mirror of
git://git.acid.vegas/random.git
synced 2024-12-04 21:46:40 +00:00
Added mkvpns cript
This commit is contained in:
parent
03bfdd4248
commit
fd8090d863
@ -1,82 +0,0 @@
|
|||||||
/* context menu - blank */
|
|
||||||
#context-back,#context-bookmarkpage,#context-forward,#context-inspect,#context-navigation,#context-pocket,#context-reload,#context-savepage,#context-selectall,#context-sendpagetodevice,#context-sep-navigation,#context-sep-sendpagetodevice,#context-sep-viewbgimage,#context-sep-viewsource,#context-stop,#context-viewinfo,#context-viewsource,#inspect-separator,#screenshots_mozilla_org_create-screenshot{display:none !important}
|
|
||||||
|
|
||||||
/* context menu - frame */
|
|
||||||
#context-bookmarkframe,#context-openframe,#context-openframeintab,#context-printframe,#context-printframe + menuseparator,#context-reloadframe,#context-reloadframe + menuseparator,#context-saveframe,#context-saveframe + menuseparator,#context-showonlythisframe,#context-viewframeinfo,#context-viewframesource,#open-frame-sep{display:none !important}
|
|
||||||
|
|
||||||
/* context menu - image */
|
|
||||||
#context-reloadimage,#context-sendimage,#context-sep-copyimage,#context-setDesktopBackground,#context-viewimageinfo{display:none !important}
|
|
||||||
|
|
||||||
/* context menu - input */
|
|
||||||
#context-bidi-page-direction-toggle,#context-bidi-text-direction-toggle,#context-copy,#context-cut,#context-delete,#context-keywordfield,#context-paste,#context-selectall,#context-sep-bidi,#context-sep-paste,#context-sep-undo,#context-undo,#fill-login,#fill-login-separator,#spell-add-dictionaries-main,#spell-check-enabled,#spell-dictionaries,#spell-separator{display:none !important}
|
|
||||||
|
|
||||||
/* context menu - link */
|
|
||||||
#context-bookmarklink,#context-openlink,#context-openlinkinusercontext-menu,#context-openlinkprivate,#context-savelinktopocket,#context-searchselect,#context-sendlinktodevice,#context-sep-open,#context-sep-sendlinktodevice{display:none !important}
|
|
||||||
|
|
||||||
/* context menu - media */
|
|
||||||
#context-sendaudio{display:none !important}
|
|
||||||
|
|
||||||
/* context menu - page action */
|
|
||||||
#pageAction-panel-addSearchEngine,#pageAction-panel-bookmark,#pageAction-panel-bookmarkSeparator,#pageAction-panel-builtInSeparator,#pageAction-panel-copyURL,#pageAction-panel-emailLink,#pageAction-panel-pocket,#pageAction-panel-screenshots,#pageAction-panel-sendToDevice,#pageAction-panel-transientSeparator,#pageAction-panel-webcompat-reporter-button{display:none !important}
|
|
||||||
|
|
||||||
/* context menu - select */
|
|
||||||
#context-viewpartialsource-selection{display:none !important}
|
|
||||||
|
|
||||||
/* context menu - side bar */
|
|
||||||
#placesContext_copy,#placesContext_createBookmark,#placesContext_cut,#placesContext_deleteHost,#placesContext_deleteSeparator,#placesContext_delete_history,#placesContext_editSeparator,#placesContext_openLinks:tabs,#placesContext_open:newprivatewindow,#placesContext_open:newwindow,#placesContext_paste,#placesContext_reload{display:none !important}
|
|
||||||
|
|
||||||
/* context menu - tab */
|
|
||||||
#context_closeOtherTabs,#context_closeTabsToTheEnd,#context_duplicateTab,#context_duplicateTab + menuseparator,#context_moveTabOptions,#context_pinSelectedTabs,#context_reloadSelectedTabs,#context_reloadTab,#context_reopenInContainer,#context_sendTabToDevice,#context_sendTabToDevice + menuseparator,#context_toggleMuteSelectedTabs,#context_undoCloseTab,#context_unpinSelectedTabs{display:none !important}
