https://git.useribm.hu / user-lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 585bca0)
Updated ifg.in (started implementing ipv6).
authorZoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Wed, 14 Apr 2021 20:02:24 +0000 (22:02 +0200)
committerZoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Wed, 14 Apr 2021 20:02:24 +0000 (22:02 +0200)
sources/ifg.in/firstboot/10_setupnftables.sh patch | blob | history
sources/ifg.in/firstboot/nftables.config patch | blob | history
sources/ifg.in/postinstall/install/etc/radvd.conf [new file with mode: 0644] patch | blob
sources/ifg.in/postinstall/install/etc/resolv.conf [deleted file] patch | blob | history
sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf patch | blob | history

diff --git a/sources/ifg.in/firstboot/10_setupnftables.sh b/sources/ifg.in/firstboot/10_setupnftables.sh
index a522aaf97873152bad51a8b62d379c9be660927f..714ff6b11582fe49eee33d0847886e21c83440f7 100755 (executable)
--- a/sources/ifg.in/firstboot/10_setupnftables.sh
+++ b/sources/ifg.in/firstboot/10_setupnftables.sh
@@ -4,14 +4,8 @@
 REAL_PATH=$(realpath $(dirname $0))
 
 
-nft list ruleset | grep ^table | sed 's/ {$//' | while read TABLE_SPEC
-do
-    nft flush $TABLE_SPEC
-    nft delete $TABLE_SPEC
-done
-
+nft flush ruleset
 nft --echo --file $REAL_PATH/nftables.config
-nft list ruleset >/etc/nftables/ifg.nft
-nft list ruleset
+nft list ruleset | tee /etc/nftables/ifg.nft
 
 systemctl enable nftables.service
diff --git a/sources/ifg.in/firstboot/nftables.config b/sources/ifg.in/firstboot/nftables.config
index d7709799850b2fcc51266c72bd64e1be8935c9ff..3b994d1db1ab5d964698f4d0c788298a916245e4 100644 (file)
--- a/sources/ifg.in/firstboot/nftables.config
+++ b/sources/ifg.in/firstboot/nftables.config
@@ -154,6 +154,9 @@ add rule inet ifg_filter input \
 add rule inet ifg_filter input \
     ip protocol icmp \
     counter accept comment "ICMP"
+add rule inet ifg_filter input \
+    ip protocol icmpv6 \
+    counter accept comment "ICMP"
 
 add rule inet ifg_filter input \
     ip protocol gre \
@@ -259,6 +262,9 @@ add rule inet ifg_filter forward \
 add rule inet ifg_filter forward \
     ip protocol icmp \
     counter accept comment "ICMP"
+add rule inet ifg_filter forward \
+    ip protocol icmpv6 \
+    counter accept comment "ICMP"
 
 add rule inet ifg_filter forward \
     counter log prefix "FORWARD"
@@ -278,6 +284,9 @@ add rule inet ifg_filter output \
 add rule inet ifg_filter output \
     ip protocol icmp \
     counter accept comment "ICMP"
+add rule inet ifg_filter output \
+    ip protocol icmpv6 \
+    counter accept comment "ICMP"
 
 add rule inet ifg_filter output \
     counter log prefix "OUTPUT"
diff --git a/sources/ifg.in/postinstall/install/etc/radvd.conf b/sources/ifg.in/postinstall/install/etc/radvd.conf
new file mode 100644 (file)
index 0000000..cee6da6
--- /dev/null
+++ b/sources/ifg.in/postinstall/install/etc/radvd.conf
@@ -0,0 +1,10 @@
+interface eth0
+{
+        AdvSendAdvert on;
+
+        prefix 2a02:d400:0000:f268::/64
+        {
+                AdvOnLink on;
+                AdvAutonomous on;
+        };
+};
diff --git a/sources/ifg.in/postinstall/install/etc/resolv.conf b/sources/ifg.in/postinstall/install/etc/resolv.conf
deleted file mode 100644 (file)
index 656e3f2..0000000
--- a/sources/ifg.in/postinstall/install/etc/resolv.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-nameserver 10.228.109.253
-nameserver 10.228.109.104
-domain usr.user.hu
-search usr.user.hu
diff --git a/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf b/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
index 05b3f7897011b1afee3d8035012e3b4f6ae66062..5334abcc8e49384222920b0f5d3c4b81d7cbfef7 100644 (file)
--- a/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
+++ b/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
@@ -1 +1,2 @@
 net.ipv4.conf.all.forwarding = 1
+net.ipv6.conf.all.forwarding = 1
user-lxc repository