diff options
| author | John Ogness <john.ogness@linutronix.de> | 2018-04-19 16:37:00 +0200 |
|---|---|---|
| committer | John Ogness <john.ogness@linutronix.de> | 2018-04-19 16:37:00 +0200 |
| commit | 5d4433a719284d1b3231a85dd510054c12a43014 (patch) | |
| tree | c613d59411961e11ece2b57096fd1a9af9346b17 | |
| parent | 14868ed29a87bbce4198894e530895e318da9fea (diff) | |
add generic support for print version
All presentations can be built in print form if the file
.lxformat_print
exists in the main directory. If this file does not exist, the
regular beamer format will be generated.
IMPORTANT: The print version of the files are named the same as
the beamer version!
Signed-off-by: John Ogness <john.ogness@linutronix.de>
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | configbeamer.tex | 51 | ||||
| -rw-r--r-- | configpres.tex | 69 | ||||
| -rw-r--r-- | configprint.tex | 1 | ||||
| -rw-r--r-- | security/firewall_ex/Makefile | 1 | ||||
| -rw-r--r-- | security/firewall_ex/frm_ex_firewall.tex | 310 | ||||
| -rw-r--r-- | security/firewall_ex/pres_ex_firewall.tex | 313 | ||||
| -rw-r--r-- | security/firewall_ex/print_ex_firewall.tex | 3 | ||||
| -rw-r--r-- | tailbeamer.tex | 18 | ||||
| -rw-r--r-- | tailpres.tex | 23 |
10 files changed, 409 insertions, 381 deletions
@@ -24,3 +24,4 @@ kconfig-frontends/ .config.old log.txt build +.lxformat_* diff --git a/configbeamer.tex b/configbeamer.tex new file mode 100644 index 0000000..cced101 --- /dev/null +++ b/configbeamer.tex @@ -0,0 +1,51 @@ +%!TEX TS-program = xelatex +%!TEX encoding = UTF-8 Unicode + +\documentclass{beamer} + +\usepackage{polyglossia} +\usepackage{amsmath,amssymb} +\usepackage{listings,color} +\usepackage{graphicx} +\usepackage{xltxtra,fontspec,xunicode} +\usepackage{fancyvrb} +\usepackage{lxextras} + +\defaultfontfeatures{Scale=MatchLowercase} +\setromanfont{TheMixB W5 Plain} +\setsansfont{TheMixB W7 Bold} +\setmonofont[Scale=0.7]{Source Code Pro} +\linespread{0.5} + +\mode<presentation>{\usetheme{linutronix}} + +\institute{Linutronix GmbH} +\definecolor{lbcolor}{RGB}{255,210,150} +%\lstset{ +%language=C++, +%numbers=left, +%stepnumber=1, +%numbersep=5pt, +%breaklines=true, +%breakautoindent=true, +%postbreak=\space, +%tabsize=2, +%basicstyle=\ttfamily\small, +%showspaces=false, +%showstringspaces=false, +%extendedchars=true, +%backgroundcolor=\color{lbcolor}, +%keywordstyle=\bf , +%commentstyle=\color{blue}, +%stringstyle=\color{red} +%} + +\begin{document} + +\setbeamertemplate{footline}[text line]{\parbox{\linewidth}{ +\copyright{} \the\year\ by \insertinstitute \hfill +\insertshortauthor \hfill +\insertpagenumber} +} + +\input{section} diff --git a/configpres.tex b/configpres.tex index cced101..a943033 100644 --- a/configpres.tex +++ b/configpres.tex @@ -1,51 +1,22 @@ -%!TEX TS-program = xelatex -%!TEX encoding = UTF-8 Unicode - -\documentclass{beamer} - -\usepackage{polyglossia} -\usepackage{amsmath,amssymb} -\usepackage{listings,color} -\usepackage{graphicx} -\usepackage{xltxtra,fontspec,xunicode} -\usepackage{fancyvrb} -\usepackage{lxextras} - -\defaultfontfeatures{Scale=MatchLowercase} -\setromanfont{TheMixB W5 Plain} -\setsansfont{TheMixB W7 Bold} -\setmonofont[Scale=0.7]{Source Code Pro} -\linespread{0.5} - -\mode<presentation>{\usetheme{linutronix}} - -\institute{Linutronix GmbH} -\definecolor{lbcolor}{RGB}{255,210,150} -%\lstset{ -%language=C++, -%numbers=left, -%stepnumber=1, -%numbersep=5pt, -%breaklines=true, -%breakautoindent=true, -%postbreak=\space, -%tabsize=2, -%basicstyle=\ttfamily\small, -%showspaces=false, -%showstringspaces=false, -%extendedchars=true, -%backgroundcolor=\color{lbcolor}, -%keywordstyle=\bf , -%commentstyle=\color{blue}, -%stringstyle=\color{red} -%} - -\begin{document} - -\setbeamertemplate{footline}[text line]{\parbox{\linewidth}{ -\copyright{} \the\year\ by \insertinstitute \hfill -\insertshortauthor \hfill -\insertpagenumber} +\IfFileExists{.lxformat_print} +{ +\input{configprint} +}{ +\input{configbeamer} } -\input{section} +% Alternate Implementation +% +%\newif\ifformatbeamer +% +%\IfFileExists{lxformat.tex}{ +%\input{lxformat.tex} +%}{ +%\formatbeamertrue +%} +% +%\ifformatbeamer +%\input{configbeamer} +%\else +%\input{configprint} +%\fi diff --git a/configprint.tex b/configprint.tex index 1fc56f7..ba98403 100644 --- a/configprint.tex +++ b/configprint.tex @@ -8,6 +8,7 @@ \usepackage{listings,color} \usepackage{graphicx} \usepackage{xltxtra,fontspec,xunicode} +\usepackage{fancyvrb} \usepackage{lxextras} \usepackage{pgfpages} diff --git a/security/firewall_ex/Makefile b/security/firewall_ex/Makefile index 8a30938..d834f36 100644 --- a/security/firewall_ex/Makefile +++ b/security/firewall_ex/Makefile @@ -1,2 +1 @@ obj-$(CONFIG_SECURITY_EX_FW) += pres_ex_firewall.pdf -obj-$(CONFIG_SECURITY_EX_FW) += print_ex_firewall.pdf diff --git a/security/firewall_ex/frm_ex_firewall.tex b/security/firewall_ex/frm_ex_firewall.tex deleted file mode 100644 index 67b3acf..0000000 --- a/security/firewall_ex/frm_ex_firewall.tex +++ /dev/null @@ -1,310 +0,0 @@ -% ---------------------------- -\subsection{Firewall Examples} - -% ---------------------------- -\title{Example Firewall} -\maketitle - -% ---------------------------- -\subsubsection{Initialization} - -\begin{frame}[fragile] -\frametitle{iptables config} -\begin{itemize} -\item Create and change to new directory ex\_ipt -\item Get root (su) -\item Print current iptables configuration (iptables) -\item Save current configuration (iptables-save) -\item Reset iptables configuration (iptables) -\end{itemize} - -\pause - -\begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{scriptsize} -\begin{verbatim} -mkdir ex_ipt -cd ex_ipt -su -iptables -L -iptables-save > start.conf -iptables -X -iptables -F -iptables -Z -\end{verbatim} -\end{scriptsize} -\end{beamerboxesrounded} -\end{frame} - -% ---------------------------- -\subsubsection{Policy} - -\begin{frame}[fragile] -\frametitle{Default Policy} -\begin{itemize} -\item Drop all incoming, outgoing and forwarding traffic -\item Save this default policies to file -\item Reset iptables and restore saved config -\end{itemize} - -\pause - -\begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{scriptsize} -\begin{verbatim} -iptables -P INPUT DROP -iptables -P OUTPUT DROP -iptables -P FORWARD DROP -iptables-save > step1 -iptables -F -iptables-restore < step1 -\end{verbatim} -\end{scriptsize} -\end{beamerboxesrounded} -\end{frame} - -% ---------------------------- -\subsubsection{User-defined Chains} - -\begin{frame}[fragile] -\frametitle{LOGDROP} -\begin{itemize} -\item From now on, edit stepX file and load with iptables-restore -\item Create new Chain LOGDROP -\item Log and drop INPUT and OUTPUT traffic with new chain -\item Check with ping -\end{itemize} - -\pause - -\begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{scriptsize} -\begin{verbatim} -# New chain -:LOGDROP - [0:0] --A LOGDROP -m limit --limit 2/min -j LOG --log-prefix "LOGDROP: " --A LOGDROP -j DROP - -# Catch all falling through --A INPUT -i eth0 -j LOGDROP --A OUTPUT -o eth0 -j LOGDROP -\end{verbatim} -\end{scriptsize} -\end{beamerboxesrounded} -\end{frame} - -% ---------------------------- -\subsubsection{Traffic Filter} - -\begin{frame}[fragile] -\frametitle{Allow