From 0f3631e36e94c81836a3721a3d2815b7e2b8d03c Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Tue, 24 Mar 2020 11:09:52 -0400
Subject: [PATCH 1/5] localise-queries

---
 scripts/conf/02-lan.conf | 1 +
 scripts/install.sh       | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 scripts/conf/02-lan.conf

diff --git a/scripts/conf/02-lan.conf b/scripts/conf/02-lan.conf
new file mode 100644
index 0000000..b6fc208
--- /dev/null
+++ b/scripts/conf/02-lan.conf
@@ -0,0 +1 @@
+localise-queries
diff --git a/scripts/install.sh b/scripts/install.sh
index 400711e..042cec3 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -197,7 +197,8 @@ sudo systemctl disable dnsmasq 2>/dev/null || true
 sudo grep -qF "$(hostname)" /etc/hosts && echo "$(hostname) already in /etc/hosts" || echo "127.0.1.1 $(hostname) $(hostname)" | sudo tee -a /etc/hosts
 
 # resolve all *.mistborn domains
-echo "address=/.mistborn/$IPV4_PUBLIC" | sudo tee ../mistborn_volumes/base/pihole/etc-dnsmasqd/02-lan.conf
+sudo cp ./scripts/conf/02-lan.conf ../mistborn_volumes/base/pihole/etc-dnsmasqd/
+echo "address=/.mistborn/$IPV4_PUBLIC" | sudo tee -a ../mistborn_volumes/base/pihole/etc-dnsmasqd/02-lan.conf
 
 # ResolvConf (OpenResolv installed with Wireguard)
 sudo sed -i "s/#name_servers.*/name_servers=$IPV4_PUBLIC/" /etc/resolvconf.conf

From ce8e73e7b6756fce84d74d30435624f104901bc1 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Tue, 24 Mar 2020 14:37:32 -0400
Subject: [PATCH 2/5] secondary ip address to nic

---
 scripts/conf/02-lan.conf               | 1 -
 scripts/install.sh                     | 3 +--
 scripts/services/Mistborn-base.service | 1 +
 3 files changed, 2 insertions(+), 3 deletions(-)
 delete mode 100644 scripts/conf/02-lan.conf

diff --git a/scripts/conf/02-lan.conf b/scripts/conf/02-lan.conf
deleted file mode 100644
index b6fc208..0000000
--- a/scripts/conf/02-lan.conf
+++ /dev/null
@@ -1 +0,0 @@
-localise-queries
diff --git a/scripts/install.sh b/scripts/install.sh
index 042cec3..c8f54af 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -197,8 +197,7 @@ sudo systemctl disable dnsmasq 2>/dev/null || true
 sudo grep -qF "$(hostname)" /etc/hosts && echo "$(hostname) already in /etc/hosts" || echo "127.0.1.1 $(hostname) $(hostname)" | sudo tee -a /etc/hosts
 
 # resolve all *.mistborn domains
-sudo cp ./scripts/conf/02-lan.conf ../mistborn_volumes/base/pihole/etc-dnsmasqd/
-echo "address=/.mistborn/$IPV4_PUBLIC" | sudo tee -a ../mistborn_volumes/base/pihole/etc-dnsmasqd/02-lan.conf
+echo "address=/.mistborn/10.2.3.1" | sudo tee ../mistborn_volumes/base/pihole/etc-dnsmasqd/02-lan.conf
 
 # ResolvConf (OpenResolv installed with Wireguard)
 sudo sed -i "s/#name_servers.*/name_servers=$IPV4_PUBLIC/" /etc/resolvconf.conf
diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service
index 8f23fa1..2647af9 100644
--- a/scripts/services/Mistborn-base.service
+++ b/scripts/services/Mistborn-base.service
@@ -12,6 +12,7 @@ PermissionsStartOnly=true
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down
 
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build
+ExecStartPre=/sbin/ip address add 10.2.3.1/30 dev DIFACE || true
 ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
 ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP
 ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP

From d6ef0b1de6562e690479117ba016bb59a5654e44 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Tue, 24 Mar 2020 14:47:38 -0400
Subject: [PATCH 3/5] iptables -D true

