# netstat -in
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
br0 1500 850276 0 9811 0 138039 0 0 0 BMPRU
eth0 1500 859789 0 1739 0 138070 0 0 0 BMRU
lo 65536 3749 0 0 0 3749 0 0 0 LRU[sssd]
config_file_version = 2
domains = domain.int
services = nss
[nss]
filter_users = root
shell_fallback = /sbin/nologin
fallback_homedir = /usr/share/smbusers/%u
default_shell = /bin/sh
[domain/domain.int]
id_provider = ldap
auth_provider = ad
access_provider = ldap
selinux_provider = none
ldap_referrals = false
ldap_uri = ldap://dc1.domain.int/
ldap_backup_uri = ldap://dc3.domain.int/
ad_server = dc1.domain.int
ad_backup_server = dc3.domain.int
ldap_sasl_mech = GSSAPI
ldap_id_mapping = true
ldap_schema = ad
ldap_idmap_default_domain_sid = S-1-5-21-xxx... (много-цифр)
lookup_family_order = ipv4_only
case_sensitive = false
ldap_user_search_base = dc=domain,dc=int
ldap_group_search_base = dc=domain,dc=int
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
krb5_realm = DOMAIN.INT
krb5_canonicalize = false
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_user_gecos = displayName
ldap_user_principal = userPrincipalName
ldap_user_modify_timestamp = whenChanged
ldap_user_shadow_last_change = pwdLastSet
ldap_user_shadow_expire = accountExpires
ldap_group_object_class = group
ldap_group_name = cniptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
create setname hash:ip family inet hashsize 1024 maxelem 65536
add setname 1.2.3.4
add setname 1.3.4.5-A INPUT -p tcp --dport 22 -m set --match-set setname src -j ACCEPT
-A INPUT -p tcp --dport 22 -j DROP