This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
change_for_headless_router [2017/11/14 10:27] admin |
change_for_headless_router [2017/12/01 02:14] (current) admin |
||
---|---|---|---|
Line 67: | Line 67: | ||
net-analyzer/wireshark netlink pcap | net-analyzer/wireshark netlink pcap | ||
net-dns/dnsmasq -dhcp -id -inotify | net-dns/dnsmasq -dhcp -id -inotify | ||
+ | net-misc/wget ipv6 zlib ssl | ||
sys-apps/openrc netifrc | sys-apps/openrc netifrc | ||
sys-apps/net-tools arp hostname | sys-apps/net-tools arp hostname | ||
Line 77: | Line 78: | ||
* emerge --sync | * emerge --sync | ||
* emerge -DaNuv world | * emerge -DaNuv world | ||
- | * emerge -av hdparm parted iptables dnsmasq ethtool app-misc/screen gentoolkit u-boot-tools | + | * emerge -av hdparm parted iptables dnsmasq ethtool app-misc/screen gentoolkit u-boot-tools net-analyzer/nmap net-misc/bridge-utils net-misc/dhcp net-misc/dibbler net-misc/iperf net-misc/quagga net-misc/radvd net-misc/telnet-bsd sys-power/cpupower sys-process/vixie-cron net-misc/ntp syslog-ng |
* Set the hostname | * Set the hostname | ||
* /etc/conf.d/ip* SAVE_ON_STOP="no" | * /etc/conf.d/ip* SAVE_ON_STOP="no" | ||
- | * rc-update del keymaps boot;rc-update-del netmount;rc-update del termencoding boot | + | * rc-update del keymaps boot;rc-update del netmount;rc-update del termencoding boot |
+ | * rc-update add iptables boot default;rc-update add ip6tables boot default | ||
+ | * cp /usr/share/zoneinfo/America/La_Paz /etc/localtime | ||
== Firewall == | == Firewall == | ||
{{ :iot-gate-imx7-iptables.txt |}} | {{ :iot-gate-imx7-iptables.txt |}} | ||
{{ :iot-gate-imx7-ip6tables.txt |}} | {{ :iot-gate-imx7-ip6tables.txt |}} | ||
+ | |||
+ | == /etc/sysctl.conf == | ||
+ | net.ipv4.conf.default.rp_filter = 1 | ||
+ | net.ipv4.conf.all.rp_filter = 1 | ||
+ | net.ipv4.tcp_syncookies = 1 | ||
+ | net.ipv4.icmp_echo_ignore_broadcasts = 1 | ||
+ | kernel.panic = 3 | ||
+ | net.ipv6.conf.all.accept_ra=0 | ||
+ | net.ipv4.ip_forward = 1 | ||
+ | net.ipv6.conf.all.autoconf=0 | ||
+ | net.ipv6.conf.default.autoconf=0 | ||
+ | net.ipv6.conf.all.accept_ra_defrtr = 0 | ||
+ | net.ipv6.conf.default.accept_ra_defrtr = 0 | ||
+ | net.ipv6.conf.all.accept_ra = 0 | ||
+ | net.ipv6.conf.default.accept_ra = 0 | ||
+ | net.ipv4.conf.all.accept_source_route=0 | ||
+ | net.ipv4.conf.default.accept_source_route=0 | ||
+ | net.ipv4.conf.all.accept_redirects=0 | ||
+ | net.ipv4.conf.default.accept_redirects=0 | ||
+ | net.ipv4.conf.all.secure_redirects=0 | ||
+ | net.ipv4.conf.default.secure_redirects=0 | ||
+ | | ||
+ | Into the **/etc/fstab** | ||
+ | none /tmp tmpfs defaults,nosuid,size=32M,mode=1777 | ||
+ | none /var/tmp tmpfs defaults,nosuid,size=128M,mode=1777 | ||
+ | none /var/lib/ntp tmpfs defaults,nosuid,size=32M,mode=755,uid=123,gid=123 | ||
+ | none /var/spool/cron/lastrun tmpfs defaults,nosuid,size=1M,mode=750 | ||
+ | | ||
+ | == Tweak == | ||
+ | /etc/local.d/baselayout1.start | ||
+ | echo -e "\033[9;0]" >/dev/console | ||
+ | echo 5 > /proc/sys/vm/laptop_mode | ||
+ | echo 10 > /proc/sys/vm/swappiness | ||
+ | /usr/bin/cpupower frequency-set -g ondemand | ||
+ | |