|
|
||||||
|
|
||||||
/* context menu - tool bar */
|
|
||||||
#toggle_PersonalToolbar,#toggle_toolbar-menubar,#toolbar-context-bookmarkSelectedTab,#toolbar-context-bookmarkSelectedTabs,#toolbar-context-reloadSelectedTab,#toolbar-context-reloadSelectedTabs,#toolbar-context-selectAllTabs,#toolbar-context-undoCloseTab,#toolbar-context-undoCloseTab + menuseparator,.customize-context-autoHide,.customize-context-manageExtension,.customize-context-moveToPanel,.customize-context-removeExtension,.customize-context-removeExtension + menuseparator,.customize-context-removeFromToolbar,.viewCustomizeToolbar{display:none !important}
|
|
||||||
|
|
||||||
|
|
||||||
/* context menu - url bar */
|
|
||||||
#urlbar menuitem[anonid="paste-and-go"],#urlbar menuitem[cmd="cmd_copy"],#urlbar menuitem[cmd="cmd_cut"],#urlbar menuitem[cmd="cmd_delete"],#urlbar menuitem[cmd="cmd_delete"] + menuseparator,#urlbar menuitem[cmd="cmd_paste"],#urlbar menuitem[cmd="cmd_selectAll"],#urlbar menuitem[cmd="cmd_undo"],#urlbar menuitem[cmd="cmd_undo"] + menuseparator{display:none !important}
|
|
||||||
|
|
||||||
/* find bar - hide extra options */
|
|
||||||
.findbar-entire-word, .findbar-case-sensitive, .findbar-highlight {visibility: collapse !important}
|
|
||||||
|
|
||||||
/* nav bar - hide back & forward buttons */
|
|
||||||
:-moz-any(#back-button, #forward-button){display:none !important}
|
|
||||||
|
|
||||||
/* nav bar - hide hamburger button */
|
|
||||||
#PanelUI-menu-button{display:none}
|
|
||||||
|
|
||||||
/* nav + tab bar merge */
|
|
||||||
:root[uidensity=compact]{--tabs-margin-left:3em;--space-before-tabs:34.5em;--space-after-tabs:2em;--nav-margin-top:-1.9em;--menu-margin-top:0.05em}
|
|
||||||
#TabsToolbar{margin-left:var(--tabs-margin-left) !important;padding-left:var(--space-before-tabs) !important;margin-right:var(--space-after-tabs) !important;margin-bottom:-0.1em; !important}
|
|
||||||
#nav-bar{margin-top:var(--nav-margin-top) !important;margin-right:60vw !important;margin-bottom:-0.1em !important;background-color:transparent !important}
|
|
||||||
|
|
||||||
/* side bar - hide header & search */
|
|
||||||
#sidebar-header,#sidebar-search-container{display:none}
|
|
||||||
|
|
||||||
/* tab bar - close button on hover only */
|
|
||||||
.tabbrowser-tab:not([selected]):not([pinned]) .tab-close-button{display:none !important}
|
|
||||||
.tabbrowser-tab:not([selected]):not([pinned]):hover .tab-close-button{display:-moz-box !important}
|
|
||||||
|
|
||||||
/* tab bar - hide buttons */
|
|
||||||
.tabbrowser-strip *[class^="scrollbutton"], .tabbrowser-strip *[class^="tabs-alltabs"], .tabbrowser-strip *[class^="tabs-newtab-button"]{display:none}
|
|
||||||
|
|
||||||
/* tool bar - compact icons */
|
|
||||||
#widget-overflow-fixed-list{display:grid;grid-template-rows:repeat(1,1.5em);grid-template-columns:repeat(20, 15em)}
|
|
||||||
#widget-overflow-fixed-list .toolbarbutton-1 > .toolbarbutton-text{display:none !important}
|
|
||||||
|
|
||||||
/* url bar - hide bookmark star */
|
|
||||||
#star-button{display:none !important}
|
|
||||||
|
|
||||||
/* url bar - hide dropdown */
|
|
||||||
.urlbar-history-dropmarker{display:none !important}
|
|
||||||
|
|
||||||
/* url bar - hide feed button */
|
|
||||||
#feed-button {display:none !important}
|
|
||||||
|
|
||||||
/* url bar - hide info icon */
|
|
||||||
#urlbar:not(.grantedPermissions) #identity-icon{transition:300ms !important;opacity:0 !important;-moz-margin-end:-1.1em !important}
