Friday, April 29, 2016

Tor Browser 6.0a5-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.0a5-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

It contains a bunch of noteworthy changes. We switched the browser to Firefox ESR 45 and rebased our old patches/wrote new ones where necessary. We also ship a new Tor alpha version, 0.2.8.2, which makes meek usable again and contains a number of other improvements/stability fixes.

Note: There is no incremental update from 6.0a3-hardened available due to bug 17858. The internal updater should work, though, doing a complete update.

Here is the complete changelog since 6.0a4-hardened:

Tor Browser 6.0a5-hardened — April 28 2016

  • All Platforms
    • Update Firefox to 45.1.0esr
    • Update Tor to 0.2.8.2-alpha
    • Update Torbutton to 1.9.5.3
      • Bug 18466: Make Torbutton compatible with Firefox ESR 45
      • Translation updates
    • Update Tor Launcher to 0.2.8.4
      • Bug 13252: Do not store data in the application bundle
      • Bug 10534: Don’t advertise the help desk directly anymore
      • Translation updates
    • Update HTTPS-Everywhere to 5.1.6
    • Update NoScript to 2.9.0.11
    • Update meek to 0.22 (tag 0.22-18371-2)
      • Bug 18371: Symlinks are incompatible with Gatekeeper signing
    • Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
    • Bug 18900: Fix broken updater on Linux
    • Bug 18042: Disable SHA1 certificate support
    • Bug 18821: Disable libmdns support for desktop and mobile
    • Bug 18848: Disable additional welcome URL shown on first start
    • Bug 14970: Exempt our extensions from signing requirement
    • Bug 16328: Disable MediaDevices.enumerateDevices
    • Bug 16673: Disable HTTP Alternative-Services
    • Bug 17167: Disable Mozilla’s tracking protection
    • Bug 18603: Disable performance-based WebGL fingerprinting option
    • Bug 18738: Disable Selfsupport and Unified Telemetry
    • Bug 18799: Disable Network Tickler
    • Bug 18800: Remove DNS lookup in lockfile code
    • Bug 18801: Disable dom.push preferences
    • Bug 18802: Remove the JS-based Flash VM (Shumway)
    • Bug 18863: Disable MozTCPSocket explicitly
    • Bug 15640: Place Canvas MediaStream behind site permission
    • Bug 16326: Verify cache isolation for Request and Fetch APIs
    • Bug 18741: Fix OCSP and favicon isolation for ESR 45
    • Bug 16998: Disable for now
    • Bug 17506: Reenable building hardened Tor Browser with startup cache
    • Bug 18898: Exempt the meek extension from the signing requirement as well
    • Bug 18899: Don’t copy Torbutton, TorLauncher, etc. into meek profile
    • Bug 18890: Test importScripts() for cache and network isolation
    • Bug 18726: Add new default obfs4 bridge (GreenBelt)
  • Build System
    • Bug 16224: Don’t use BUILD_HOSTNAME anymore in Firefox builds
    • Bug 18699: Stripping fails due to obsolete Browser/components directory
    • Bug 18698: Include libgconf2-dev for our Linux builds

原文:http://ift.tt/1pMdRuj




via 细节的力量 http://ift.tt/1WXFJJy

Tor Browser 6.0a5 is released

A new alpha Tor Browser release is available for download in the 6.0a5 distribution directory and on the alpha download page.

This release features important security updates to Firefox.

This will probably be our last alpha release before the stable 6.0 and it contains a bunch of noteworthy changes.

First, we switched the browser to Firefox ESR 45 and rebased our old patches/wrote new ones where necessary.

Second, we ship a new Tor alpha version, 0.2.8.2, which makes meek usable again and contains a number of other improvements/stability fixes.

Third, this alpha release introduces code signing for OS X in order to cope with Gatekeeper, the OS X mechanism for allowing only authorized applications to run. There were bundle layout changes necessary to adhere to code signing requirements. Please test that everything is still working as expected if you happen to have an OS X machine. We plan to post instructions for removing the code signing parts on our website soon. This should make it easier to compare the bundles we build with the actual bundles we ship.

The fourth highlight is the fix for an installer related DLL hijacking vulnerability. This vulnerability made it necessary to deploy a newer NSIS version to create our .exe files. Please test that the installer is still working as expected if you happen to have a Windows machine.

