#!/usr/sbin/nft -f # From https://wiki.gbe0.com/en/linux/firewalling-and-filtering/nftables/template-inbound-outbound ## Clear/flush all existing rules flush ruleset # Main inet family filtering table table inet filter { # Rules for forwarded traffic chain forward { type filter hook forward priority 0; policy drop # 允許 Docker 容器網路轉發 # 允許從 Docker 網橋到任何地方的轉發 iifname "docker0" counter accept comment "允許來自 Docker 的轉發流量" iifname "br-*" counter accept comment "允許來自 Docker 網橋的轉發流量" # 允許已建立連接的回應流量 oifname { "docker0", "br-*" } ct state established,related counter accept comment "允許返回 Docker 的回應流量" meta l4proto { tcp, udp } th dport 53 counter accept comment "允許 DNS 查詢轉發" ## Log any unmatched traffic but rate limit logging to a maximum of 60 messages/minute ## The default policy will be applied to unmatched traffic limit rate 60/minute burst 100 packets \ log prefix "Forward - Drop: " \ comment "Log any unmatched traffic" ## Count the unmatched traffic counter \ comment "Count any unmatched traffic" } # Rules for input traffic chain input { type filter hook input priority 0; policy drop ## Permit inbound traffic to loopback interface iif lo \ accept \ comment "Permit all traffic in from loopback interface" # 允許來自 Docker 網路的連接 iifname { "docker0", "br-*" } counter accept comment "允許來自 Docker 網路的流量" ## Permit established and related connections ct state established,related \ counter \ accept \ comment "Permit established/related connections" ## Log and drop new TCP non-SYN packets tcp flags !

繼續閱讀

markdown-pdf

https://github.com/hanggrian/markdown-pdf-styles/tree/main samples includes css .vscode/setting.json { "markdown-pdf.styles": ["./markdown-pdf.css"] } markdown-pdf.css mix css

繼續閱讀

nuxt3 build .env !!

You want Build time use .env setting context. Two way: source .env package.json > “build”: “source .env && nuxt build” eval $(grep ‘^NUXT_’ .env) package.json > “build”: “eval $(grep ‘^PROD_’ .env) && nuxt build” ^RROD_ can replace by yourself .env file inside PROD_API_URL=https://ooxxooxx

繼續閱讀

file download const pdf = async () => { const download_url = new URL("/api/pdf") download_url.search = new URLSearchParams({'order_id': '20241101001'}).toString(); try { const blob = await $fetch(download_url.toString(), { method: 'GET', headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, }) const link = document.createElement('a'); link.href = URL.createObjectURL(blob); link.setAttribute('download', '20241101001.pdf'); document.body.appendChild(link); link.click() document.body.removeChild(link); } catch (error) { console.log(error) } } file print var iframe = document.createElement('iframe'); iframe.style.display = 'none'; iframe.src = url; document.body.appendChild(iframe); iframe.contentWindow.focus(); iframe.contentWindow.print();

繼續閱讀

> apk add qemu-guest-agent ERROR: unable to select packages: qemu-guest-agent (no such package): required by: world[qemu-guest-agent] Only way: Change Alpine repositores. # https://wiki.alpinelinux.org/wiki/Repositories > setup-apkrepos -cf or http://alpine.ccns.ncku.edu.tw/alpine/v3.20/main #http://dl-cdn.alpinelinux.org/alpine/v3.20/community http://alpine.cs.nycu.edu.tw/v3.20/main http://alpine.cs.nycu.edu.tw/v3.20/community

繼續閱讀

[轉]How to prepare Alpine Linux image with Cloud-Init ready for Proxmox https://5wire.co.uk/how-to-prepare-alpine-linux-image-with-cloud-init-ready-for-proxmox/ [轉]Enable cloud-init for a Alpine VM on proxmox https://gist.github.com/longtian/499261f4c68f0fb40b481bb1e74aa8ca

繼續閱讀

systemd wstunnel

Create /etc/systemd/system/wstunnel.service [Unit] Description=Wstunnel Server Service After=network.target [Service] Type=simple Restart=on-failure RestartSec=5s LimitNOFILE=1048576 ExecStart=/usr/bin/wstunnel server wss://[::]:1234 -r aabbccddeeff [Install] WantedBy=multi-user.target systemctl daemon-reload systemctl enable wstunnel.service systemctl start wstunnel.service systemctl status wstunnel.service

繼續閱讀

作者的圖片

Sue boy

Sueboy Can support You

CIO

Taiwan