|
||||||
|
|
||||||
# allow internal network
|
# allow internal network
|
||||||
check_and_add_iptables INPUT -s 127.0.0.0/24 -m comment --comment "Internal Network" -j ACCEPT
|
check_and_add_iptables INPUT -s 127.0.0.0/24 -m comment --comment "Internal Network" -j ACCEPT
|
||||||
@ -36,4 +44,7 @@ check_and_add_iptables INPUT -i lo -j ACCEPT
|
|||||||
# dropped for INPUT by default
|
# dropped for INPUT by default
|
||||||
iptables -P INPUT DROP
|
iptables -P INPUT DROP
|
||||||
|
|
||||||
|
# allow by default
|
||||||
add_input_tcp_filter 9443 gost-proxy
|
add_input_tcp_filter 9443 gost-proxy
|
||||||
|
|
||||||
|
# ====================
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user