共有 274 篇文章
📅 最近更新
Iptables deny ip
2023-02-15
- 2024-09-18
only permit china ip
1systemctl stop firewalld.service
2systemctl disable firewalld.service
3
4yum install ipset
5yum install iptables-services
清空之前的规则
1iptables -P INPUT ACCEPT
2iptables -F
创建一个名为cnip的规则
1ipset -N cnip hash:net
2ipset save
3# 下载国家IP段,这里以中国为例
4wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone
5# 将IP段添加到cnip规则中
6for i in $(cat /root/cn.zone ); do ipset -A cnip $i; done
7
8ipset save cnip -f /etc/ipset.cnip
9/sbin/ipset restore -f /etc/ipset.cnip
放行IP段
1iptables -A INPUT -p tcp -m set --match-set cnip src -j ACCEPT
关掉指定端口
1iptables -P INPUT DROP
2# 关闭指定端口,比如80/443
3iptables -A INPUT -p tcp --dport 80 -j DROP
4iptables -A INPUT -p tcp --dport 443 -j DROP
5
6# 将参数里的-A改成-D就是删除规则了,如
7iptables -D INPUT -p tcp -m set --match-set cnip src -j ACCEPT
8iptables -D INPUT -p tcp --dport 443 -j DROP
9
10# save
11iptables-save > /etc/sysconfig/iptalbes
12iptables-save > /etc/iptables-script
13# restore
14iptables-restore > /etc/sysconfig/iptables
15iptables-restore > /etc/iptables-script
接受全部中国IP
1#全部接受中国IP
2-A INPUT -m set --match-set china src -j ACCEPT
3#接受中国IP访问本机特定端口特定协议(例如5060UDP协议),freeswitch一般要用这条,直接具体到端口协议
4-A INPUT -m set --match-set china src -p udp -m udp --dport 5060 -j ACCEPT
5#接受中国IP的ping响应
6-A INPUT -m set --match-set china src -p icmp -j ACCEPT
1#!/bin/bash
2ipset create china hash:net hashsize 1024 maxelem 65536
3rm -f cn.zone
4wget http://www.ipdeny.com/ipblocks/data/countries/cn.zone
5for i in `cat cn.zone`
6do
7ipset add china $i
8done
1#!/bin/bash
2ipset create hongkong hash:net hashsize 1024 maxelem 65536
3rm -f hk.zone
4wget http://www.ipdeny.com/ipblocks/data/countries/hk.zone
5for i in `cat hk.zone`
6do
7ipset add hongkong $i
8done
配置文件
1vim /etc/sysconfig/iptables
1*filter
2:INPUT ACCEPT [0:0]
3:FORWARD ACCEPT [0:0]
4:OUTPUT ACCEPT [0:0]
5-A INPUT -m set --match-set cnip src -j ACCEPT
6-I INPUT -m set --match-set hongkong src -j DROP
7-I INPUT -p tcp --dport 80 --syn -m recent --name SYN_FLOOD --update --seconds 60 --hitcount 10 -j REJECT
8-I INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
9-A INPUT -j DROP
10COMMIT
11# Completed on Sun Mar 27 20:29:24 2022
1ipset save > /etc/ipset.cn.hk
2/sbin/ipset restore -f /etc/ipset.cn.hk
3systemctl restart iptables
1iptables -L -n --line-number
2iptables -vnL
3netstat -an | awk '/^tcp/ {++s[$NF]} END {for(a in s ) print a,s[a]}'
限制 syn 并发数为每秒 1 次
1iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
限制单个 IP 在 60 秒新建立的连接数为 10
1iptables -I INPUT -p tcp --dport 80 --syn -m recent --name SYN_FLOOD --update --seconds 60 --hitcount 10 -j REJECT
2023-02-15
- 2024-09-18
取消笔记本合盖后挂起
1vim /etc/systemd/logind.conf
修改
1# HandleLidSwitch=suspend
2HandleLidSwitch=ignore
3# HandlePowerKey=poweroff
4HandlePowerKey=ignore
修改屏幕保护
GDB Usage
2023-02-15
- 2024-09-18
连接远程调试
1target remote localhost:1234
查看内存
1x/<n/f/u> <addr>
2
3x /8xb 0xffff80000002fff0
4# 以16进制方式查看0xffff80000002fff0处8字节内容
n
从当前地址往后请求的字节数,如果不指定的话,GDB默认是4个bytes。
APT key deprecated
2023-02-15
- 2024-09-18
1curl -s URL | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/NAME.gpg --import
2sudo chmod 644 /etc/apt/trusted.gpg.d/NAME.gpg
google-chrome
1curl -s https://dl.google.com/linux/linux_signing_key.pub | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/google_linux_signing_key.gpg --import
2sudo chmod 644 /etc/apt/trusted.gpg.d/google_linux_signing_key.gpg
2023-02-15
- 2024-09-18
声音控制
1apt install alsa-tools
2amixer set 'Master' unmute
更换默认card
找到对应card序号
1cat /proc/asound/cards
创建此文件 /etc/asound.conf 添加以下内容
1# 1 应改为对应card序号
2defaults.pcm.card 1
3defaults.ctl.card 1
查看cardID或名字
1# 列出映射设备
2aplay -l
3# 查看card信息
4amixer -c Generic_1 scontrols
5amixer -c 1 scontrols
2023-02-15
- 2024-09-18
1# 使用UTC时间
2cp /usr/share/zoneinfo/UTC /etc/localtime
3# 使用GMT-8时间,即北京时间
4cp /usr/share/zoneinfo/Etc/GMT-8 /etc/localtime
5# 查看当前时间
6date "+%Y-%m-%d %H:%M:%S"
7TZ=UTC-8 date +%c%:::z
8# 同步时间到硬件
9hwclock -w
2023-02-14
- 2024-09-18
Debian
官方安装文档https://docs.docker.com/engine/install/debian/
Uninstall old versions
1apt-get remove docker docker-engine docker.io containerd runc
Set up the repository
1# Add Docker's official GPG key:
2apt-get update
3apt-get install ca-certificates curl
4install -m 0755 -d /etc/apt/keyrings
5curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
6chmod a+r /etc/apt/keyrings/docker.asc
7
8# Add the repository to Apt sources:
9echo \
10 "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
11 $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
12 tee /etc/apt/sources.list.d/docker.list > /dev/null
13apt-get update
Install Docker Engine
1apt-get update
2apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Portainer管理多台服务器的docker
1vim /usr/lib/systemd/system/docker.service
2#找到ExecStart这行 在后面加上-H tcp://0.0.0.0:2375 其它方式一会docker就挂了 而且重启无效
3ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375
4systemctl daemon-reload
5systemctl restart docker
2023-02-12
- 2024-09-15
官方安装文档https://caddyserver.com/docs/install
Debian, Ubuntu, Raspbian
1apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
2curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
3curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
4apt update
5apt install caddy
Compile
1go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
2~/go/bin/xcaddy build --with github.com/mholt/caddy-webdav --with github.com/aksdb/caddy-cgi/v2
Module
cgi
cgi模块:CGI能够让浏览者与服务器进行交互
Note
2023-02-10
- 2024-09-18
foreach变量
错误代码
1for _, v := range histories {
2 InsertByHistory(&v)
3}
正确代码
1for _, v := range histories {
2 h := v
3 InsertByHistory(&h)
4}
笔记
如以上代码,传递指针时必须声明一个新变量存储v,否则会导致传递给函数的是histories最后一个元素的首地址