config

nginx anti-ddos

if ($cookie_antiflood !~* "что-нибудь") {
    rewrite ^(.*)$ /set_cookie$1 permanent;
    break ;
}
location ~ ^/set_cookie/ {
    add_header Set-Cookie "antiflood=что-нибудь; path=/";
    rewrite ^/set_cookie/(.*)$ /$1 permanent;
    break ;
}

http://habrahabr.ru/blogs/infosecurity/128526/#comment_4251423

параметры терминала huawey quidway s2300

Procedure
Step 1 Run the terminal emulation program on the PC, setting the communication parameters as
follows:
l Baud rate: 9600 bps
l Data bit: 8
l Stop bit: 1
l Parity: none
l Flow control: none
----End

apache: fix CVE-2011-3192

Добавить в /etc/apache2/conf.d/security:

Для Apache 2.2:

SetEnvIf Range (?:,.*?){5,5} bad-range=1
RequestHeader unset Range env=bad-range
RequestHeader unset Request-Range
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

Для Apache 2.x и 1.3:

RewriteEngine on
RewriteCond %{HTTP:range} !(bytes=[^,]+(,[^,]+){0,4}$|^$)
RewriteRule .* - [F]
RequestHeader unset Request-Range

включить модуль headers:
a2enmod headers

перезапустить.

Оптимизация tcp/ip для большого числа соединений

net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.core.rmem_max = 996777216
net.core.wmem_max = 996777216
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_mem= 786432 1048576 996777216
net.ipv4.tcp_wmem = 4096 87380 4194304
net.ipv4.tcp_max_orphans = 2255360
net.core.netdev_max_backlog = 10000
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 494967295

bridge on debian with shorewall

man bridge-utils-interfaces

bridge config
/etc/network/interfaces

iface br0 inet static
    bridge_ports eth1 tap0
    address 10.10.10.10
    netmask 255.0.0.0

routeback option for br0
/etc/shorewall/interfaces

#ZONE   INTERFACE       BROADCAST       OPTIONS
loc     br0            detect          routeback

Bash: поиск в истории набранной строки клавишами вверх/вниз

$ cat .inputrc
"\e[A": history-search-backward
"\e[B": history-search-forward

no immediate delivery: more than 10 messages received in one connection

smtp_accept_queue_per_connection = 100

в раздел main/02_exim4-config_options

limit php mail function on unix shared hosting with exim

acl_not_smtp = acl_check_not_smtp
untrusted_set_sender = *
 
 
begin acl
        acl_check_not_smtp:
            deny ratelimit = 200 / 1h / strict / $sender_address_domain
                !senders = :
            accept

команды dlink-3526

сменить ip на свитче
config ipif System ipaddress 10.98.98.37/24 state enable

прописать шлюз
create iproute default 10.98.98.1 1

создать vlan
create vlan vlanid 205
create vlan local_ngtu5 tag 205 (на новых прошивках)

законфигурить vlan
config vlan vlanid 205 name local_ngtu5 add tagged 25-26
config vlan vlanid 1 delete 1-24

radiusclient+multiple radius-servers

весь конфиг приводить смысла нет, приведу вырезку из radiusclient.conf

# RADIUS settings                                                                                                           
 
# RADIUS server to use for authentication requests. this config                                                             
# item can appear more then one time. if multiple servers are