|
|
||||||
|
|
||||||
/* url bar - hide page actions */
|
|
||||||
#pageActionButton{display:none !important}
|
|
||||||
|
|
||||||
#urlbar-container {max-width: 400px !important;}
|
|
||||||
#search-container {max-width: 200px !important;}
|
|
@ -1,4 +0,0 @@
|
|||||||
/* color blank pages for dark theme */
|
|
||||||
@-moz-document url("about:blank"){*:empty:not([id]):not([style]){background-color:#474749 !important;}}
|
|
||||||
@-moz-document url("about:home"), url("about:newtab"){.activity-stream{background-color:#474749 !important;}}
|
|
||||||
@-moz-document url("about:newtab"){input#newtab-customize-button{display:none !important;}}
|
|
@ -1,68 +0,0 @@
|
|||||||
// custom prefs
|
|
||||||
lockPref("accessibility.typeaheadfind.autostart", false) // http://kb.mozillazine.org/Accessibility.typeaheadfind.autostart
|
|
||||||
lockPref("accessibility.typeaheadfind.enablesound", false) // http://kb.mozillazine.org/Accessibility.typeaheadfind.enablesound
|
|
||||||
lockPref("app.update.auto", false) // http://kb.mozillazine.org/App.update.auto
|
|
||||||
lockPref("app.update.enabled", true) // http://kb.mozillazine.org/App.update.enabled
|
|
||||||
lockPref("beacon.enabled", false)
|
|
||||||
lockPref("browser.aboutHomeSnippets.updateUrl", "")
|
|
||||||
lockPref("browser.backspace_action", 0) // http://kb.mozillazine.org/Browser.backspace_action
|
|
||||||
lockPref("browser.bookmarks.max_backups", 0) // http://kb.mozillazine.org/Browser.bookmarks.max_backups
|
|
||||||
lockPref("browser.cache.check_doc_frequency", 3) // http://kb.mozillazine.org/Browser.cache.check_doc_frequency
|
|
||||||
lockPref("browser.cache.disk.enable", false) // http://kb.mozillazine.org/Browser.cache.disk.enable
|
|
||||||
lockPref("browser.cache.disk_cache_ssl", false) // http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
|
|
||||||
lockPref("browser.cache.memory.capacity", -1) // http://kb.mozillazine.org/Browser.cache.memory.capacity
|
|
||||||
lockPref("browser.cache.memory.enable", true) // http://kb.mozillazine.org/Browser.cache.memory.enable
|
|
||||||
lockPref("browser.cache.offline.enable", false) // http://kb.mozillazine.org/Browser.cache.offline.enable
|
|
||||||
lockPref("browser.chrome.site_icons", false) // http://kb.mozillazine.org/Browser.chrome.site_icons
|
|
||||||
lockPref("browser.chrome.toolbar_tips", false) // http://kb.mozillazine.org/Browser.chrome.toolbar_tips
|
|
||||||
lockPref("browser.download.manager.addToRecentDocs", false) // http://kb.mozillazine.org/Browser.download.manager.addToRecentDocs
|
|
||||||
lockPref("browser.formfill.enable", false)
|
|
||||||
lockPref("browser.link.open_newwindow", 3) // http://kb.mozillazine.org/Browser.link.open_newwindow
|
|
||||||
lockPref("browser.link.open_newwindow.restriction", 0) // http://kb.mozillazine.org/Browser.link.open_newwindow.restriction
|
|
||||||
lockPref("browser.newtabpage.enabled", false)
|
|
||||||
lockPref("browser.privatebrowsing.autostart", true)
|
|
||||||
lockPref("browser.safebrowsing.malware.enabled", false)
|
|
||||||
lockPref("browser.safebrowsing.phishing.enabled", false)
|
|
||||||
lockPref("browser.safebrowsing.downloads.enabled", false)
|
|
||||||
lockPref("browser.search.suggest.enabled", false) // http://kb.mozillazine.org/Browser.search.suggest.enabled
|
|
||||||
lockPref("browser.send_pings", false) // http://kb.mozillazine.org/Browser.send_pings
|
|
||||||
lockPref("browser.sessionhistory.max_total_viewers", 3) // http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers
