Solid-State Society

Tag: Aliyun

  • Remove Aliyun Aegis (`aliyundun`) and `aliyun-service`

    cd /tmp/
wget http://update.aegis.aliyun.com/download/uninstall.sh
chmod +x uninstall.sh
./uninstall.sh

wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
chmod +x quartz_uninstall.sh
./quartz_uninstall.sh

    Remove leftovers

    pkill aliyun-service
systemctl disable aliyun
rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service
rm -rf /usr/local/aegis
rm /usr/sbin/aliyun-service
rm /usr/sbin/aliyun-service.backup
rm /usr/sbin/aliyun_installer
rm /etc/systemd/system/aliyun.service
rm /lib/systemd/system/aliyun.service

    Block aliyundun IPs (IP update list from Aliyun)

    iptables -I INPUT -s 140.205.201.0/28 -j DROP
iptables -I INPUT -s 140.205.201.16/29 -j DROP
iptables -I INPUT -s 140.205.201.32/28 -j DROP
iptables -I INPUT -s 140.205.225.192/29 -j DROP
iptables -I INPUT -s 140.205.225.200/30 -j DROP
iptables -I INPUT -s 140.205.225.184/29 -j DROP
iptables -I INPUT -s 140.205.225.183/32 -j DROP
iptables -I INPUT -s 140.205.225.206/32 -j DROP
iptables -I INPUT -s 140.205.225.205/32 -j DROP
iptables -I INPUT -s 140.205.225.195/32 -j DROP
iptables -I INPUT -s 140.205.225.204/32 -j DROP
iptables -I INPUT -s 106.11.224.0/26 -j DROP
iptables -I INPUT -s 106.11.224.64/26 -j DROP
iptables -I INPUT -s 106.11.224.128/26 -j DROP
iptables -I INPUT -s 106.11.224.192/26 -j DROP
iptables -I INPUT -s 106.11.222.64/26 -j DROP
iptables -I INPUT -s 106.11.222.128/26 -j DROP
iptables -I INPUT -s 106.11.222.192/26 -j DROP
iptables -I INPUT -s 106.11.223.0/26 -j DROP

    firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.201.0/28' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.201.16/29' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.201.32/28' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.225.192/29' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.225.200/30' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.225.184/29' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.225.183/32' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.225.206/32' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.225.205/32' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.225.195/32' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='140.205.225.204/32' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='106.11.224.0/26' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='106.11.224.64/26' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='106.11.224.128/26' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='106.11.224.192/26' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='106.11.222.64/26' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='106.11.222.128/26' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='106.11.222.192/26' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='106.11.223.0/26' reject"

  • Enable IPv6 Tunnel Broker on Aliyun CentOS 7

    In /etc/modprobe.d/disable_ipv6.conf:

    alias net-pf-10 off
#alias ipv6 off
options ipv6 disable=0

    In /etc/sysctl.conf:

    net.ipv6.conf.all.disable_ipv6=0
net.ipv6.conf.default.disable_ipv6=0
net.ipv6.conf.lo.disable_ipv6=0

    Then run sysctl -p to take effect.

    Then in Example Configurations under HE.net Tunnel Details page, in the dropdown menu select Linux-route2, copy all the commands and paste into your server:

    modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 1.2.3.4 local 5.6.7.8 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:18:d18::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

    Test the tunnel:

    ping6 irc6.oftc.net