synched personal configruation

author: Andreas Baumann <mail@andreasbaumann.cc> 2019-04-15 21:15:54 +0200
committer: Andreas Baumann <mail@andreasbaumann.cc> 2019-04-15 21:15:54 +0200
commit: 23327cfb576d431e62c875b61592766727cf879b (patch)
tree: 3c2e6f99628c97ef79e088d16ec2d47314d1aadf
parent: 9270711ada668e3ae9fde603bce9099c9bbee844 (diff)
download: OpenBSD-firewall-23327cfb576d431e62c875b61592766727cf879b.tar.gz
OpenBSD-firewall-23327cfb576d431e62c875b61592766727cf879b.tar.bz2
11 files changed, 136 insertions, 15 deletions
diff --git a/config/obr/badhosts b/config/obr/badhosts
index 892076b..0dac83a 100644
--- a/config/obr/badhosts
+++ b/config/obr/badhosts
@@ -674,3 +674,9 @@
 # bad visits (hammering my web page or mail server or both)
 94.102.56.215
 123.157.156.166
+141.98.81.189
+91.212.150.81
+93.157.63.8
+93.157.63.7
+93.157.63.6
+185.234.219.86
diff --git a/config/obr/dhcpd.conf b/config/obr/dhcpd.conf
index 48275ab..577ec5c 100644
--- a/config/obr/dhcpd.conf
+++ b/config/obr/dhcpd.conf
@@ -144,5 +144,27 @@ shared-network LAN {
       filename "pxelinux.0";
     }
 
+    host eurobuild8 {
+      hardware ethernet 00:c0:f0:25:10:5b;
+      fixed-address 192.168.1.29;
+      filename "pxelinux.0";
+    }
+
+    host euromox {
+      hardware ethernet 00:17:f2:c6:45:b3;
+      fixed-address 192.168.1.30;
+    }
+
+    host eurox {
+      hardware ethernet 00:1d:72:88:ac:09;
+      fixed-address 192.168.1.31;
+    }
+
+    host eurobuild9 {
+      hardware ethernet b8:27:eb:44:4b:07;
+      fixed-address 192.168.1.32;
+    }
+
+
   }
 }
diff --git a/config/obr/nsd-external/etc/nsd.conf b/config/obr/nsd-external/etc/nsd.conf
index 0529af7..ee10c58 100644
--- a/config/obr/nsd-external/etc/nsd.conf
+++ b/config/obr/nsd-external/etc/nsd.conf
@@ -24,27 +24,95 @@ remote-control:
 zone:
 	name: "andreasbaumann.cc"
 	zonefile: "andreasbaumann.cc"
+	# old ones
 	provide-xfr: 173.244.206.25 NOKEY
 	provide-xfr: 173.244.206.26 NOKEY
 	provide-xfr: 88.198.106.11 NOKEY
+	# new ones
+	provide-xfr: 108.61.224.67 NOKEY
+	provide-xfr: 116.203.6.3 NOKEY
+	provide-xfr: 107.191.99.111 NOKEY
+	provide-xfr: 185.22.172.112 NOKEY
+	provide-xfr: 103.6.87.125 NOKEY
+	provide-xfr: 192.184.93.99 NOKEY
+	provide-xfr: 119.252.20.56 NOKEY
+	provide-xfr: 107.181.178.180 NOKEY
+	provide-xfr: 185.34.136.178 NOKEY
+	provide-xfr: 185.136.176.247 NOKEY
+	provide-xfr: 45.77.29.133 NOKEY
+	provide-xfr: 116.203.0.64 NOKEY
+	provide-xfr: 167.88.161.228 NOKEY
+	provide-xfr: 199.195.249.208 NOKEY
+	provide-xfr: 104.244.78.122 NOKEY
 