|
|
||||||
lockPref("browser.sessionstore.max_resumed_crashes", 0) // http://kb.mozillazine.org/Browser.sessionstore.max_resumed_crashes
|
|
||||||
lockPref("browser.sessionstore.max_tabs_undo", 3) // http://kb.mozillazine.org/Browser.sessionstore.max_tabs_undo
|
|
||||||
lockPref("browser.sessionstore.privacy_level", 2) // http://kb.mozillazine.org/Browser.sessionstore.privacy_level
|
|
||||||
lockPref("browser.sessionstore.resume_from_crash", false) // http://kb.mozillazine.org/Browser.sessionstore.resume_from_crash
|
|
||||||
lockPref("browser.startup.page", 0) // http://kb.mozillazine.org/Browser.startup.page
|
|
||||||
lockPref("browser.tabs.crashReporting.sendReport", false)
|
|
||||||
lockPref("browser.urlbar.autoFill", false)
|
|
||||||
lockPref("browser.urlbar.autocomplete.enabled", false)
|
|
||||||
lockPref("browser.urlbar.maxRichResults", 0) // http://kb.mozillazine.org/Browser.urlbar.maxRichResults
|
|
||||||
lockPref("browser.zoom.siteSpecific", false)
|
|
||||||
lockPref("dom.battery.enabled", false)
|
|
||||||
lockPref("dom.event.clipboardevents.enabled", false)
|
|
||||||
lockPref("dom.event.contextmenu.enabled", false)
|
|
||||||
lockPref("general.warnOnAboutConfig", false) // http://kb.mozillazine.org/General.warnOnAboutConfig
|
|
||||||
lockPref("geo.enabled", false)
|
|
||||||
lockPref("extensions.pocket.enabled", false)
|
|
||||||
lockPref("extensions.screenshots.disabled", true)
|
|
||||||
lockPref("image.animation_mode", "once")
|
|
||||||
lockPref("layout.spellcheckDefault", 0)
|
|
||||||
lockPref("network.cookie.cookieBehavior", 1) // http://kb.mozillazine.org/Network.cookie.cookieBehavior
|
|
||||||
lockPref("network.cookie.lifetimePolicy", 2) // http://kb.mozillazine.org/Network.cookie.lifetimePolicy
|
|
||||||
lockPref("network.dns.disablePrefetch", true) // http://kb.mozillazine.org/Network.dns.disablePrefetch
|
|
||||||
lockPref("network.dnsCacheEntries", 10) // http://kb.mozillazine.org/Network.dnsCacheEntries
|
|
||||||
lockPref("network.http.referer.XOriginPolicy", 0)
|
|
||||||
lockPref("network.http.referer.spoofSource", true)
|
|
||||||
lockPref("network.http.sendRefererHeader", 0)
|
|
||||||
lockPref("network.IDN_show_punycode", true) // http://kb.mozillazine.org/Network.IDN_show_punycode
|
|
||||||
lockPref("network.prefetch-next", false) // http://kb.mozillazine.org/Network.prefetch-next
|
|
||||||
lockPref("places.history.enabled", false)
|
|
||||||
lockPref("signon.autofillForms", false) // http://kb.mozillazine.org/Signon.autofillForms
|
|
||||||
lockPref("plugins.flashBlock.enabled", true)
|
|
||||||
lockPref("privacy.clearOnShutdown.*", true)
|
|
||||||
lockPref("privacy.cpd.*", true)
|
|
||||||
lockPref("privacy.donottrackheader.enabled", true)
|
|
||||||
lockPref("privacy.sanitize.sanitizeOnShutdown", true)
|
|
||||||
lockPref("privacy.trackingprotection.enabled", true)
|
|
||||||
lockPref("reader.parse-on-load.enabled", false)
|
|
||||||
lockPref("security.dialog_enable_delay", 0)
|
|
||||||
lockPref("toolkit.cosmeticAnimations.enabled", false)
|
|
@ -1,6 +1,6 @@
|
|||||||
# Cloud Provider Reviews
|
# Cloud Provider Reviews
|
||||||
|
|
||||||
###### BuyVM
|
## BuyVM
|
||||||
The most recommended out of this list in my opinion.
|
The most recommended out of this list in my opinion.
|
||||||
|
|
||||||
Entire support team is on Discord/IRC & very responsive.
|
Entire support team is on Discord/IRC & very responsive.
|
||||||
@ -9,7 +9,7 @@ Offers Path.net DDoS protection for 3$ per IP address.
