some updates

Author: ddpbsd

_sources/misc/mynet/switches.rst.txt

@@ -61,7 +61,7 @@ Old juniper 48 port switch.
 +-------------+-----------+-------------+----------+
 | ge-0/0/26   |           |             |          |
 +-------------+-----------+-------------+----------+
-| ge-0/0/27   |           |             |          |
+| ge-0/0/27   | pine64so  | blue        |          |
 +-------------+-----------+-------------+----------+
 | ge-0/0/28   |           |             |          |
 +-------------+-----------+-------------+----------+

_sources/operating_systems/linux/disks.rst.txt

@@ -0,0 +1,9 @@
+=====
+disks
+=====
+
+identify a disk by uuid
+^^^^^^^^^^^^^^^^^^^^^^^
+
+There are symlinks from `/dev/disk/by-uuid` to the disk itself to help identify them.
+

_sources/operating_systems/linux/firewalls/firewalld.rst.txt

@@ -0,0 +1,73 @@
+=========
+firewalld
+=========
+
+List active ports
+^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   firewall-cmd --list-ports
+
+Get active zones
+^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   firewall-cmd --get-active-zones
+
+Open a port
+^^^^^^^^^^^
+
+.. code-block:: console
+
+   firewall-cmd --permanent --zone=public --add-port=80/tcp
+
+Close a port
+^^^^^^^^^^^^
+
+.. code-block:: console
+
+   firewall-cmd --remove-port=
+
+Enable the change
+^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   firewall-cmd --reload
+
+Make sure the change is in effect
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   firewall-cmd --zone=public --query-port=80/tcp
+
+Reject connections to a port
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   # Simply reject all traffic to 443
+   firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" port protocol="tcp" port="443" reject'
+
+   # add a src ip into the mix
+   firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.0.0.2" port protocol="tcp" port="443" reject'
+
+Forward traffic from a specific address to another port
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   firewall-cmd --permanent --add-forward-port=514:proto=udp:toport=8000:toaddr=10.10.10.11
+   firewall-cmd --add-masquerade ## I guess this is necessary?
+   firewall-cmd --reload
+
+remove a traffic forwarding rule
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   firewall-cmd --permanent --remove-forward-port=514:proto=udp:toport=8000:toaddr=10.10.10.11
+

_sources/operating_systems/linux/firewalls/index.rst.txt

@@ -8,9 +8,9 @@ Contents:
 .. toctree::
    :maxdepth: 2
 
-   firewalld/index
-   iptables/index
-   nft/index
-   ufw/index
+   firewalld
+   iptables
+   nft
+   ufw
 
 

_sources/operating_systems/linux/firewalls/iptables.rst.txt

@@ -0,0 +1,26 @@
+========
+iptables
+========
+
+Save the current iptables ruleset
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. note::
+
+   I've done this on an appliancized Debian 8.4.
+   No clue where else it may work.
+
+This saves the currently running ruleset to a file that can then be modified,
+and loaded as below.
+
+.. code-block:: console
+
+   iptables-save > FILE
+
+Load a ruleset
+^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   iptables-restore FILE
+

_sources/operating_systems/linux/firewalls/nft.rst.txt

@@ -0,0 +1,68 @@
+===
+nft
+===
+
+oh god it gets worse
+
+In `nft` there are tables, chains, and rules (and probably other stuff, fml).
+Each piece can be operated on.
+
+list all rules
+^^^^^^^^^^^^^^
+
+I think this lists everything.
+
+.. code-block:: console
+
+   nft list ruleset
+
+list rules in a table
+^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   nft list table firewalld
+
+Unless there is an address family.
+There can be a `firewalld` table for each address family.
+Address families include (but are not limited to) ip (ipv4), ip6 (ipv6), inet (ipv4 and ipv6), etc.
+
+.. code-block:: console
+
+   nft list table inet firewalld
+
+list rules in a chain
+^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   nft --handle list chain inet firewalld filter_FWDO_FedoraServer
+
+deleting rules
+^^^^^^^^^^^^^^
+
+Deleting rules requires a handle as well as the table, chain, and possibly address family.
+The handle is a number for the rule, starting from 0.
+This seems to start from the beginning of the ruleset (I think).
+Don't count though, there's a command to get the handles.
+I think the `--handle` should just be default.
+
+Get the handle:
+
+.. code-block:: console
+
+   nft --handle list table inet firewalld
+
+Delete the rule:
+
+.. code-block:: console
+
+   nft delete rule inet firewalld filter_IN_FedoraServer_allow handle 65
+
+Links
+^^^^^
+
+Of course the `Arch Wiki <https://wiki.archlinux.org/index.php/nftables>`_ has useful information on `nft`.
+
+The nft wiki `Simple Rule Management <https://wiki.nftables.org/wiki-nftables/index.php/Simple_rule_management>`_ page is anything but simple.
+

_sources/operating_systems/linux/firewalls/ufw.rst.txt

@@ -0,0 +1,35 @@
+===
+ufw
+===
+
+So I know where to find this info later when I have to look it up.
+Again.
+
+
+Basic stuff:
+^^^^^^^^^^^^
+
+From the man page.
+
+.. code-block:: console
+
+   ufw allow in on eth0 from 192.168.0.0/16
+   ufw allow out on eth1 to 10.0.0.0/8
+   ufw route allow in on eth0 out on eth1 to 10.0.0.0/8 from 192.168.0.0/16
+   ufw limit 2222/tcp comment 'SSH port'
+
+Note form the man page:
+^^^^^^^^^^^^^^^^^^^^^^^
+.. code-block:: console
+
+   ufw allow 8080/tcp
+   ufw allow proto tcp from 192.168.17.11 to 192.168.17.8 port 8080
+
+
+On ubuntu 14.04 rules are saved in:
+
+.. code-block:: console
+
+   /etc/ufw	# system rules
+   /lib/ufw	# user rules
+

_sources/operating_systems/linux/systemd/systemctl.rst.txt

@@ -2,6 +2,16 @@
 systemctl
 =========
 
+show enabled but not running services
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+`failed` is probably the state I'm really curious about.
+
+```
+systemctl list-units -all --state=inactive
+systemctl list-units -all --state=failed
+```
+
 systemctl enable SOMETHING.something: "Failed to execute operation: No such file or directory"
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

_sources/ssl/ca_certs.rst.txt

@@ -35,3 +35,12 @@ tab delimited
 5. filename or unknown
 6. Certificate distinguished name
 
+update the db
+^^^^^^^^^^^^^
+
+This will expire certs and stuff.
+
+.. code-bock:: console
+
+   openssl ca -updatedb -config ./intermediateCA-openssl.cnf
+

_sources/tools/git/git.rst.txt

@@ -0,0 +1,11 @@
+===
+git
+===
+
+see all of the changes to a single file
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+```
+git log --follow --patch -- FILENAME
+```
+