 zone:
 	name: "maschezuoz.ch"
 	zonefile: "maschezuoz.ch"
+	# old ones
 	provide-xfr: 173.244.206.25 NOKEY
 	provide-xfr: 173.244.206.26 NOKEY
 	provide-xfr: 88.198.106.11 NOKEY
+	# new ones
+	provide-xfr: 108.61.224.67 NOKEY
+	provide-xfr: 116.203.6.3 NOKEY
+	provide-xfr: 107.191.99.111 NOKEY
+	provide-xfr: 185.22.172.112 NOKEY
+	provide-xfr: 103.6.87.125 NOKEY
+	provide-xfr: 192.184.93.99 NOKEY
+	provide-xfr: 119.252.20.56 NOKEY
+	provide-xfr: 107.181.178.180 NOKEY
+	provide-xfr: 185.34.136.178 NOKEY
+	provide-xfr: 185.136.176.247 NOKEY
+	provide-xfr: 45.77.29.133 NOKEY
+	provide-xfr: 116.203.0.64 NOKEY
+	provide-xfr: 167.88.161.228 NOKEY
+	provide-xfr: 199.195.249.208 NOKEY
+	provide-xfr: 104.244.78.122 NOKEY
 
 zone:
 	name: "pgfuse.org"
 	zonefile: "pgfuse.org"
+	# old ones
 	provide-xfr: 173.244.206.25 NOKEY
 	provide-xfr: 173.244.206.26 NOKEY
 	provide-xfr: 88.198.106.11 NOKEY
+	# new ones
+	provide-xfr: 108.61.224.67 NOKEY
+	provide-xfr: 116.203.6.3 NOKEY
+	provide-xfr: 107.191.99.111 NOKEY
+	provide-xfr: 185.22.172.112 NOKEY
+	provide-xfr: 103.6.87.125 NOKEY
+	provide-xfr: 192.184.93.99 NOKEY
+	provide-xfr: 119.252.20.56 NOKEY
+	provide-xfr: 107.181.178.180 NOKEY
+	provide-xfr: 185.34.136.178 NOKEY
+	provide-xfr: 185.136.176.247 NOKEY
+	provide-xfr: 45.77.29.133 NOKEY
+	provide-xfr: 116.203.0.64 NOKEY
+	provide-xfr: 167.88.161.228 NOKEY
+	provide-xfr: 199.195.249.208 NOKEY
+	provide-xfr: 104.244.78.122 NOKEY
 
 zone:
 	name: "openbsd-firewall.org"
 	zonefile: "openbsd-firewall.org"
+	# old ones
 	provide-xfr: 173.244.206.25 NOKEY
 	provide-xfr: 173.244.206.26 NOKEY
 	provide-xfr: 88.198.106.11 NOKEY
+	# new ones
+	provide-xfr: 108.61.224.67 NOKEY
+	provide-xfr: 116.203.6.3 NOKEY
+	provide-xfr: 107.191.99.111 NOKEY
+	provide-xfr: 185.22.172.112 NOKEY
+	provide-xfr: 103.6.87.125 NOKEY
+	provide-xfr: 192.184.93.99 NOKEY
+	provide-xfr: 119.252.20.56 NOKEY
+	provide-xfr: 107.181.178.180 NOKEY
+	provide-xfr: 185.34.136.178 NOKEY
+	provide-xfr: 185.136.176.247 NOKEY
+	provide-xfr: 45.77.29.133 NOKEY
+	provide-xfr: 116.203.0.64 NOKEY
+	provide-xfr: 167.88.161.228 NOKEY
+	provide-xfr: 199.195.249.208 NOKEY
+	provide-xfr: 104.244.78.122 NOKEY
diff --git a/config/obr/nsd-external/zones/andreasbaumann.cc b/config/obr/nsd-external/zones/andreasbaumann.cc
index e5d3622..642fdd7 100644
--- a/config/obr/nsd-external/zones/andreasbaumann.cc
+++ b/config/obr/nsd-external/zones/andreasbaumann.cc
@@ -3,22 +3,26 @@
 $TTL 60
 