|
|||||||
|
|
||||||
Only issue is streaming shit like Jitsi is TERRIBLE on Path.net
|
Only issue is streaming shit like Jitsi is TERRIBLE on Path.net
|
||||||
|
|
||||||
###### OVH
|
## OVH
|
||||||
The aboslute WORST provider I have ever used in my entire existence. I was a customer of their for almost 10 years, so I have some merit in what I am about to say.
|
The aboslute WORST provider I have ever used in my entire existence. I was a customer of their for almost 10 years, so I have some merit in what I am about to say.
|
||||||
|
|
||||||
OVH used to be the KING, half of EFNet would use them, and SuperNETs was ran entirely behind a swarm of OVH boxes, but their services have gone to shit over the years...drastically.
|
OVH used to be the KING, half of EFNet would use them, and SuperNETs was ran entirely behind a swarm of OVH boxes, but their services have gone to shit over the years...drastically.
|
||||||
@ -24,23 +24,21 @@ Their have VERY strict anti-fraud policies now, and require a picture of you ID
|
|||||||
|
|
||||||
THE ONLY GOOD THING ABOUT OVH is that, because they have a non-existent support team, in turn they also have a non-existent abuse team. You can do anythiung you want really & they wont ever get involved. Not only that, but their RBX location is a BEAST at handling DDoS, even better than Path.net it seems.
|
THE ONLY GOOD THING ABOUT OVH is that, because they have a non-existent support team, in turn they also have a non-existent abuse team. You can do anythiung you want really & they wont ever get involved. Not only that, but their RBX location is a BEAST at handling DDoS, even better than Path.net it seems.
|
||||||
|
|
||||||
Lastly, dedishops.com is a recommended reseller of OVH, if you want OVH resources/prtection, do not want to deal with OVH itself, get on dedishops.com & cop a GAME-2 server.
|
## Tempest Hosting
|
||||||
|
|
||||||
###### Tempest Hosting
|
|
||||||
They 100% lie about the speeds they offer LOL. Claiming 10gbp/s on a 60$ server. You can google about how fraudulent their claimed speeds really are...
|
They 100% lie about the speeds they offer LOL. Claiming 10gbp/s on a 60$ server. You can google about how fraudulent their claimed speeds really are...
|
||||||
|
|
||||||
ALSO, when I tried to use them, thye couldnt even spin up a debian box for me. Was stuck on installing for 4 hours and it took them 3 days until I finally said fuckyou, give me my money back.
|
ALSO, when I tried to use them, thye couldnt even spin up a debian box for me. Was stuck on installing for 4 hours and it took them 3 days until I finally said fuckyou, give me my money back.
|
||||||
|
|
||||||
Terrible first impressins, their infra and dev team is kind fo clueless. Do not use these guys. They are owned by PATH.NET but they are garbage.
|
Terrible first impressins, their infra and dev team is kind fo clueless. Do not use these guys. They are owned by PATH.NET but they are garbage.
|
||||||
|
|
||||||
###### NFO Servers
|
## NFO Servers
|
||||||
Over-priced junk. Servers are all vulnerable to local DOSing, the SuperNETs IRCd was being !smoke flooded and it knocked out 3 nodes from ACK packets recieved from the IRCd.
|
Over-priced junk. Servers are all vulnerable to local DOSing, the SuperNETs IRCd was being !smoke flooded and it knocked out 3 nodes from ACK packets recieved from the IRCd.
|
||||||
|
|
||||||
DDoS protectin is terrible and bypassed easily. Opers had ZERO clue about it on their end...tells you alot right there. Still vulnerable. Refused to delete my information when requiested aswell.
|
DDoS protectin is terrible and bypassed easily. Opers had ZERO clue about it on their end...tells you alot right there. Still vulnerable. Refused to delete my information when requiested aswell.
|
||||||
|
|
||||||
Speeds for unmetered are under 100mpbs and pricey as fuck.
|
Speeds for unmetered are under 100mpbs and pricey as fuck.
|
||||||
|
|
||||||
###### DediShops
|
## DediShops
|
||||||
Their "firewall" limits you to only like 10 rules...so if you have a complex network setup, these guys are USELESS. They re-sell OVH boxes, specifically the RBX ones, which typically have great DDoS protectin...but just like OVH, DediShops ahs zero support team.
