{"id":1817,"date":"2020-09-23T13:12:57","date_gmt":"2020-09-23T11:12:57","guid":{"rendered":"http:\/\/clark.tipistrani.it\/?p=1817"},"modified":"2020-09-23T13:12:57","modified_gmt":"2020-09-23T11:12:57","slug":"ale401-sh","status":"publish","type":"post","link":"http:\/\/clark.tipistrani.it\/?p=1817","title":{"rendered":"ale401.sh"},"content":{"rendered":"<p>Questo \u00e8 lo script di lancio del firewall con nftables, resto ostinatamente fedele a sysv e pertanto uso questi.<\/p>\n<p>In realt\u00e0 questo pi\u00f9 che uno script \u00e8 una &#8220;matrioska&#8221;, perch\u00e9 contiene tag LSB a parte solo delle chiamate di altri script<\/p>\n<p>#!\/bin\/bash -x<br \/>\n### BEGIN INIT INFO<br \/>\n# Provides: nftables<br \/>\n# Required-Start: $local_fs $network $remote_fs $syslog<br \/>\n# Required-Stop: $local_fs $remote_fs $syslog<br \/>\n# Default-Start: 2 3 4 5<br \/>\n# Default-Stop: 0 1 6<br \/>\n# Short-Description: nftables firewall service<br \/>\n# Description: nftables firewall system service<br \/>\n### END INIT INFO<br \/>\n\/usr\/local\/bin\/vars.sh<br \/>\n### i parametri da passare al kernel sono in \/etc\/sysctl.d\/ale.conf<br \/>\n\/usr\/sbin\/nft -f \/usr\/local\/bin\/ale.nft<br \/>\n### https:\/\/github.com\/kubax\/blocklist-with-nftables<br \/>\n\/usr\/bin\/perl \/usr\/local\/bin\/blocklist\/blocklist.pl &gt; \/dev\/null<\/p>\n<p>Quest&#8217;ultimo script di cui parleremo pi\u00f9 avanti in sostanza scarica una lista di IP da diversi siti e crea un set ipv4 e uno ipv6 che vengono negati.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Questo \u00e8 lo script di lancio del firewall con nftables, resto ostinatamente fedele a sysv e pertanto uso questi. In realt\u00e0 questo pi\u00f9 che uno script \u00e8 una &#8220;matrioska&#8221;, perch\u00e9 contiene tag LSB a parte solo delle chiamate di altri script #!\/bin\/bash -x ### BEGIN INIT INFO # Provides: nftables # Required-Start: $local_fs $network $remote_fs [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[109,8,14,6],"tags":[123,111,107],"class_list":["post-1817","post","type-post","status-publish","format-standard","hentry","category-firewall","category-linux","category-networking","category-work","tag-bash","tag-firewall","tag-init-script"],"_links":{"self":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/1817","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1817"}],"version-history":[{"count":2,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/1817\/revisions"}],"predecessor-version":[{"id":1823,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/1817\/revisions\/1823"}],"wp:attachment":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1817"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1817"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}