---
 scripts/services/Mistborn-base.service | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service
index 2647af9..6c6a39d 100644
--- a/scripts/services/Mistborn-base.service
+++ b/scripts/services/Mistborn-base.service
@@ -25,12 +25,12 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml up
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down
 # Post stop
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP
-ExecStopPost=/sbin/iptables -D OUTPUT -o DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
-ExecStopPost=/sbin/ip6tables -D OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP
+ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP || true
+ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP || true
+ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP || true
+ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP || true
+ExecStopPost=/sbin/iptables -D OUTPUT -o DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP || true
+ExecStopPost=/sbin/ip6tables -D OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP || true
 
 [Install]
 WantedBy=multi-user.target

From d77f4ddbc9b9f399cecb4e7a728c69d50e56ef96 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Tue, 24 Mar 2020 14:57:34 -0400
Subject: [PATCH 4/5] systemd -/path/to/cmd

---
 scripts/services/Mistborn-base.service | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service
index 6c6a39d..fab39a7 100644
--- a/scripts/services/Mistborn-base.service
+++ b/scripts/services/Mistborn-base.service
@@ -12,7 +12,7 @@ PermissionsStartOnly=true
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down
 
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build
-ExecStartPre=/sbin/ip address add 10.2.3.1/30 dev DIFACE || true
+ExecStartPre=-/sbin/ip address add 10.2.3.1/30 dev DIFACE
 ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
 ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP
 ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP
@@ -25,12 +25,12 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml up
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down
 # Post stop
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP || true
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP || true
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP || true
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP || true
-ExecStopPost=/sbin/iptables -D OUTPUT -o DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP || true
-ExecStopPost=/sbin/ip6tables -D OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP || true
+ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
+ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP
+ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP
+ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP
+ExecStopPost=-/sbin/iptables -D OUTPUT -o DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
+ExecStopPost=-/sbin/ip6tables -D OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP
 
 [Install]
 WantedBy=multi-user.target

From fe74efc5dc700b9ea3de6ff278076caa6ae0163c Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Tue, 24 Mar 2020 15:00:00 -0400
Subject: [PATCH 5/5] iptables -D extras

---
 scripts/services/Mistborn-bitwarden.service  | 2 +-
 scripts/services/Mistborn-rocketchat.service | 2 +-
 scripts/services/Mistborn-syncthing.service  | 4 ++--
 scripts/services/Mistborn-tor.service        | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/scripts/services/Mistborn-bitwarden.service b/scripts/services/Mistborn-bitwarden.service
index 49c144d..4a1df26 100644
--- a/scripts/services/Mistborn-bitwarden.service
+++ b/scripts/services/Mistborn-bitwarden.service
@@ -17,7 +17,7 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml up
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down
 # Post stop
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP
+ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP
 
 [Install]
 WantedBy=multi-user.target
diff --git a/scripts/services/Mistborn-rocketchat.service b/scripts/services/Mistborn-rocketchat.service
index e99e307..1b8b90c 100644
--- a/scripts/services/Mistborn-rocketchat.service
+++ b/scripts/services/Mistborn-rocketchat.service
@@ -17,7 +17,7 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml up
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down
 # Post stop
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP
+ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP
 
 [Install]
 WantedBy=multi-user.target
diff --git a/scripts/services/Mistborn-syncthing.service b/scripts/services/Mistborn-syncthing.service
index 9dcfbbf..3e5ea0b 100644
--- a/scripts/services/Mistborn-syncthing.service
+++ b/scripts/services/Mistborn-syncthing.service
@@ -18,8 +18,8 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml up
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down
 # Post stop
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP
+ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP
+ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP
 
 [Install]
 WantedBy=multi-user.target
diff --git a/scripts/services/Mistborn-tor.service b/scripts/services/Mistborn-tor.service
index c67fb85..de794bc 100644
--- a/scripts/services/Mistborn-tor.service
+++ b/scripts/services/Mistborn-tor.service
@@ -17,7 +17,7 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml up --buil
 # Stop container when unit is stopped
 ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down
 # Post stop
-ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP
+ExecStopPost=-/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP
 
 [Install]
 WantedBy=multi-user.target