* update php readme

* update qmicli service - always proxy or device gets confused * add firewalld notes
2022-03-24 04:06:30 +00:00 · 2022-03-24 04:06:30 +00:00 · 8e26bcbcd4
parent a7b3b2a3df
commit 8e26bcbcd4
3 changed files with 68 additions and 3 deletions
--- a/debian/bullseye/etc/php/README.md
+++ b/debian/bullseye/etc/php/README.md
@ -3,8 +3,9 @@
 Installing PHP on Debian is easy as...

 ```
-apt install php-fpm php-readline php-mbstring php-gd php-curl php-zip \
-php-mysql php-dom
+apt install apt install php-fpm php-readline php-mbstring php-gd \
+php-curl php-zip php-mysql php-dom php-json php-pdo php-fileinfo \
+php-bz2 php-intl php-gmp php-apcu php-pear php-cli php-imagick
 ```

 If you need a newer version, use the sury.org repos, take
--- a/debian/bullseye/etc/systemd/system/qmicli@.service
+++ b/debian/bullseye/etc/systemd/system/qmicli@.service
@ -9,12 +9,13 @@ After=sys-subsystem-net-devices-wwan%i.device
 Wants=sys-subsystem-net-devices-wwan%i.device

 [Service]
+Type=forking
 Restart=always
 RestartSec=120s
 TimeoutSec=240s

 # Qmicli default args.
-Environment=qmi="-d /dev/cdc-wdm%i"
+Environment=qmi="-p -d /dev/cdc-wdm%i"

 # Name of the network device (as shown by networkctl) for the above.
 Environment=dev_name="wwan%i"
--- a/debian/bullseye/notes/firewall-firewalld.md
+++ b/debian/bullseye/notes/firewall-firewalld.md
@ -0,0 +1,63 @@
+# Firewalld
+
+Install and setup firewalld.
+
+Cheat sheet [https://www.liquidweb.com/kb/an-introduction-to-firewalld/](https://www.liquidweb.com/kb/an-introduction-to-firewalld/)
+
+## Install
+
+The install is a simple apt install...
+
+```
+apt install firewalld
+```
+
+## Add firewall rules.
+
+!!! RELOAD AFTER ADDING YOUR RULES, USE `firewall-cmd --reload` !!!
+
+
+
+Allow ssh, http and https...
+
+```
+firewall-cmd --zone=public --permanent --add-service=ssh
+firewall-cmd --zone=public --permanent --add-service=http
+firewall-cmd --zone=public --permanent --add-service=https
+
+```
+
+Only allow a range of IPs...
+
+```
+firewall-cmd --zone=public --permanent --add-source=192.168.1.0/24
+firewall-cmd --zone=public --permanent --add-source=192.168.156.0/24
+```
+
+Sipgate...
+
+```
+
+firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.10.64.0/20" port protocol="udp" port="5060" accept'
+firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.116.112.0/20" port protocol="udp" port="5060" accept'
+firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="212.9.32.0/19" port protocol="udp" port="5060" accept'
+
+firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.10.64.0/20" port protocol="udp" port="24000-26000" accept'
+firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.116.112.0/20" port protocol="udp" port="24000-26000" accept'
+firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="212.9.32.0/19" port protocol="udp" port="24000-26000" accept'
+
+```
+
+## List rules
+
+To list all firewall rules.
+
+```
+firewall-cmd --list-all
+```
+
+## Status / State
+
+```
+firewall-cmd --state
+```