Known issues:

  • It seems there is a bug regarding our search engine selection in non-en-US bundles. The search engines actually used are the ones contained in the respective language packs but not those we ship. There is no easy workaround for this short of disabling the language pack or adding the search engines one wants to have by hand. We are sorry for this inconvenience.
  • An other issue is an error “Unable to start tor” after upgrading from an older version, on Mac OS (Bug 18928). Quitting and restarting a second time should fix the problem.

Here is the full changelog since 6.0a4:

Tor Browser 6.0a5 — April 28 2016

  • All Platforms
    • Update Firefox to 45.1.0esr
    • Update Tor to 0.2.8.2-alpha
    • Update Torbutton to 1.9.5.3
      • Bug 18466: Make Torbutton compatible with Firefox ESR 45
      • Translation updates
    • Update Tor Launcher to 0.2.9.1
      • Bug 13252: Do not store data in the application bundle
      • Bug 10534: Don’t advertise the help desk directly anymore
      • Translation updates
    • Update HTTPS-Everywhere to 5.1.6
    • Update NoScript to 2.9.0.11
    • Update meek to 0.22 (tag 0.22-18371-2)
      • Bug 18371: Symlinks are incompatible with Gatekeeper signing
    • Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
    • Bug 18900: Fix broken updater on Linux
    • Bug 18042: Disable SHA1 certificate support
    • Bug 18821: Disable libmdns support for desktop and mobile
    • Bug 18848: Disable additional welcome URL shown on first start
    • Bug 14970: Exempt our extensions from signing requirement
    • Bug 16328: Disable MediaDevices.enumerateDevices
    • Bug 16673: Disable HTTP Alternative-Services
    • Bug 17167: Disable Mozilla’s tracking protection
    • Bug 18603: Disable performance-based WebGL fingerprinting option
    • Bug 18738: Disable Selfsupport and Unified Telemetry
    • Bug 18799: Disable Network Tickler
    • Bug 18800: Remove DNS lookup in lockfile code
    • Bug 18801: Disable dom.push preferences
    • Bug 18802: Remove the JS-based Flash VM (Shumway)
    • Bug 18863: Disable MozTCPSocket explicitly
    • Bug 15640: Place Canvas MediaStream behind site permission
    • Bug 16326: Verify cache isolation for Request and Fetch APIs
    • Bug 18741: Fix OCSP and favicon isolation for ESR 45
    • Bug 16998: Disable <link rel=”preconnect”> for now
    • Bug 18898: Exempt the meek extension from the signing requirement as well
    • Bug 18899: Don’t copy Torbutton, TorLauncher, etc. into meek profile
    • Bug 18890: Test importScripts() for cache and network isolation
    • Bug 18726: Add new default obfs4 bridge (GreenBelt)
  • Windows
  • OS X
    • Bug 6540: Support OS X Gatekeeper
    • Bug 13252: Tor Browser should not store data in the application bundle
  • Build System
    • All Platforms
      • Bug 18127: Add LXC support for building with Debian guest VMs
      • Bug 16224: Don’t use BUILD_HOSTNAME anymore in Firefox builds
    • Windows
      • Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking
      • Bug 18290: Bump mingw-w64 commit we use
    • OS X
      • Bug 18331: Update toolchain for Firefox 45 ESR
      • Bug 18690: Switch to Debian Wheezy guest VMs
    • Linux
      • Bug 18699: Stripping fails due to obsolete Browser/components directory
      • Bug 18698: Include libgconf2-dev for our Linux builds

原文:http://ift.tt/24n2o4c




via 细节的力量 http://ift.tt/1WXFI8j

Tor Browser 5.5.5 is released

Tor Browser 5.5.5 is now available from the Tor Browser Project page and also from ourdistribution directory.

This release features important security updates to Firefox.

This release updates Firefox to 38.8.0esr. Additionally, we bump NoScript to version 2.9.0.11 and HTTPS-Everywhere to 5.1.6.

Moreover, we don’t advertise our help desk anymore as we are currently restructuring our user support.