loopback traffic} -\begin{itemize} -\item Allow INPUT and OUTPUT traffic on interface lo -\end{itemize} - -\pause - -\begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{scriptsize} -\begin{verbatim} -# loopback --A INPUT -i lo -j ACCEPT --A OUTPUT -o lo -j ACCEPT -\end{verbatim} -\end{scriptsize} -\end{beamerboxesrounded} -\end{frame} - -% ---------------------------- -\begin{frame}[fragile] -\frametitle{DNS} -\begin{itemize} -\item Allow DNS requests from this machine (UDP, Port 53) -\item Allow DNS responses -\end{itemize} - -\pause - -\begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{scriptsize} -\begin{verbatim} -# DNS --A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT --A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT -\end{verbatim} -\end{scriptsize} -\end{beamerboxesrounded} -\end{frame} - -% ---------------------------- -\begin{frame}[fragile] -\frametitle{ICMP} -\begin{itemize} -\item Allow simple ping requests (icmp-type 0 and 8) -\item Limit to 2 requests per second -\end{itemize} - -\pause - -\begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{scriptsize} -\begin{verbatim} -# PING limited accept --A INPUT -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT --A INPUT -p icmp --icmp-type 8 -m limit --limit 2/s -j ACCEPT --A INPUT -p icmp -j DROP -# Limit outgoing PING as well --A OUTPUT -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT --A OUTPUT -p icmp --icmp-type 8 -m limit --limit 2/s -j ACCEPT --A OUTPUT -p icmp -j DROP -\end{verbatim} -\end{scriptsize} -\end{beamerboxesrounded} -\end{frame} - -% ---------------------------- -\begin{frame}[fragile] -\frametitle{Established Connections} -\begin{itemize} -\item Allow INPUT and OUTPUT traffic for all ESTABLISHed connections -\item Remove obsolete rules (DNS) -\end{itemize} - -\pause - -\begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{scriptsize} -\begin{verbatim} -# Allow established connections in and out --A INPUT -m state --state ESTABLISHED -j ACCEPT --A OUTPUT -m state --state ESTABLISHED -j ACCEPT -[...] -# DNS --A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT -# -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT -\end{verbatim} -\end{scriptsize} -\end{beamerboxesrounded} -\end{frame} - -% ---------------------------- -\begin{frame}[fragile] -\frametitle{Log new connections} -\begin{itemize} -\item Create new Chain LOGNEW\_ACCEPT -\item New Connections should be logged with prefix ''New: '' -\item Traffic should be accepted -\end{itemize} - -\pause - -\begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{scriptsize} -\begin{verbatim} -# LOGNEW_ACCEPT Chain -:LOGNEW_ACCEPT - [0:0] --A LOGNEW_ACCEPT -m state --state NEW -j LOG --log-prefix "New: " --A LOGNEW_ACCEPT -j ACCEPT -\end{verbatim} -\end{scriptsize} -\end{beamerboxesrounded} -\end{frame} - -% ---------------------------- -\begin{frame}[fragile] -\frametitle{Log new DNS connections} -\begin{itemize} -\item Log new DNS connection with rule LOGNEW\_ACCEPT -\end{itemize} - -\pause - -\begin{beamerboxesrounded}[shadow=true]{Solution:} -\begin{scriptsize} -\begin{verbatim} -# DNS --A OUTPUT -p udp --dport 53 --sport 1024:65535 -m state --state NEW,ESTABLISHED \ - -j LOGNEW_ACCEPT -\end{verbatim} -\end{scriptsize} -\end{beamerboxesrounded} -\end{frame} - -% ---------------------------- -\subsubsection{Summary} - -\begin{frame}[fragile] -\frametitle{Full example with Ping, DNS, and SSH} -\begin{scriptsize} -\begin{verbatim} -# Generated by iptables-save v1.4.14 on Sat Apr 6 19:47:41 2013 -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT DROP [0:0] - -# New chain -:LOGDROP - [0:0] --A LOGDROP -m limit --limit 2/min -j LOG --log-prefix "LOGDROP: " --A LOGDROP -j DROP - -# DNS Chain -:LOGNEW_ACCEPT - [0:0] --A LOGNEW_ACCEPT -m state --state NEW -j LOG --log-prefix "New: " --A LOGNEW_ACCEPT -j ACCEPT -\end{verbatim} -\end{scriptsize} -\end{frame} - -% ---------------------------- -\begin{frame}[fragile] -\frametitle{Full example with Ping, DNS, and SSH} -\begin{scriptsize} -\begin{verbatim} -# loopback --A INPUT -i lo -j ACCEPT --A OUTPUT -o lo -j ACCEPT - -# PING limited accept --A INPUT -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT --A INPUT -p icmp --icmp-type 8 -m limit --limit 2/s -j ACCEPT --A INPUT -p icmp -j LOGDROP --A OUTPUT -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT --A OUTPUT -p icmp --icmp-type 8 -m limit --limit 2/s -j ACCEPT --A OUTPUT -p icmp -j LOGDROP - -# Allow established connections in and out --A INPUT -m state --state ESTABLISHED -j ACCEPT --A OUTPUT -m state --state ESTABLISHED -j ACCEPT -\end{verbatim} -\end{scriptsize} -\end{frame} - -% ---------------------------- -\begin{frame}[fragile] -\frametitle{Full example with Ping, DNS, and SSH} -\begin{scriptsize} -\begin{verbatim} -# DNS --A OUTPUT -p udp --dport 53 --sport 1024:65535 -m state --state NEW,ESTABLISHED \ - -j LOGNEW_ACCEPT - -# Outgoing SSH --A OUTPUT -p tcp --dport ssh --sport 1024:65535 -m state --state NEW,ESTABLISHED \ - -j LOGNEW_ACCEPT - -# Incoming SSH --A INPUT -p tcp --dport ssh -m state --state NEW,ESTABLISHED -j LOGNEW_ACCEPT - -# Catch all falling through --A INPUT -i eth0 -j LOGDROP --A OUTPUT -o eth0 -j LOGDROP - -COMMIT -# Completed on Sat Apr 6 19:47:41 2013 -\end{verbatim} -\end{scriptsize} -\end{frame} - -% ---------------------------- -\subsection{} diff --git a/security/firewall_ex/pres_ex_firewall.tex b/security/firewall_ex/pres_ex_firewall.tex index 521dd6f..3773eba 100644 --- a/security/firewall_ex/pres_ex_firewall.tex +++ b/security/firewall_ex/pres_ex_firewall.tex @@ -1,3 +1,314 @@ \input{configpres} -\input{frm_ex_firewall} + +% ---------------------------- +\subsection{Firewall Examples} + +% ---------------------------- +\title{Example Firewall} +\maketitle + +% ---------------------------- +\subsubsection{Initialization} + +\begin{frame}[fragile] +\frametitle{iptables config} +\begin{itemize} +\item Create and change to new directory ex\_ipt +\item Get root (su) +\item Print current iptables configuration (iptables) +\item Save current configuration (iptables-save) +\item Reset iptables configuration (iptables) +\end{itemize} + +\pause + +\begin{beamerboxesrounded}[shadow=true]{Solution:} +\begin{scriptsize} +\begin{verbatim} +mkdir ex_ipt +cd ex_ipt +su +iptables -L +iptables-save > start.conf +iptables -X +iptables -F +iptables -Z +\end{verbatim} +\end{scriptsize} +\end{beamerboxesrounded} +\end{frame} + +% ---------------------------- +\subsubsection{Policy} + +\begin{frame}[fragile] +\frametitle{Default Policy} +\begin{itemize} +\item Drop all incoming, outgoing and forwarding traffic +\item Save this default policies to file +\item Reset iptables and restore saved config +\end{itemize} + +\pause + +\begin{beamerboxesrounded}[shadow=true]{Solution:} +\begin{scriptsize} +\begin{verbatim} +iptables -P INPUT DROP +iptables -P OUTPUT DROP +iptables -P FORWARD DROP +iptables-save > step1 +iptables -F +iptables-restore < step1 +\end{verbatim} +\end{scriptsize} +\end{beamerboxesrounded} +\end{frame} + +% ---------------------------- +\subsubsection{User-defined Chains} + +\begin{frame}[fragile] +\frametitle{LOGDROP} +\begin{itemize} +\item From now on, edit