bluetooth applet fluxbox wheezy

blueman (backports)

start:
ck-launch-session blueman-applet > /dev/null 2>&1 &

fluxbox wheezy nm-applet themes

touch ~/.config/gtk-3.0/settings.ini

....
[Settings]
gtk-theme-name = Adwaita
gtk-fallback-icon-theme = gnome-brave
gtk-font-name=Sans 8
....

http light

python -m SimpleHTTPServer 8000

lighttpd

thttpd ;)

upgrade: squeeze -> wheezy nm-applet WARNING **: Failed to add/activate connection: (32) Not authorized to control networking

touch /etc/polkit-1/localauthority/50-local.d/org.freedesktop.NetworkManager.pkla


....

[nm-applet]
Identity=unix-group:netdev
Action=org.freedesktop.NetworkManager.*
ResultAny=yes
ResultInactive=no
ResultActive=yes
....

adduser <user> netdev

ponadto można sprawdzić dostęp:

/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf

....

:%s/deny /allow /g
....

firewall iptables

#!/bin/sh

ipt=/sbin/iptables

ip6t=/sbin/ip6tables

# czyszczonko

${ipt} -F

${ipt} -X

${ipt} -t nat -F

${ipt} -t nat -X

${ipt} -t mangle -F

${ipt} -t mangle -X

${ipt} -P INPUT ACCEPT

${ipt} -P OUTPUT ACCEPT

${ipt} -P FORWARD ACCEPT

${ip6t} -F

${ip6t} -X

#${ip6t} -t nat -F

#${ip6t} -t nat -X

${ip6t} -t mangle -F

${ip6t} -t mangle -X

${ip6t} -P INPUT ACCEPT

${ip6t} -P OUTPUT ACCEPT

${ip6t} -P FORWARD ACCEPT

# nowe dwie reguły

${ipt} -N TCP

${ipt} -N UDP

# polityka 

${ipt} -P FORWARD DROP

${ipt} -P OUTPUT ACCEPT

${ipt} -P INPUT DROP

# puszczam wszystkie nawiązane połączenia

${ipt} -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# dostęp dla lo

${ipt} -A INPUT -i lo -j ACCEPT

# drop invalid ;)

# Note: ICMPv6 Neighbor Discovery packets remain untracked, and will always be classified "INVALID" though they are not corrupted or thelike. 

# Keep this in mind, and accept them before this rule! ${ipt} -A INPUT -p 41 -j ACCEPT

#${ipt} -A INPUT -p 41 -j ACCEPT

${ipt} -A INPUT -m conntrack --ctstate INVALID -j DROP

# włączam odpowiedzi na pingi

${ipt} -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT

# ograniczam ilość ping req

${ipt} -I INPUT -p icmp --icmp-type 8 -m recent --set

${ipt} -I INPUT -p icmp --icmp-type 8 -m recent --update --seconds 10 --hitcount 5 -j DROP

# podłączenie nowych regół

${ipt} -A INPUT -p udp -m conntrack --ctstate NEW -j UDP

${ipt} -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP

# cała reszta 'OUT!'

${ipt} -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable

${ipt} -A INPUT -p tcp -j REJECT --reject-with tcp-rst

${ipt} -A INPUT -j REJECT --reject-with icmp-proto-unreachable

# www

${ipt} -A TCP -p tcp -m tcp --dport 80 -j ACCEPT

echo allow www 80

${ipt} -A UDP -p udp -m udp -s 172.17.0.0/24 --dport 137 -j ACCEPT

${ipt} -A UDP -p udp -m udp -s 172.17.0.0/24 --dport 138 -j ACCEPT

${ipt} -A TCP -p tcp -m tcp -s 172.17.0.0/24 --dport 139 -j ACCEPT

${ipt} -A TCP -p tcp -m tcp -s 172.17.0.0/24 --dport 445 -j ACCEPT

echo allow samba in localnet 137,138,139,445

# ftp from localnet allow

${ipt} -A TCP -s 172.17.0.0/24 -p tcp --dport 21 -j ACCEPT

${ipt} -A TCP -s 172.17.0.0/24 -p tcp -m tcp --dport 50000:50100 -j ACCEPT

echo allow ftp from localnet

echo allow ftp passive 50000:50100