Here is the full changelog since 5.5.4:

Tor Browser 5.5.5 — April 26 2016

  • All Platforms
    • Update Firefox to 38.8.0esr
    • Update Tor Launcher to 0.2.7.9
      • Bug 10534: Don’t advertise the help desk directly anymore
      • Translation updates
    • Update HTTPS-Everywhere to 5.1.6
    • Update NoScript to 2.9.0.11
    • Bug 18726: Add new default obfs4 bridge (GreenBelt)

原文:http://ift.tt/1VQtPSQ




via 细节的力量 http://ift.tt/1rFlSTV

vpngate-build-9613

  • 如何安装和使用
  • 可发布的文件
    本软件是免费的。您可以复制或分发已下载的文件。你可以把它上传到其他网站。如果你们政府的防火墙处于未知原因的故障, http://www.vpngate.net 网站不能从你的国家轻松访问,在你们国家的网站上发布 VPN Gate 程序文件,以帮助你身边的其他用户。
  • 注意
    如果可能的话,使用最新版本。有一天,如果贵国政府的防火墙导致未知错误,且 VPN Gate Client 软件有问题,更新 VPN Gate 到最新版本。如果在未来贵国政府的防火墙由于故障 http://www.vpngate.net 网站变得无法访问,建议记住 镜像站点 URL 列表。VPN Gate Client 插件包含 VPN Gate 服务。默认禁用。你可以手动激活它。

原文:http://ift.tt/1beIIBc




via 细节的力量 http://ift.tt/1WXBGgd

vpngate-build-9613

  • 如何安装和使用
  • 可发布的文件
    本软件是免费的。您可以复制或分发已下载的文件。你可以把它上传到其他网站。如果你们政府的防火墙处于未知原因的故障, http://www.vpngate.net 网站不能从你的国家轻松访问,在你们国家的网站上发布 VPN Gate 程序文件,以帮助你身边的其他用户。
  • 注意
    如果可能的话,使用最新版本。有一天,如果贵国政府的防火墙导致未知错误,且 VPN Gate Client 软件有问题,更新 VPN Gate 到最新版本。如果在未来贵国政府的防火墙由于故障 http://www.vpngate.net 网站变得无法访问,建议记住 镜像站点 URL 列表。VPN Gate Client 插件包含 VPN Gate 服务。默认禁用。你可以手动激活它。

原文:http://ift.tt/1beIIBc




via 细节的力量 http://ift.tt/1WXBGgd

[整理]通过ss-panelv3调用shadowsocks-go管理多用户

由于SS-panel V3增加了一些功能,但是调用传统的shadowsocks manyuser无法实现一些功能,所以可以通过shadowsocks-go来实现这些功能,下面是整理的一些安装信息。

ss-panelv3安装基本上很简单,需求git组件,默认Centos6带的是1.7.1但是不利于后文ss-go的安装,所以我们这里直接编译安装最新的版本,截止到文章是2.2.1.如果你之前已经用yum install git 命令安装了老版本,那么需要先卸载

基础组件安装:

安装:

yum -y install gcc automake autoconf libtool make

安装g++:

yum install gcc gcc-c++

yum install zlib-devel

yum remove git

yum openssl-devel

yum expat-devel

yum gettext-devel

yum asciidoc

yum xmlto

yum install perl-ExtUtils-MakeMaker

yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel   //检查是否有遗漏

然后开始安装:

># wget http://ift.tt/1TdpgLJ

># tar zxvf v2.2.1.tar.gz

># cd git-2.2.1

># make configure

># ./configure –prefix=/usr/local/git –with-iconv=/usr/local/libiconv

># make all doc

># make install install-doc install-html

># echo “export PATH=$PATH:/usr/local/git/bin” >> /etc/bashrc

# source /etc/bashrc

如果还不行,尝试重新编译:

wget http://www.codemonkey.org.uk/projects/git-snapshots/git/git-latest.tar.gz
tar xzvf gitlatest.tar.gz
cd git20111130 #你的目录可能不是这个
autoconf
./configure
make
sudo make install

查看版本号

># git –version

# git –version >git version 2.2.1

安装完毕

然后开始安装ss-panel

Step 0

git clone http://ift.tt/1TOsIB3    //下载程序包

Step 1

$ curl -sS http://ift.tt/SI3ujS | php   //获取composer包
$ php composer.phar  install    //安装

Step 2

cp .env.example .env    /更改配置文件

then edit .env

chmod -R 777 storage     //更改权限

Step 3

Import the sql to you mysql database.    //导入ss-panel目录内的数据库文件到你的mysql数据库中,具体怎么操作,这里就不再赘述了