|
Their "firewall" limits you to only like 10 rules...so if you have a complex network setup, these guys are USELESS. They re-sell OVH boxes, specifically the RBX ones, which typically have great DDoS protectin...but just like OVH, DediShops ahs zero support team.
|
||||||
|
|
||||||
My ticket went 2 weeks with no respnose, and then they prevent you from opening any more tickets or replying to your own ticket. Never using them again.
|
My ticket went 2 weeks with no respnose, and then they prevent you from opening any more tickets or replying to your own ticket. Never using them again.
|
45
iptables.sh
45
iptables.sh
@ -1,45 +0,0 @@
|
|||||||
### 1: Drop invalid packets ###
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
|
|
||||||
|
|
||||||
### 2: Drop TCP packets that are new and are not SYN ###
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
|
|
||||||
|
|
||||||
### 3: Drop SYN packets with suspicious MSS value ###
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
|
|
||||||
|
|
||||||
### 4: Block packets with bogus TCP flags ###
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
|
|
||||||
|
|
||||||
### 5: Block spoofed packets ###
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
|
|
||||||
|
|
||||||
### 6: Drop ICMP (you usually don't need this protocol) ###
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP
|
|
||||||
|
|
||||||
### 7: Drop fragments in all chains ###
|
|
||||||
/sbin/iptables -t mangle -A PREROUTING -f -j DROP
|
|
||||||
|
|
||||||
### 8: Limit connections per source IP ###
|
|
||||||
/sbin/iptables -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset
|
|
||||||
|
|
||||||
### 9: Limit RST packets ###
|
|
||||||
/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT
|
|
||||||
/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
|
|
||||||
|
|
||||||
### 10: Limit new TCP connections per second per source IP ###
|
|
||||||
/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT
|
|
||||||
/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
|
|
43
mkvpn
Executable file
43
mkvpn
Executable file
@ -0,0 +1,43 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
if [ $(id -u) -ne 0 ]; then
|
||||||
|
echo "error: must be ran as root" && exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
apt-get update
|
||||||
|
apt-get install wireguard-tools -y
|
||||||
|
|
||||||
|
sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p # add to conf
|
||||||
|
|
||||||
|
gen_server() {
|
||||||
|
umask 077
|
||||||
|
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
|
||||||
|
|
||||||
|
{
|
||||||
|
printf "[Interface]\n"
|
||||||
|
printf "Address = 10.0.0.1/24, fd00:db8:0:0::1/64\n" # IPv4 and IPv6 addresses
|
||||||
|
printf "SaveConfig = true\n"
|
||||||
|
printf "ListenPort = CHANGEME\n"
|
||||||
|
printf "PrivateKey = $(cat /etc/wireguard/privatekey)\n\n"
|
||||||
|
printf "[Peer]\n"
|
||||||
|
printf "PublicKey = $(cat /etc/wireguard/client1_publickey)\n" # Client 1 public key
|
||||||
|
printf "AllowedIPs = 10.0.0.2/32, fd00:db8:0:0::2/128\n" # IPv4 and IPv6 for Client 1
|
||||||
|
printf "MaxConnections = 5\n"
|
||||||
|
} > /etc/wireguard/wg0.conf
|
||||||
|
|
||||||
|
systemctl enable wg-quick@wg0 && systemctl start wg-quick@wg0
|
||||||
|
}
|
||||||
|
|
||||||
|
gen_client() {
|
||||||
|
wg genkey | tee privatekey | wg pubkey > publickey
|
||||||
|
{
|
||||||
|
printf "[Interface]\n"
|
||||||
|
printf "Address = 10.0.0.2/32\n" # NEED V6
|
||||||
|
printf "PrivateKey = $(cat /path/to/client/privatekey)\n" # Client's private key
|
||||||
|
printf "DNS = 8.8.8.8\n\n" # DNS server (can we exclude to allow machine)
|
||||||
|
|
||||||
|
printf "[Peer]\n"
|
||||||
|
printf "PublicKey = $(cat /path/to/server/publickey)\n" # Server's public key
|
||||||
|
printf "AllowedIPs = 0.0.0.0/0, ::/0\n" # Route all traffic through VPN
|
||||||
|
printf "Endpoint = [Server's IP Address]:[Server's ListenPort]\n" # Server endpoint
|
||||||
|
} > /path/to/client/wg0.conf
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user