Linux 使用 tc 將 eth0 封包 mirror 至eth1

清除 eth1 IP 設定混雜模式
sudo ip addr flush dev eth1
sudo ip link set dev eth1 up
sudo ip link set dev eth1 promisc on

設定 tc eth0 進入規則
sudo tc qdisc add dev eth0 handle ffff: ingress
sudo tc filter add dev eth0 parent ffff: protocol all u32 match u32 0 0 action mirred egress mirror dev eth1

設定 tc eth0 流出規則
sudo tc qdisc add dev eth0 root handle 1: prio
sudo tc filter add dev eth0 parent 1: protocol all u32 match u32 0 0 action mirred egress mirror dev eth1

檢查 tc 規則
sudo tc filter show dev eth0 ingress
sudo tc filter show dev eth0 parent 1:

刪除 tc 規則
sudo tc qdisc del dev eth0 handle ffff: ingress
sudo tc qdisc del dev eth0 root

關閉 eth1 的混雜模式
sudo ip link set dev eth1 promisc off

相關 module 
 ifb act_mirred

wireguard 日誌記錄

 #!/bin/bash
LOG_FILE=/home/WGlog/202606
TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S")

echo "=== Log entry at $TIMESTAMP ===" >> $LOG_FILE
# 抓取介面、Peer ID、端點 IP 以及最後交握時間

wg show all dump | awk 'NF>1 {print TIMESTAMP, $1, $2, $4, $5}' TIMESTAMP="$TIMESTAMP" >>$LOG_FILE

echo "" >> $LOG_FILE

LEAF設定 WireGuard

編輯 leaf.cfg加入
wireguard

編輯 /etc/modules 加入
wireguard

編輯  /etc/shorewall/interfaces 加入
wg0    wg0     tcpflags,nosmurfs,routefilter,routeback

編輯  /etc/shorewall/zones 加入
wg0             ipv4

編輯 /etc/shorewall/rules 加入
ACCEPT    net                     fw      UDP 51820
ACCEPT    wg0:192.168.226.1       wg0     TCP 22
ACCEPT    wg0     wg0:192.168.226.1       TCP 4119,4120,4122,22
DROP         wg0                     wg0     all
Ping(ACCEPT)    wg0                     fw

產生 設定檔
#!/bin/sh
nodenum=20

spri=$(wg genkey); spub=$(echo $spri|wg pubkey)

# wireguard server
Endpoint=192.168.228.2:51820

# configure file
wg0conf=wg0.conf-
client=client.conf-

:>${client}
cat <<EOF0 >$wg0conf
#pri=${spri}
#pub=${spub}
[Interface]
Address = 192.168.226.253/24
ListenPort = 51820
PrivateKey = ${spri}

EOF0

for i in `seq 1 $nodenum`;do
pri=$(wg genkey); pub=$(echo $pri|wg pubkey)

cat <<EOF >>$client
## node $i ##############################################
[Interface]
PrivateKey = ${pri}
Address = 192.168.226.${i}/24

[Peer]
PublicKey = $spub
AllowedIPs = 192.168.226.0/24
Endpoint = ${Endpoint}
PersistentKeepalive = 25

EOF

cat <<EOF0 >>$wg0conf
## node $i ##############################################
[Peer]
PublicKey = ${pub}
AllowedIPs = 192.168.226.$i/32

EOF0

done

Debian 13 安裝中文輸入法 Fcixt5

sudo apt install fcitx5 fcitx5-config-qt fcitx5-frontend-gtk2 fcitx5-frontend-gtk3 fcitx5-frontend-gtk4 fcitx5-frontend-qt5

sudo apt install fcitx5-table-extra
sudo apt install fcitx5-chinese-addons
sudo apt install fcitx5-chewing

sudo apt install fcitx5-table-extra fcitx5-table-other
sudo apt install fcitx5-table-boshiamy

Debian 13 安裝 Fcix5

sudo apt install fcitx5 fcitx5-config-qt fcitx5-frontend-gtk2 fcitx5-frontend-gtk3 fcitx5-frontend-gtk4 fcitx5-frontend-qt5

sudo apt install fcitx5-table-extra
sudo apt install fcitx5-chinese-addons
sudo apt install fcitx5-chewing

sudo apt install fcitx5-table-extra fcitx5-table-other
sudo apt install fcitx5-table-boshiamy

Linux script 載入 module

 _MODULES="overlay squashfs loop"

_USB_MODULES="xhci_pci xhci_hcd ehci_pci ohci_hcd uhci_hcd"
_USB_MODULES="$_USB_MODULES usb_storage uas"
_USB_MODULES="$_USB_MODULES sd_mod"
_USB_MODULES="$_USB_MODULES vfat exfat"

timeout 300 sh -c 'while true;do _t=1;for i in /modules/*;do insmod ${i}&&_t=0;done; [ ${_t} -gt 0 ]&&break; done;'

find /sys/devices -name modalias|xargs -n 1 cat|xargs -r modprobe -abq
for i in $_MODULES $_USB_MODULES;do modprobe ${i};done

/proc/cmdline 變數解析

 for i in $(cat /proc/cmdline);do case $i in *=*) eval $i;  ;; esac; done