Step 4

Nginx Config example:                                    //去nginx配置目录下写入重定向规则

if you download ss-panel on path /home/www/ss-panel     //如果你的ss-panel目录是/home/www/ss-panel的话,那么就在下面的配置中写入相应的目录后面别忘了加上真正目录/public

root /home/www/ss-panel/public;

location / {
    try_files $uri $uri/ /index.php$is_args$args;
}


Step 5

在相应的ss-panel目录修改文件权限chown -R www /home/www/ss-panel            //相对应去修改你自己的目录

Step 6

ss-panel v3 配置说明,请根据说明合理选择密码加密方式,认证方式等。

修改站点以及数据库配置都在:

vim .env

Auth Driver 认证设置

ss-panel v3支持多种存储用户认证信息的方式:

  • cookie 同v2的认证方式,不推荐。
  • redis 使用Redis存储,推荐此方式。

推荐使用redis

安装Redis

如果你是使用lnmp搭建的网站环境,进入lnmp解压后的目录,执行:./addons.sh install redis 来安装。很方便。
如果是centos  使用 yum install redis

密码加密方式

  • md5 不推荐
  • sha256 推荐

添加管理员

在网站根目录下执行

php xcat createAdmin

根据提示创建管理员帐号。

创建成功后登录可以在域名/admin进行管理

重置流量

php xcat resetTraffic


注意

如果都设置好了,运行网站测试的时候提示出现一个应用程序错误。是因为你没安装redis,并且.env文件默认的参数authDriver = ‘redis’ ,只要去安装redis就正常了。

 

这样ss-panel前端环境就搭建好了,下面进入后端shadowsocks-go的安装:

由于ss-go是用go语言写的,所以我们要下载go语言环境:http://ift.tt/1ubc6rU 这是源码包地址

wget -c http://ift.tt/1SPfFNP; //根据你的系统版本选择相应的环境包
tar -C /usr/local -xzf go1.6.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
export GOPATH=~/.go

接下来安装ss-go mu

go get http://ift.tt/1VX5Hhs; 或者使用 git clone git://github.com/orvice/shadowsocks-go
cd ~/.go/src/http://ift.tt/1TdpimI
go get
go build
cp example.conf ~/.go/bin/config.conf
vim ~/.go/bin/config.conf

[base]
N 1
ip 0.0.0.0
client webapi
checktime 60
synctime 60

[webapi]
url http://ift.tt/1SPfEt4; /你的域名,后面别忘了跟mu
key xxxx                你的ss-panel .env文件的key秘钥
node_id 1

[mysql]
host 127.0.0.1:3306
user user
pass pass
db db
table table

[redis]
host localhost:6379
# if no passwd set,comment this line
#pass “”             //这里注释掉
#db 1

接下来开启go

cd ~/.go/bin/

./mu

如果不出意外,就看到正常的启动界面了。如果出错可以使用

./mu -debug

查看相关的错误信息

这样的话就把前端的和后端关联起来,我们的目的就达到了,下面是添加守护进程,常住后台:

 

安装easy_install supervisor
运行echo_supervisord_conf
测试是否安装成功。
创建配置文件:

echo_supervisord_conf > /etc/supervisord.conf
修改配置文件:
在supervisord.conf最后增加:

[program:shadowsocks]
command = /root/.go/bin/mu
directory = /root/.go/bin/
user=root
autostart=true
autorestart=true
stderr_logfile = /var/log/shadowsocks.log
stdout_logfile = /var/log/shadowsocks.log
startsecs=3

使用指定配置文件启动:/usr/bin/supervisord -c /etc/supervisord.conf
-c 表示配置文件的路径,读取这里个配置文件,之前也是可以根据自己的情况放在不同的文件夹下
修改配置文件之后:supervisorctl reload 重载 服务重新启动
debug查看连接日志:
supervisorctl tail -f shadowsocks stderr
 #Ctrl+C 取消查看
设置supervisord开机启动
编辑文件:vi /etc/rc.local
在末尾另起一行添加supervisord,保存退出(和上文类似)。
另centos7还需要为rc.local添加执行权限
chmod +x /etc/rc.local
至此运用supervisord控制shadowsocks开机自启和后台运行设置完成
常用命令
控制命令基本都通过supervisorctl执行,输入help可以看到命令列表。这是一些常用命令:
获得所有程序状态 supervisorctl status
关闭目标程序 supervisorctl stop shadowsocks
启动目标程序 supervisorctl start shadowsocks
关闭所有程序 supervisorctl shutdown

