Getting Started with Jangbi¤
Warning¤
- systemd plugin will remove many important packages for network. please consider network might disconnect. do not run it with remote connections.
Quick Installation¤
1. Install Prerequisites¤
# Install required tools
sudo apt install -y ipcalc-ng git patch
2. Clone Repository¤
Install in /opt folder where init system can find easily.
Use root accoutfor install and edit config files.
# Clone the Jangbi repository
git clone https://github.com/dure-one/jangbi.git /opt/jangbi
cd /opt/jangbi
3. Configure Your Device¤
# Copy gateway configuration template
cp .config.default .config
# Check your network interfaces
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.79.186/24 brd 192.168.79.255 scope global dynamic enx00e04c680686
valid_lft 37293sec preferred_lft 37293sec
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
# Edit configuration file
nano .config
# Example interface assignments for gateway mode:
JB_WANINF=eth0 # WAN interface (internet connection)
JB_WAN="dhcp"
JB_LANINF=eth1 # LAN interface (local network)
JB_LAN="192.168.79.1/24"
JB_WLANINF=wlan0 # WLAN interface (WiFi AP)
JB_WLAN="192.168.89.1/24"
4. Configure Plugins to run¤
# Edit configuration file
$ nano .config
# gateway apps
RUN_NET_HOSTAPD=1
RUN_NET_DNSMASQ=1
DNSMASQ_BLACKLIST_URLS="https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
RUN_NET_DNSCRYPTPROXY=1
RUN_NET_DARKSTAT=1
RUN_OS_REDIS=1
RUN_OS_MINMON=1
4. Run Installation¤
# Initialize and configure the system
$ ./init.sh
Using Jangbi-IT¤
Managing Services¤
Use the plugin system to control individual services:
# load jangbi-it
$ cd /opt/jangbi
$ source jangbi_it.sh
# Check service status
$ net-iptables check
$ net-dnsmasq check
# Install and configure services
$ net-iptables install
$ net-iptables configgen
$ net-iptables configapply
# Start services
$ net-iptables run
$ net-dnsmasq run
# Monitor services
$ net-darkstat run # Web interface at http://device-ip:666
Available Plugins¤
Network Plugins¤
net-darkstat- Network traffic monitoringnet-dnscryptproxy- Encrypted DNS proxynet-dnsmasq- DNS/DHCP servernet-hostapd- WiFi access pointnet-hysteria- Hysteria high-performance QUIC proxynet-ifupdown- Network Interface Managementnet-iptables- Firewall managementnet-knockd- Port knocking daemonnet-omnip- Omnip all-in-one QUIC proxynet-shoes- Shoes multi-protocol proxy servernet-sshd- SSH daemon hardeningnet-v2ray- V2Ray comprehensive proxy platformnet-xtables- Complex Firewall management
OS Plugins¤
os-aide- File integrity monitoringos-auditd- System auditingos-conf- System configurationos-minmon- Minimal monitoringos-redis- Redis in-memory data storeos-sysctl- Kernel parameter tuningos-systemd- Systemd service managementos-vector- Log management
All plugins follow a consistent command structure:
<plugin-name> <command>
# Common commands:
install # Install the service
uninstall # Remove the service
configgen # Generate configuration files
configapply # Apply configuration changes
check # Check service status
run # Start/restart the service
download # Download required packages
Configuration File Reference¤
$ cat .config.default
#!/usr/bin/env bash
## ** do not edit/delete this file **
FORCE_INSTALL=0
## bash-it log settings
BASH_IT_LOG_FILE="output.log"
# 0 - no log, 1 - fatal, 3 - error, 4 - warning, 5 - debug, 6 - info, 6 - all, 7 - trace,
BASH_IT_LOG_LEVEL=6
## device config
DIST_DEVICE="orangepi5-plus"
DIST_NAME="armbian_bookworm_aarch64"
## os config
RUN_OS_CONF=1
CONF_TIMEZONE="Asia/Seoul"
## if os system existing swap size is bigger than 1Gb, not replace existing one
CONF_SWAPSIZE="1G"
CONF_TIMESYNC="ntp" # ntp or http
DNS_UPSTREAM="1.1.1.1"
## host specific configurations
JB_DEPLOY_PATH="/opt/jangbi"
JB_USERID=test