 @		IN	SOA	ns.andreasbaumann.cc. admin.andreasbaumann.cc. (
-				2018102800	; serial
+				2019041501	; serial
 				3h		; refresh
 				15m		; retry
 				2w		; expire
 				60		; minimum TTL
 			)
 
-		IN	NS		d.ns.buddyns.com.
-		IN	NS		e.ns.buddyns.com.
-		IN	NS		h.ns.buddyns.com.
+		IN	NS		uz588h0rhwuu3cc03gm9uckw0w42cqr459wn1nxrbzhym2wd81zydb.pro.ns.buddyns.com.
+		IN	NS		uz5dkwpjfvfwb9rh1qj93mtup0gw65s6j7vqqumch0r9gzlu8qxx39.pro.ns.buddyns.com.
+		IN	NS		uz5x36jqv06q5yulzwcblfzcrk1b479xdttdm1nrgfglzs57bmctl8.pro.ns.buddyns.com.
 		IN	MX	10	smtp.andreasbaumann.cc.
+andreasbaumann.cc.	IN	A	83.150.2.48
 		IN	TXT		"v=spf1 mx ip4:83.150.2.48/24 ~all"
+mail._domainkey	IN	TXT		( "v=DKIM1; k=rsa; s=email; "
+					"p=MIIBHTANBgkqhkiG9w0BAQEFAAOCAQoAMIIBBQKB/QMA0ISSnOsDXLhKLdTRyMBvEaOWBAoxvPhL/ADfWdUzYbwZ6ueKKqaE4EdCa0TDdO53Qf93uAeLuFhLaCoZvVOF4TnclwmkYTEYVe/GS0u2rwZfmB+VuHG3ZMxvLRJbmaHM2b7oU5sNFF2uTjFPXFytgKGZ1Srp7yUsUvfnbgwF/1gB02tTqOnfxroDA10jsUo49fBsJ5G0OlXFYc"
+					"Z4vIq/yHM8/az5peVoaaFA1A+RVMLvy+o1XbhMBsM7nOnDPcQxPyxBcDmedgbni6F3I8Vl2hYDvcjza5eJ8fJVxjLBVWMYAhRowWzl0TU9nyeHBbncCYW9QiNBicHQy88CAwEAAQ==" )
+_dmarc		IN	TXT		"v=DMARC1; p=none; adkim=s; aspf=r; fo=1; rua=mailto:postmaster@andreasbaumann.cc; ruf=mailto:postmaster@andreasbaumann.cc"
 
-$ORIGIN andreasbaumann.cc.
 
-		IN	A		83.150.2.48
+$ORIGIN andreasbaumann.cc.
 
 ns		IN	A		83.150.2.48
 smtp		IN	A		83.150.2.48
@@ -34,6 +38,7 @@ git		IN	A		83.150.2.48
 devel		IN	A		83.150.2.48
 mon		IN	A		83.150.2.48
 archlinux32	IN	A		83.150.2.48
+eurocloud	IN	A		5.102.146.92
 
 ; this is hosted at GoDaddy
 backup		IN	A		192.186.235.194
diff --git a/config/obr/nsd-external/zones/maschezuoz.ch b/config/obr/nsd-external/zones/maschezuoz.ch
index 169ca52..e3314e5 100644
--- a/config/obr/nsd-external/zones/maschezuoz.ch
+++ b/config/obr/nsd-external/zones/maschezuoz.ch
@@ -3,7 +3,7 @@
 $TTL 60
 