正常查看日志为supervisorctl tail -f shadowsocks stderr,可是有些懒人觉得太长,那么我们就精简一下吧,利用linux自带的alias功能

vim ~/.bashrc

添加一行

alias xxxxx=’supervisorctl tail -f shadowsocks stderr’    //这里的xxxxx是你自定义的命令,只要不和已有的命令冲突即可。

保存退出后,正常需要登出才会生效,这里我们输入:

source ~/.bashrc         //直接把命令导入到我们的环境中

这样以后直接输入xxxxx就可以显示后台的日志了。

ok 就是这样,enjoy it!

 

此文参考:http://ift.tt/1SrGUz4 http://ift.tt/1TdpimK http://ift.tt/1SrGY1D http://ift.tt/1Tdph2e

原文:http://ift.tt/1SrGUiz




via 细节的力量 http://ift.tt/1VX5HxO

掌握科学上网的方法

最近因为apple music的关系,国内一直听得断断续续,没办法,最后只有尝试用传说中的“SS”来翻出去才能流畅的听了。吐槽一下水果的服务器,真是够了!

闲话少说,如果不想动手呢,那就到网上去买账号吧,但是安全性,真的不好说,如果要自己动手来,那么往下看喽:

 

centos和debian都可以,但是如果想做多用户限制一下流量那就需要一个小工具:ss-bash,通过这个工具就可以做流量限制!作者建议使用debian系统,详细使用方法往后看。

 

首先我们要安装ss的服务端,网上已经有大神写好了现成的脚本,方便大家了具体步骤:

 

1.wget –no-check-certificate http://ift.tt/1SPfEcA; //下载脚本文件
2.chmod +x shadowsocks.sh    //设置可执行权限
3../shadowsocks.sh 2>&1 | tee shadowsocks.log      //保存安装日志

安装开始后会提示你输入你的端口和密码,这个根据自己需求来改。默认也可以,安装后可以自己修改。

Congratulations, shadowsocks install completed!
Your Server IP: x.x.x.x
Your Server Port: xxxx
Your Password: xxxx
Your Local IP: 127.0.0.1
Your Local Port: 1080
Your Encryption Method: aes-256-cfb

到这步基本就已经安装成功了,ss的配置文件在/etc/shadowsocks.json

默认的文件为单用户,如果你需要设置多端口用户需要修改一下:

{
“server”:”0.0.0.0″,
“local_address”:”127.0.0.1″,
“local_port”:1080,
“port_password”:{
“8989”:”password0″,
“9001”:”password1″,
“9002”:”password2″,
“9003”:”password3″,
“9004”:”password4″
},
“timeout”:300,
“method”:”aes-256-cfb”,
“fast_open”: false
}

常用命令:

启动:/etc/init.d/shadowsocks start
停止:/etc/init.d/shadowsocks stop
重启:/etc/init.d/shadowsocks restart
状态:/etc/init.d/shadowsocks status

至此ss部分搞定!然后我们去下载ss-bash,需要注意的事项:

  • 目前只支持python版Shadowsocks
  • 目前只支持统计ipv4流量

顺便把工作原理也粘一下吧:

不同的用户分配不同端口,使用iptables规则获取各端口的流量,脚本循环运行,在固定时间间隔根据iptables结果统计流量使用情况,并在流量超过限制时,添加对应端口的iptables reject规则以禁用端口。

 

好,现在来下载:

wget http://ift.tt/1pEx9BL


然后解压到你指定的目录下

         tar zxvf v1.0-beta.3.tar.gz

首次运行时需要创建可管理的用户,例如:

sudo ./ssadmin.sh add 8388(端口号) passwd(密码) 10G(限制流量数)



然后启动sssserver:

sudo ./ssadmin.sh start



当启动成功后,你做得操作就生效了,当此端口用户使用流量达到阈值时就会断掉ss。

小贴士:需要bc计算器的支持,如果没安装的话debian安装命令为:sudo apt-get install bc    CENTOS安装命令:yum install bc      注意要在联网情况下