JB_SSHPUBKEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+2j9surZtCoLqrUeFmTijdlXueL1iMLhGA8N5Fv1va1sUFfcC+U+6pl8uxI8kQr/m/Du9sMZD/bU1hmcy10sQmMx12vdyImJC8BEwwf/1HxZ/o/qD5N6ggiGji+t8sHE9rZX6OBYQnNUJdRmCpBNXaUyFMZdyJi8iKtuVuALLzRospczw93qed7a2nk1Fe8sLHwrOhmIqwebpQQg0sd1V8et/OvTlUoXlA26F2/+dfgsXqbp48jECJOxog1WlRkgViYB1oGRvpV5MWDXbKd9Ny2L+cRbD1H83XsawOvMz9RqT06zhQ2DwF+raCHWRJBDXWqyGL7rc7kBalMNIESc9b/5HdENG4kTUpF/3AUpNaUHHDk8TABcK9PxnOUsV17gT9+uMN8/8HLxzDfpfRzzX/HXv2crF41WNO1Dra9EOgn2q5CvalscwJK/5lKeKeyY06LNZwOn2HdlJDemTOut+6jPe4fr8Pej2107vzTWYmAEa2kQT1PBEetLqGhVJ9Us= root@com"
## 1 - enable systemd+netplan / 0 - disable completely(no syslog)+ifupdown / 2 - disable systemd except journald+ifupdown
## 0 - none+ifupdown
RUN_OS_SYSTEMD=0
SYSTEMD_REMOVERAREPKGS=1
SYSTEMD_LATEANACONSTART=1
JB_IFUPDOWN=
## 1- systemd+netplan
#RUN_OS_SYSTEMD=1
#SYSTEMD_REMOVERAREPKGS=1
#JB_NETPLAN=
## network interfaces
JB_WANINF="enP3p49s0"
## dhcp, 192.168.5.1/24(first ip of subnet become gw ip, 192.168.5.1)
JB_WAN="dhcp"
JB_WANGW=
JB_LANINF=
JB_LAN="192.168.79.1/24"
## LAN0-LAN9 :
JB_LAN1INF=
JB_LAN1="192.168.89.1/24"
JB_WLANINF=
JB_WLAN="192.168.100.1/24"
## 1 - ap, 2 - client
JB_WLAN_APMODE=1
JB_WLAN_SSID="durejangbi"
JB_WLAN_PASS="durejangbi"
# gateway/ client/ tunnelonly
JB_ROLE="gateway"
# os security
RUN_OS_SYSCTL=1
RUN_OS_KPARAMS=1
DISABLE_IPV6=1
ADDTO_RCLOCAL=1
# only kernel firmware tar.gz link allowed
RUN_OS_FIRMWARE=0
FIRMWARE_URL="https://kernel.googlesource.com/pub/scm/linux/kernel/git/firmware/linux-firmware.git/+archive/refs/heads/main.tar.gz"
SYSTEMD_REMOVERAREPKGS=1
RUN_OS_DISABLEBINS=1
OSLOCAL_SETTING=1
RUN_OS_REPOS=0
RUN_OS_AUDITD=1
RUN_OS_AIDE=1
# network apps
RUN_NET_KNOCKD=1
KNOCKD_STATIC_SSH="12345,54321,24680,13579"
RUN_NET_SSHD=1
SSHD_PORT="22"
SSHD_PORTS="LO:22"
SSHD_INFS="LAN,WLAN"
# iptables
RUN_NET_IPTABLES=1
IPTABLES_OVERRIDE=""
# arp rules
IPTABLES_IPTABLES_WHMACADDR="LAN-aa:bb:cc:dd:ee,WAN-ab:cd:be:c0:a1"
IPTABLES_GWMAC=1
IPTABLES_ARPALLINFS=1
# base rules
IPTABLES_ANTISPOOFING=1
IPTABLES_DROPCASTS=1
IPTABLES_DROPICMP=1
IPTABLES_ALLOWED_PORTS="10897,10898"
IPTABLES_NOISE_REDUCTION=1
IPTABLES_DROP_UPNP=1
IPTABLES_REJECT_AUTH=1
# net rules
IPTABLES_DROP_ICMP=1
IPTABLES_DROP_NON_SYN=1
IPTABLES_DROP_SPOOFING=1
IPTABLES_DROP_SPOOFING_TARINF="WAN"
IPTABLES_DROP_SPOOFING_NET="224.0.0.0/3,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,10.0.0.0/8,0.0.0.0/8,240.0.0.0/5,127.0.0.0/8"
IPTABLES_LIMIT_MSS=1
IPTABLES_INVALID_TCPFLAG=1
IPTABLES_BLACK_NAMELIST="https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt"
# host rules
# masquerade inside to outside ex) LAN<WAN|WLAN<WAN
IPTABLES_MASQ="LAN<WAN,LAN1<WAN"
IPTABLES_PORTFORWARD="8090:192.168.79.11:8090,8010:192.168.79.12:8010"
IPTABLES_DMZ="192.168.79.10"
IPTABLES_SUPERDMZ=1
# xtables
RUN_NET_XTABLES=1
XTABLES_OVERRIDE=""
XTABLES_CONNLIMIT_PER_IP="100"
XTABLES_DROP_INVALID_STATE=1
XTABLES_DROP_NON_SYN=1
XTABLES_LIMIT_MSS=1
XTABLES_GUARD_OVERLOAD=1
XTABLES_INVALID_TCPFLAG=1
XTABLES_GUARD_PORT_SCANNER=1
XTABLES_CHAOS_PORTS="22,23,80,443"
XTABLES_DELUDE_PORTS="21,25,53,110,143,993,995"
XTABLES_PKNOCK_PORTS="3001,3002,3003"
XTABLES_PKNOCK_RULENAME="example"
XTABLES_PKNOCK_OPENSECRET="foo"
XTABLES_PKNOCK_CLOSESECRET="bar"
XTABLES_PKNOCK_TARGET_PORTS="22,80,443"
# gateway apps
RUN_NET_HOSTAPD=1
RUN_NET_DNSMASQ=1
DNSMASQ_BLACKLIST_URLS="https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
RUN_NET_DNSCRYPTPROXY=1
DNSCRYPTPROXY_PORTS="LO:53"
RUN_NET_DARKSTAT=1
DARKSTAT_PORTS="LO:19283"
RUN_OS_REDIS=0
REDIS_PORTS="LO:6379"
RUN_OS_MINMON=1
RUN_NET_HYSTERIA=1
RUN_NET_V2RAY=1
RUN_NET_OMNIP=1
OMNIP_PORTS="LO:53"
RUN_NET_SHOES=1
Warning: This software is still in development. Use with caution in production environments and always test in a lab environment first.