 @		IN	SOA	ns.maschezuoz.ch. admin.maschezuoz.ch. (
-				2017050500	; serial
+				2019032601	; serial
 				3h		; refresh
 				15m		; retry
 				2w		; expire
@@ -14,13 +14,15 @@ $TTL 60
 	IN	NS		f.ns.buddyns.com.
 	IN	NS		h.ns.buddyns.com.
 	IN	MX	10	smtp.maschezuoz.ch.
+maschezuoz.ch.	IN      A	83.150.2.48
 	IN	TXT		"v=spf1 mx ip4:83.150.2.48/24 ~all"
-
+mail._domainkey IN      TXT     ( "v=DKIM1; k=rsa; s=email; "
+          "p=MIIBHTANBgkqhkiG9w0BAQEFAAOCAQoAMIIBBQKB/QL7dTJ8ID7j7EJapWXb1pPJNYIJVi7ZjGYUBvHt7Z3gZiYYMZzNld1lcyzlxVSWYsxdXgeDLc/o9Evfn7nXilneiT+c7gvipAVE9bMXmFMPkUuCbOXCRwAevRXZ13UFRcT7UQGnfdZA9kjiQjqKHCcmbMl+5MgYyVTX1xUMaKQwxGTbGhevwgm0YBBa7pWXPGaV0+4v0uCxjDaEAV"
+          "q4zSuRrK/AqNoL/NweuWgCPkYVj5lyYB/Gi2tOM7Gkc1CHCNqFc7rWBr3g8uiYkuijPMfj+R4yXVy655YPwNAxOpoggW9D30NC4Mj2gm+LXpkL5K7OTVcMhAevwx84QJMCAwEAAQ==" )
+_dmarc  IN	TXT		"v=DMARC1; p=none; adkim=s; aspf=r; fo=1; rua=mailto:postmaster@maschezuoz.ch; ruf=mailto:postmaster@maschezuoz.ch"
 
 $ORIGIN maschezuoz.ch.
 
-	IN	A		83.150.2.48
-
 ns	IN	A		83.150.2.48
 
 www	IN	A		83.150.2.48
diff --git a/config/obr/nsd-internal/zones/1.168.192.in-addr b/config/obr/nsd-internal/zones/1.168.192.in-addr
index 4db557e..572eacc 100644
--- a/config/obr/nsd-internal/zones/1.168.192.in-addr
+++ b/config/obr/nsd-internal/zones/1.168.192.in-addr
@@ -5,7 +5,7 @@ $ORIGIN .
 $TTL 60
 
 1.168.192.in-addr.arpa	IN SOA	obr.lan. root.obr.lan. (
-				2018102800	; serial
+				2019020400	; serial
 				3h		; refresh
 				15m		; retry
 				2w		; expire
@@ -38,4 +38,9 @@ $ORIGIN 1.168.192.in-addr.arpa.
 23		IN	PTR	eurobuild7.lan.
 24		IN	PTR	eurotv.lan.
 25		IN	PTR	euroalix.lan.
+26		IN	PTR	eurounisys.lan.
+29		IN	PTR	eurobuild8.lan.
+30		IN	PTR	euromox.lan.
+31		IN	PTR	eurox.lan.
+32		IN	PTR	eurobuild9.lan.
 254		IN	PTR	wrt1.lan.
diff --git a/config/obr/nsd-internal/zones/andreasbaumann.cc b/config/obr/nsd-internal/zones/andreasbaumann.cc
index 59ff31b..e578b77 100644
--- a/config/obr/nsd-internal/zones/andreasbaumann.cc
+++ b/config/obr/nsd-internal/zones/andreasbaumann.cc
@@ -3,7 +3,7 @@
 $TTL 60
 
 @		IN	SOA	ns.andreasbaumann.cc. root.andreasbaumann.cc. (
-				2018102800	; serial
+				2018111700	; serial
 				3h		; refresh
 				15m		; retry
 				2w		; expire
@@ -31,6 +31,8 @@ git			A	192.168.1.15
 devel			A	192.168.1.12
 mon			A	192.168.1.16
 archlinux32		A	192.168.1.15
+;archlinux32		A	192.168.1.22
+eurocloud		A	5.102.146.92
 