基本上上述操作做完之后就可以使用了,当然如果你想更详细的去自定义,我也摘抄了一份原作者的说明:

 

自定义ssserver的配置

打开文件ssmlt.template,添加相关选项。

请注意每个选项后必需有逗号(’,’)

默认选项为:

"server": "0.0.0.0",
"timeout": 60,
"method": "aes-256-cfb",

比如添加fastopen和worker选项后:

"server": "0.0.0.0",
"timeout": 60,
"method": "aes-256-cfb",
"fast_open": true,
"workers": 5,

修改之后,如果ssserver正在运行,请执行下面命令,重新加载文件并启动:

sudo ss-bash/ssadmin.sh soft_restart

修改流量统计间隔

默认的流量采样间隔为5分钟

流量间隔可根据实际需求调整,但最好不要太小,比如小于10秒

打开文件sslib.sh,修改INTERVEL的值,单位为秒。比如设置流量间隔为10分钟:

INTERVEL=600

修改ssserver文件位置

如果shadowsocks不是使用apt-get或者pip安装,无法自动找到ssserver文件时,请手动指定程序的具体位置。

打开文件sslib.sh,修改SSSERVER的值,比如ssserver的路径为/usr/local/bin/ssserver时,修改为

SSSERVER=/usr/local/bin/ssserver

文件夹中的相关文件

  • ssadmin.sh – 管理程序,所有命令通过该程序执行
  • sscounter.sh – 流量统计程序。由ssadmin.sh自动调用执行,注意:不要手动运行该程序
  • sslib.sh – 包含一些参数配置和流量统计函数。由ssadmin.sh自动调用执行,注意:不要手动运行该程序
  • ssmlt.template – ssserver的配置文件

程序运行后,会产生以下文件:

  • ssmlt.json – 根据用户列表和ssmlt.template生成的ssserver实际使用的配置文件
  • ssusers – 用户列表,包括端口、密码、流量限制参数。ssadmin.sh showpw 命令,显示该文件内容。
  • sstraffic – 用户流量使用情况,包括流量限制,已用流量,剩余流量等。ssadmin.sh show 命令,显示该文件内容。
  • traffic.log – 用户流量记录,供程序内部使用。
  • 其它文件 – .tmp、.lock、.pid等文件、文件夹tmp及其中文件为程序内部使用文件,请不要手动删除。

 

下面为帮助文件:

 

用法:
显示版本:
ssadmin.sh -v|v|version
显示帮助:
ssadmin.sh [-h|h|help]
启动ss:
ssadmin.sh start
停止ss:
ssadmin.sh stop
查看ss状态:
ssadmin.sh status
重启ss:
ssadmin.sh restart
软重启ss:
ssadmin.sh soft_restart
在不影响现有连接的情况下重启ss服务。用于ss服务参数修改,
和手动直接修改配置文件后,重启ss服务。
添加用户:
ssadmin.sh add port passwd limit
port:端口号, 0<port<=65535
passwd:密码, 不能有空格,引号等字符
limit:流量限制,可以用K/M/G/T、KB/MB/GB/TB等(不区
分大小写)。支持小数。比如10.5G、10.5GB等。
1KB=1024 bytes,以此类推。
示例: ssadmin.sh add 3333 abcde 10.5G
显示用户流量信息:
ssadmin.sh show port
显示所有用户流量信息:
ssadmin.sh show
显示用户密码信息:
ssadmin.sh showpw port
显示所有用户密码信息:
ssadmin.sh showpw
删除用户:
ssadmin.sh del port
修改用户:
ssadmin.sh change port passwd limit
修改用户密码:
ssadmin.sh cpw port passwd
修改用户流量限制:
ssadmin.sh clim port limit
修改所有用户流量限制:
ssadmin.sh change_all_limit limit
用户流量使用量置零:
ssadmin.sh rused limit
所有用户流量使用量置零:
ssadmin.sh reset_all_used
用户流量限制置零:
ssadmin.sh rlim port
全部用户流量限制置零:
ssadmin.sh reset_all_limit
显示已添加的iptables规则:

ssadmin.sh lrules

原文:http://ift.tt/1VRYZco




via 细节的力量 http://ift.tt/1VX5J93