* update php readme
* update qmicli service - always proxy or device gets confused * add firewalld notes
This commit is contained in:
parent
a7b3b2a3df
commit
8e26bcbcd4
|
@ -3,8 +3,9 @@
|
|||
Installing PHP on Debian is easy as...
|
||||
|
||||
```
|
||||
apt install php-fpm php-readline php-mbstring php-gd php-curl php-zip \
|
||||
php-mysql php-dom
|
||||
apt install apt install php-fpm php-readline php-mbstring php-gd \
|
||||
php-curl php-zip php-mysql php-dom php-json php-pdo php-fileinfo \
|
||||
php-bz2 php-intl php-gmp php-apcu php-pear php-cli php-imagick
|
||||
```
|
||||
|
||||
If you need a newer version, use the sury.org repos, take
|
||||
|
|
|
@ -9,12 +9,13 @@ After=sys-subsystem-net-devices-wwan%i.device
|
|||
Wants=sys-subsystem-net-devices-wwan%i.device
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
Restart=always
|
||||
RestartSec=120s
|
||||
TimeoutSec=240s
|
||||
|
||||
# Qmicli default args.
|
||||
Environment=qmi="-d /dev/cdc-wdm%i"
|
||||
Environment=qmi="-p -d /dev/cdc-wdm%i"
|
||||
|
||||
# Name of the network device (as shown by networkctl) for the above.
|
||||
Environment=dev_name="wwan%i"
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
# Firewalld
|
||||
|
||||
Install and setup firewalld.
|
||||
|
||||
Cheat sheet [https://www.liquidweb.com/kb/an-introduction-to-firewalld/](https://www.liquidweb.com/kb/an-introduction-to-firewalld/)
|
||||
|
||||
## Install
|
||||
|
||||
The install is a simple apt install...
|
||||
|
||||
```
|
||||
apt install firewalld
|
||||
```
|
||||
|
||||
## Add firewall rules.
|
||||
|
||||
!!! RELOAD AFTER ADDING YOUR RULES, USE `firewall-cmd --reload` !!!
|
||||
|
||||
|
||||
|
||||
Allow ssh, http and https...
|
||||
|
||||
```
|
||||
firewall-cmd --zone=public --permanent --add-service=ssh
|
||||
firewall-cmd --zone=public --permanent --add-service=http
|
||||
firewall-cmd --zone=public --permanent --add-service=https
|
||||
|
||||
```
|
||||
|
||||
Only allow a range of IPs...
|
||||
|
||||
```
|
||||
firewall-cmd --zone=public --permanent --add-source=192.168.1.0/24
|
||||
firewall-cmd --zone=public --permanent --add-source=192.168.156.0/24
|
||||
```
|
||||
|
||||
Sipgate...
|
||||
|
||||
```
|
||||
|
||||
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.10.64.0/20" port protocol="udp" port="5060" accept'
|
||||
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.116.112.0/20" port protocol="udp" port="5060" accept'
|
||||
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="212.9.32.0/19" port protocol="udp" port="5060" accept'
|
||||
|
||||
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.10.64.0/20" port protocol="udp" port="24000-26000" accept'
|
||||
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.116.112.0/20" port protocol="udp" port="24000-26000" accept'
|
||||
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="212.9.32.0/19" port protocol="udp" port="24000-26000" accept'
|
||||
|
||||
```
|
||||
|
||||
## List rules
|
||||
|
||||
To list all firewall rules.
|
||||
|
||||
```
|
||||
firewall-cmd --list-all
|
||||
```
|
||||
|
||||
## Status / State
|
||||
|
||||
```
|
||||
firewall-cmd --state
|
||||
```
|
Loading…
Reference in New Issue