January 18, 2023 03:28 · January 6, 2020 23:45 · December 29, 2014 05:49 · January 28, 2025 04:40 · March 29, 2014 05:59 · November 8, 2013 23:27
 diff --git a/dhcp.conf b/dhcp.conf
 index 8c42ef782e..87fe45a7e0 100644
 --- a/dhcp.conf
 +++ b/dhcp.conf
 @@ -21,6 +21,7 @@ config dnsmasq
 	#list bogusnxdomain     '64.94.110.11'
 	option localservice	1  # disable to allow DNS requests from non-local subnets
 	option ednspacket_max	1232
 +	#list addnmount		/some/path # read-only mount path to expose it to dnsmasq
 
 #!/bin/sh

 # Designed for OpenWRT and requires associated "bogons" UCI file.
 #
 # This is still pretty raw now and not formally published.

 # Copyright 2018.
 #
 # Feel free to use, edit, and re-distribute under the BSD 3-clause License.
 # https://opensource.org/licenses/BSD-3-Clause
 #!/bin/sh

 # Extremely-basic Netfilter conditional rule loading example.
 # This uses a pipeline to iptables-restore(8) for atomic loading.

 # In particular, only the filter table is adjusted.

 # Available under the BSD 3-clause license in the hopes this may be a useful
 # example or template.
 # http://opensource.org/licenses/BSD-3-Clause
 # Assumptions: easyrsa3 available in current dir, and functional openssl.
 # This basic example puts the "offline" and "sub" PKI dirs on the same system.
 # A real-world setup would use different systems and transport the public components.

 # Build root CA:
 EASYRSA_PKI=offline ./easyrsa init-pki
 EASYRSA_PKI=offline ./easyrsa build-ca nopass

 # Build sub-CA request:
 EASYRSA_PKI=sub ./easyrsa init-pki
 #!/bin/sh

 # This code available under a BSD 3-clause license
 # http://opensource.org/licenses/BSD-3-Clause

 # argument processing. Pass one of these to effect changes:

 while [ -n "$1" ]
 do
 	case "$1" in
 #!/bin/sh

 usage() {
 	printf "%s\n" "
 $0 Usage:

 Mandatory params:

  --serial=X            set SOA serial to watch for
  --nameserver=NS       set nameserver to query
 This document is now part of my netfilter-samples git project.

 See the project component for resetting netfilter rules by sciprt here:
 https://github.com/QueuingKoala/netfilter-samples/tree/master/reset-rules
 # awk script for converting man2html openvpn output

 {
        # Matching lines means we skip this many
        if ( match($0, "^Content-type: ") ) skip=2
 	if ( match($0, "Return to Main Contents") ) skip=1
 	# Rip out the "Updated" date as it's wrong:
        if ( match($0, "^Section: ") ) 
 		sub("Updated: .*<BR>", "")
 # A fairly basic and somewhat extensible router core ruleset
 # Do not use unless you understand this example as
 # modification for your usage may be required.
 # Assumptions:
 #  * 192.168.7.0/24 is your LAN, connected to if_lan
 #  * if_wan is your uplink, with a dynamic public IP
 # Note: in particular, no local ports are opened, including ssh.
 #   Add whatever remote-access you need to prevent lockouts if this
 #   is not a console-accessible box. You have been warned.
 cat <<-EOF | iptables-restore
 *nat
 :PREROUTING ACCEPT
 :INPUT ACCEPT
 :OUTPUT ACCEPT
 :POSTROUTING ACCEPT
 -A POSTROUTING -o $WAN_IFACE_HERE -j MASQUERADE
 COMMIT
 *filter
 :INPUT DROP
	diff --git a/dhcp.conf b/dhcp.conf
	index 8c42ef782e..87fe45a7e0 100644
	--- a/dhcp.conf
	+++ b/dhcp.conf
	@@ -21,6 +21,7 @@ config dnsmasq
	#list bogusnxdomain '64.94.110.11'
	option localservice 1 # disable to allow DNS requests from non-local subnets
	option ednspacket_max 1232
	+ #list addnmount /some/path # read-only mount path to expose it to dnsmasq
	#!/bin/sh

	# Designed for OpenWRT and requires associated "bogons" UCI file.
	#
	# This is still pretty raw now and not formally published.

	# Copyright 2018.
	#
	# Feel free to use, edit, and re-distribute under the BSD 3-clause License.
	# https://opensource.org/licenses/BSD-3-Clause
	#!/bin/sh

	# Extremely-basic Netfilter conditional rule loading example.
	# This uses a pipeline to iptables-restore(8) for atomic loading.

	# In particular, only the filter table is adjusted.

	# Available under the BSD 3-clause license in the hopes this may be a useful
	# example or template.
	# http://opensource.org/licenses/BSD-3-Clause
	# Assumptions: easyrsa3 available in current dir, and functional openssl.
	# This basic example puts the "offline" and "sub" PKI dirs on the same system.
	# A real-world setup would use different systems and transport the public components.

	# Build root CA:
	EASYRSA_PKI=offline ./easyrsa init-pki
	EASYRSA_PKI=offline ./easyrsa build-ca nopass

	# Build sub-CA request:
	EASYRSA_PKI=sub ./easyrsa init-pki
	#!/bin/sh

	# This code available under a BSD 3-clause license
	# http://opensource.org/licenses/BSD-3-Clause

	# argument processing. Pass one of these to effect changes:

	while [ -n "$1" ]
	do
	case "$1" in
	#!/bin/sh

	usage() {
	printf "%s\n" "
	$0 Usage:

	Mandatory params:

	--serial=X set SOA serial to watch for
	--nameserver=NS set nameserver to query
	This document is now part of my netfilter-samples git project.

	See the project component for resetting netfilter rules by sciprt here:
	https://github.com/QueuingKoala/netfilter-samples/tree/master/reset-rules
	# awk script for converting man2html openvpn output

	{
	# Matching lines means we skip this many
	if ( match($0, "^Content-type: ") ) skip=2
	if ( match($0, "Return to Main Contents") ) skip=1
	# Rip out the "Updated" date as it's wrong:
	if ( match($0, "^Section: ") )
	sub("Updated: .*<BR>", "")
	# A fairly basic and somewhat extensible router core ruleset
	# Do not use unless you understand this example as
	# modification for your usage may be required.
	# Assumptions:
	# * 192.168.7.0/24 is your LAN, connected to if_lan
	# * if_wan is your uplink, with a dynamic public IP
	# Note: in particular, no local ports are opened, including ssh.
	# Add whatever remote-access you need to prevent lockouts if this
	# is not a console-accessible box. You have been warned.
	cat <<-EOF \| iptables-restore
	*nat
	:PREROUTING ACCEPT
	:INPUT ACCEPT
	:OUTPUT ACCEPT
	:POSTROUTING ACCEPT
	-A POSTROUTING -o $WAN_IFACE_HERE -j MASQUERADE
	COMMIT
	*filter
	:INPUT DROP