stepX file and load with iptables-restore +\item Create new Chain LOGDROP +\item Log and drop INPUT and OUTPUT traffic with new chain +\item Check with ping +\end{itemize} + +\pause + +\begin{beamerboxesrounded}[shadow=true]{Solution:} +\begin{scriptsize} +\begin{verbatim} +# New chain +:LOGDROP - [0:0] +-A LOGDROP -m limit --limit 2/min -j LOG --log-prefix "LOGDROP: " +-A LOGDROP -j DROP + +# Catch all falling through +-A INPUT -i eth0 -j LOGDROP +-A OUTPUT -o eth0 -j LOGDROP +\end{verbatim} +\end{scriptsize} +\end{beamerboxesrounded} +\end{frame} + +% ---------------------------- +\subsubsection{Traffic Filter} + +\begin{frame}[fragile] +\frametitle{Allow loopback traffic} +\begin{itemize} +\item Allow INPUT and OUTPUT traffic on interface lo +\end{itemize} + +\pause + +\begin{beamerboxesrounded}[shadow=true]{Solution:} +\begin{scriptsize} +\begin{verbatim} +# loopback +-A INPUT -i lo -j ACCEPT +-A OUTPUT -o lo -j ACCEPT +\end{verbatim} +\end{scriptsize} +\end{beamerboxesrounded} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{DNS} +\begin{itemize} +\item Allow DNS requests from this machine (UDP, Port 53) +\item Allow DNS responses +\end{itemize} + +\pause + +\begin{beamerboxesrounded}[shadow=true]{Solution:} +\begin{scriptsize} +\begin{verbatim} +# DNS +-A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT +-A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT +\end{verbatim} +\end{scriptsize} +\end{beamerboxesrounded} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{ICMP} +\begin{itemize} +\item Allow simple ping requests (icmp-type 0 and 8) +\item Limit to 2 requests per second +\end{itemize} + +\pause + +\begin{beamerboxesrounded}[shadow=true]{Solution:} +\begin{scriptsize} +\begin{verbatim} +# PING limited accept +-A INPUT -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT +-A INPUT -p icmp --icmp-type 8 -m limit --limit 2/s -j ACCEPT +-A INPUT -p icmp -j DROP +# Limit outgoing PING as well +-A OUTPUT -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT +-A OUTPUT -p icmp --icmp-type 8 -m limit --limit 2/s -j ACCEPT +-A OUTPUT -p icmp -j DROP +\end{verbatim} +\end{scriptsize} +\end{beamerboxesrounded} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Established Connections} +\begin{itemize} +\item Allow INPUT and OUTPUT traffic for all ESTABLISHed connections +\item Remove obsolete rules (DNS) +\end{itemize} + +\pause + +\begin{beamerboxesrounded}[shadow=true]{Solution:} +\begin{scriptsize} +\begin{verbatim} +# Allow established connections in and out +-A INPUT -m state --state ESTABLISHED -j ACCEPT +-A OUTPUT -m state --state ESTABLISHED -j ACCEPT +[...] +# DNS +-A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT +# -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT +\end{verbatim} +\end{scriptsize} +\end{beamerboxesrounded} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Log new connections} +\begin{itemize} +\item Create new Chain LOGNEW\_ACCEPT +\item New Connections should be logged with prefix ''New: '' +\item Traffic should be accepted +\end{itemize} + +\pause + +\begin{beamerboxesrounded}[shadow=true]{Solution:} +\begin{scriptsize} +\begin{verbatim} +# LOGNEW_ACCEPT Chain +:LOGNEW_ACCEPT - [0:0] +-A LOGNEW_ACCEPT -m state --state NEW -j LOG --log-prefix "New: " +-A LOGNEW_ACCEPT -j ACCEPT +\end{verbatim} +\end{scriptsize} +\end{beamerboxesrounded} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Log new DNS connections} +\begin{itemize} +\item Log new DNS connection with rule LOGNEW\_ACCEPT +\end{itemize} + +\pause + +\begin{beamerboxesrounded}[shadow=true]{Solution:} +\begin{scriptsize} +\begin{verbatim} +# DNS +-A OUTPUT -p udp --dport 53 --sport 1024:65535 -m state --state NEW,ESTABLISHED \ + -j LOGNEW_ACCEPT +\end{verbatim} +\end{scriptsize} +\end{beamerboxesrounded} +\end{frame} + +% ---------------------------- +\subsubsection{Summary} + +\begin{frame}[fragile] +\frametitle{Full example with Ping, DNS, and SSH} +\begin{scriptsize} +\begin{verbatim} +# Generated by iptables-save v1.4.14 on Sat Apr 6 19:47:41 2013 +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT DROP [0:0] + +# New chain +:LOGDROP - [0:0] +-A LOGDROP -m limit --limit 2/min -j LOG --log-prefix "LOGDROP: " +-A LOGDROP -j DROP + +# DNS Chain +:LOGNEW_ACCEPT - [0:0] +-A LOGNEW_ACCEPT -m state --state NEW -j LOG --log-prefix "New: " +-A LOGNEW_ACCEPT -j ACCEPT +\end{verbatim} +\end{scriptsize} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Full example with Ping, DNS, and SSH} +\begin{scriptsize} +\begin{verbatim} +# loopback +-A INPUT -i lo -j ACCEPT +-A OUTPUT -o lo -j ACCEPT + +# PING limited accept +-A INPUT -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT +-A INPUT -p icmp --icmp-type 8 -m limit --limit 2/s -j ACCEPT +-A INPUT -p icmp -j LOGDROP +-A OUTPUT -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT +-A OUTPUT -p icmp --icmp-type 8 -m limit --limit 2/s -j ACCEPT +-A OUTPUT -p icmp -j LOGDROP + +# Allow established connections in and out +-A INPUT -m state --state ESTABLISHED -j ACCEPT +-A OUTPUT -m state --state ESTABLISHED -j ACCEPT +\end{verbatim} +\end{scriptsize} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Full example with Ping, DNS, and SSH} +\begin{scriptsize} +\begin{verbatim} +# DNS +-A OUTPUT -p udp --dport 53 --sport 1024:65535 -m state --state NEW,ESTABLISHED \ + -j LOGNEW_ACCEPT + +# Outgoing SSH +-A OUTPUT -p tcp --dport ssh --sport 1024:65535 -m state --state NEW,ESTABLISHED \ + -j LOGNEW_ACCEPT + +# Incoming SSH +-A INPUT -p tcp --dport ssh -m state --state NEW,ESTABLISHED -j LOGNEW_ACCEPT + +# Catch all falling through +-A INPUT -i eth0 -j LOGDROP +-A OUTPUT -o eth0 -j LOGDROP + +COMMIT +# Completed on Sat Apr 6 19:47:41 2013 +\end{verbatim} +\end{scriptsize} +\end{frame} + +% ---------------------------- +\subsection{} + \input{tailpres} diff --git a/security/firewall_ex/print_ex_firewall.tex b/security/firewall_ex/print_ex_firewall.tex deleted file mode 100644 index 34670a8..0000000 --- a/security/firewall_ex/print_ex_firewall.tex +++ /dev/null @@ -1,3 +0,0 @@ -\input{configprint} -\input{frm_ex_firewall} -\input{tailprint} diff --git a/tailbeamer.tex b/tailbeamer.tex new file mode 100644 index 0000000..3788c79 --- /dev/null +++ b/tailbeamer.tex @@ -0,0 +1,18 @@ +\begin{frame}[fragile] + \begin{columns} + \column[c]{.50\textwidth} +Thank you for your attention. +\newline +\newline +\begin{block}{Linutronix GmbH} +Bahnhofstra\ss{}e 3 + +88690 Uhldingen-M\"uhlhofen +\end{block} + \column[c]{.50\textwidth} +\vskip1cm +\includegraphics[height=0.9\textwidth]{/usr/share/lx/logo/frau_auf_logo} + \end{columns} +\end{frame} + +\end{document} diff --git a/tailpres.tex b/tailpres.tex index 3788c79..83b56f1 100644 --- a/tailpres.tex +++ b/tailpres.tex @@ -1,18 +1,7 @@ -\begin{frame}[fragile] - \begin{columns} - \column[c]{.50\textwidth} -Thank you for your attention. -\newline -\newline -\begin{block}{Linutronix GmbH} -Bahnhofstra\ss{}e 3 +\newif\ifformatbeamer -88690 Uhldingen-M\"uhlhofen -\end{block} - \column[c]{.50\textwidth} -\vskip1cm -\includegraphics[height=0.9\textwidth]{/usr/share/lx/logo/frau_auf_logo} - \end{columns} -\end{frame} - -\end{document} +\ifformatbeamer +\input{tailbeamer} +\else +\input{tailprint} +\fi |