 ; hosted at godaddy
 backup			A	192.186.235.194 
diff --git a/config/obr/nsd-internal/zones/lan b/config/obr/nsd-internal/zones/lan
index a61d642..59a8098 100644
--- a/config/obr/nsd-internal/zones/lan
+++ b/config/obr/nsd-internal/zones/lan
@@ -5,7 +5,7 @@ $ORIGIN .
 $TTL 60
 
 lan	IN		SOA	obr.lan. root.obr.lan. (
-				2018102800	; serial
+				2019020400	; serial
 				3h		; refresh
 				15m		; retry
 				2w		; expire
@@ -38,5 +38,10 @@ euroweb2		A		192.168.1.22
 eurobuild7		A		192.168.1.23
 eurotv			A		192.168.1.24
 euroalix		A		192.168.1.25
+eurounisys		A		192.168.1.26
+eurobuild8		A		192.168.1.29
+euromox			A		192.168.1.30
+eurox			A		192.168.1.31
+eurobuild9		A		192.168.1.32
 wrt1			A		192.168.1.254
 iway-gateway		A		83.150.2.1
diff --git a/config/obr/pf.conf b/config/obr/pf.conf
index 5e9e414..39246ae 100644
--- a/config/obr/pf.conf
+++ b/config/obr/pf.conf
@@ -83,7 +83,7 @@ block in quick on $ext_if from <badhosts> to any
 # allow to jump via the firewall, protect against brute force attacks
 block quick from <bruteforce>
 pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state \
-	(max-src-conn 5, max-src-conn-rate 10/60, overload <bruteforce> \
+	(max-src-conn 5, max-src-conn-rate 10/20, overload <bruteforce> \
 	flush global)
 
 # allow everything on the bridge
diff --git a/config/obr/relayd.conf b/config/obr/relayd.conf
index f77e221..7268354 100644
--- a/config/obr/relayd.conf
+++ b/config/obr/relayd.conf
@@ -47,6 +47,12 @@ http protocol "http_protocol" {
 		forward to <euroserver> no tag
 	match request quick header "Host" value "imap.andreasbaumann.cc" \
 		forward to <euroweb> no tag
+	match request quick header "Host" value "imap.maschezuoz.ch" \
+		forward to <euroweb> no tag
+	match request quick header "Host" value "smtp.andreasbaumann.cc" \
+		forward to <euroweb> no tag
+	match request quick header "Host" value "smtp.maschezuoz.ch" \
+		forward to <euroweb> no tag
 	match request quick header "Host" value "archlinux32.andreasbaumann.cc" \
 		forward to <euroweb> no tag
 	match request quick header "Host" value "www.pgfuse.org" \
diff --git a/config/obr/unbound/etc/unbound.conf b/config/obr/unbound/etc/unbound.conf
index 37ecd7a..f8541eb 100644
--- a/config/obr/unbound/etc/unbound.conf
+++ b/config/obr/unbound/etc/unbound.conf
@@ -25,7 +25,7 @@ server:
 	local-zone: "lan." nodefault
 	local-zone: "168.192.in-addr.arpa." nodefault
 
- 	verbosity: 2
+ 	verbosity: 0
 
 	root-hints: "/etc/root.hints"
author	Andreas Baumann <mail@andreasbaumann.cc>	2019-04-15 21:15:54 +0200
committer	Andreas Baumann <mail@andreasbaumann.cc>	2019-04-15 21:15:54 +0200
commit	23327cfb576d431e62c875b61592766727cf879b (patch)
tree	3c2e6f99628c97ef79e088d16ec2d47314d1aadf
parent	9270711ada668e3ae9fde603bce9099c9bbee844 (diff)
download	OpenBSD-firewall-23327cfb576d431e62c875b61592766727cf879b.tar.gz OpenBSD-firewall-23327cfb576d431e62c875b61592766727cf879b.tar.bz2