From d96a86797877637e3a3d22bc6493b1bfda7dac9b Mon Sep 17 00:00:00 2001
From: Mario Alegre <mario@git.alemor.org>
Date: Sun, 21 Jun 2020 19:47:21 -0500
Subject: [PATCH] changes & fixes to router docs & freeswitch

---
 linux/router/dnsmasq.md  | 14 ++++++++---
 linux/router/nftables.md | 54 +++++++++++++++++++++++-----------------
 linux/voip/freeswitch.md | 15 +++++++++++
 3 files changed, 57 insertions(+), 26 deletions(-)
 create mode 100644 linux/voip/freeswitch.md

diff --git a/linux/router/dnsmasq.md b/linux/router/dnsmasq.md
index a558959..177a5f1 100644
--- a/linux/router/dnsmasq.md
+++ b/linux/router/dnsmasq.md
@@ -27,8 +27,16 @@ local=/mar.alemor.org/
 # Repeat the line for more than one interface.
 interface=lan0
 
+# If you don't want dnsmasq to read /etc/hosts, uncomment the
+# following line.
+no-hosts
+
+# Set this (and domain: see below) if you want to have a domain
+# automatically added to simple names in a hosts-file.
+expand-hosts
+
 # Set a  domain for a particular subnet
-domain=mar.alemor.org,192.168.80.0/24
+domain=mar.alemor.org,192.168.82.0/24
 
 # Uncomment this to enable the integrated DHCP server, you need
 # to supply the range of addresses available for lease and optionally
@@ -53,9 +61,9 @@ dhcp-authoritative
 # If you want to disable negative caching, uncomment this.
 no-negcache
 ```
-after you've set the config you want, reload with `service dnsmasq restart`
+after you've set the config you want, reload with `service dnsmasq restart`.
 
-- hosts in `/etc/hosts` and MAC addresses in `/etc/ethers`
+Put your static hosts in `/etc/dnsmasq.d/hosts`.
 
 ## make interface static
 
diff --git a/linux/router/nftables.md b/linux/router/nftables.md
index ad69acd..605cb22 100644
--- a/linux/router/nftables.md
+++ b/linux/router/nftables.md
@@ -30,67 +30,75 @@ in `/etc/nftables.conf`:
 # flush only my tables
 table inet myfilter
 delete table inet myfilter
-table ip mynatv4
-delete table ip mynatv4
+table ip mynat
+delete table ip mynat
 
 table inet myfilter {
-        chain myinput {
-                # use the "input" hook for this chain
+        chain input {
                 # accepts packets by default, because we don't want
                 # to have to keep track of all interfaces we don't want
-                # firewalled (lan0, wlan0, lxdbr0, veths, etc)
+                # firewalled (lan0, wlan0, bridges, veths, etc)
                 type filter hook input priority 0; policy accept;
 
-                # allow established/related connections
-                ct state {established, related} accept
-
                 # drop invalid connections
                 ct state invalid drop
 
                 # packets that are received on a firewalled interface
                 # are sent to the firewall chain for evaluation
-                iifname "wan0" jump myfirewall
+                iifname wan0 jump firewall
         }
-        chain myfirewall { # handle firewall
+        chain firewall {
+                # allow established/related connections
+                ct state {established, related} accept
+
                 # accept incoming HTTP(s) connections
-                tcp dport {http, https} accept
+                tcp dport {80, 443} accept
 
                 # accept incoming SSH connections
                 tcp dport 4322 accept
 
+                # accept incoming SSH connections for gitea
+                tcp dport 4323 accept
+
+                # accept incoming minecraft MP connections
+                udp dport {19132, 19133} accept
+                tcp dport {19132, 19133} accept
+
+                # block mDNS broadcasts
+                udp dport 5353 drop
+
                 # reject everything else
-                reject with icmpx type port-unreachable
+                reject
         }
 
-        chain myforward {
+        chain forward {
                 # forward everything by default
                 type filter hook forward priority 0; policy accept;
-				
-				# forward incoming on wan0 for established/related connections
-                iifname wan0 ct state {established, related} accept
 
-                # drop everything else
-                iifname wan0 drop
+                # drop invalid connections
+                ct state invalid drop
 
+                # send packets recieved on WAN to firewall chain
+                iifname wan0 jump firewall
         }
-        chain myoutput {
+        chain output {
                 # let everything out by default
                 type filter hook output priority 0; policy accept;
 
                 # block outgoing mDNS broadcasts
                 udp dport 5353 drop
-	}
+        }
 }
 
-table ip mynatv4 {
-        chain myprerouting {
+table ip mynat {
+        chain prerouting {
                 type nat hook prerouting priority -100;
 
                 # if I wanted to do port forwarding I could do it like this:
                 # forward http to 192.168.82.10
                 #tcp dport http dnat to 192.168.82.10
         }
-        chain mypostrouting {
+        chain postrouting {
                 type nat hook postrouting priority 100;
 
                 # masquerade outbound packets going to WAN
diff --git a/linux/voip/freeswitch.md b/linux/voip/freeswitch.md
new file mode 100644
index 0000000..cc8c5b4
--- /dev/null
+++ b/linux/voip/freeswitch.md
@@ -0,0 +1,15 @@
+# install and configure freeswitch
+
+## install from apt repo
+
+add repo:
+```
+apt-get update && apt-get install -y gnupg2 wget lsb-release
+wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add -
+echo "deb http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
+echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
+```
+install package:
+```
+apt update && apt install freeswitch-meta-all
+```