Added efg.pm (cvm -> vhost migration, Fedora 31 upgrade).

diff --git a/sources/efg.pm/config b/sources/efg.pm/config
new file mode 100644 (file)
index 0000000..75be1c8
--- /dev/null
+++ b/sources/efg.pm/config
@@ -0,0 +1,23 @@
+lxc.include = /usr/share/lxc/config/common.conf
+
+lxc.arch = x86_64
+lxc.uts.name = efg.pm.user.hu
+lxc.rootfs.path = __CONTAINER_PATH__/rootfs
+lxc.mount.auto = proc:rw sys:ro
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.link = brh-dev
+lxc.net.0.hwaddr = 02:0c:18:03:ad:fe
+
+lxc.net.1.type = phys
+lxc.net.1.flags = up
+lxc.net.1.link = bonde-dev
+
+lxc.autodev = 1
+
+lxc.signal.halt = SIGRTMIN+4
+
+lxc.start.auto = 1
+lxc.start.order = 1
+lxc.start.delay = 3

diff --git a/sources/efg.pm/envvars b/sources/efg.pm/envvars
new file mode 100644 (file)
index 0000000..5eb2281
--- /dev/null
+++ b/sources/efg.pm/envvars
@@ -0,0 +1,4 @@
+DISTRIBUTION=Fedora
+DISTRIBUTION_VERSION=31
+BASE_PACKAGES="NetworkManager hostname initscripts iproute iputils logrotate rootfiles rsyslog tar vim-minimal"
+SPEC_PACKAGES="ethtool nftables radvd tcpdump"

diff --git a/sources/efg.pm/firstboot/01_setupnetworking.sh b/sources/efg.pm/firstboot/01_setupnetworking.sh
new file mode 100755 (executable)
index 0000000..2c140ad
--- /dev/null
+++ b/sources/efg.pm/firstboot/01_setupnetworking.sh
@@ -0,0 +1,66 @@
+#!/bin/sh
+set -x
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active NetworkManager.service
+    NM_RC=$?
+done
+[ $WAITED -eq 1 ] && echo
+
+CONNECTION_DEVICES_UP=$(nmcli --terse connection show | grep -v ':$' | wc -l)
+#while [ $CONNECTION_DEVICES_UP -lt 2 ]
+while [ $CONNECTION_DEVICES_UP -lt 1 ]
+do
+    sleep 1
+    nmcli --terse connection show
+    CONNECTION_DEVICES_UP=$(nmcli --terse connection show | grep -v ':$' | wc -l)
+done
+
+EXTERNAL_DEVICE=efg
+PERIMETER_DEVICE=eth0
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+while [ $CONNECTIONS -gt 0 ]
+do
+    CONNECTION_LINE=$(nmcli --terse connection show | head -n 1)
+    CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+    nmcli connection delete uuid "$CONNECTION_UUID"
+    CONNECTIONS=$(nmcli --terse connection show | wc -l)
+done
+
+nmcli connection show
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id perimeter \
+    connection.interface-name $PERIMETER_DEVICE \
+    connection.type 802-3-ethernet \
+    ipv4.addresses "192.168.173.254/24" \
+    ipv4.dns "192.168.173.174" \
+    ipv4.dns-search "pm.user.hu" \
+    ipv4.method "manual" \
+    ipv4.routes "10.228.0.0/16 192.168.173.1, 192.168.42.0/24 192.168.173.1, 192.168.43.0/24 192.168.173.1" \
+    save yes
+
+nmcli connection show
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id dynamic \
+    connection.interface-name $EXTERNAL_DEVICE \
+    connection.type 802-3-ethernet \
+    ipv4.addresses "192.168.65.1/24, 194.149.40.146/28, 194.149.40.147/28, 194.149.40.148/28, 194.149.40.149/28, 194.149.40.150/28" \
+    ipv4.gateway "194.149.40.145" \
+    ipv4.method "manual" \
+    save yes
+
+nmcli connection show

diff --git a/sources/efg.pm/firstboot/02_settimezone.sh b/sources/efg.pm/firstboot/02_settimezone.sh
new file mode 100755 (executable)
index 0000000..20b2a71
--- /dev/null
+++ b/sources/efg.pm/firstboot/02_settimezone.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+    if [ $WAITED -eq 0 ]
+    then
+        echo -n "Waiting for dbus.service"
+    fi
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active dbus.service
+    DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest

diff --git a/sources/efg.pm/firstboot/10_setupnftables.sh b/sources/efg.pm/firstboot/10_setupnftables.sh
new file mode 100755 (executable)
index 0000000..fd180f1
--- /dev/null
+++ b/sources/efg.pm/firstboot/10_setupnftables.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+
+REAL_PATH=$(realpath $(dirname $0))
+
+
+nft list ruleset
+nft list ruleset | grep ^table | sed 's/ {$//' | while read TABLE_SPEC
+do
+    nft flush $TABLE_SPEC
+    nft delete $TABLE_SPEC
+done
+
+nft --echo --file $REAL_PATH/nftables.config
+nft list ruleset >/etc/nftables/efg.nft
+
+systemctl enable nftables.service

diff --git a/sources/efg.pm/firstboot/99_cleanup.sh b/sources/efg.pm/firstboot/99_cleanup.sh
new file mode 100755 (executable)
index 0000000..b87f2f4
--- /dev/null
+++ b/sources/efg.pm/firstboot/99_cleanup.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH

diff --git a/sources/efg.pm/firstboot/nftables.config b/sources/efg.pm/firstboot/nftables.config
new file mode 100644 (file)
index 0000000..99353c1
--- /dev/null
+++ b/sources/efg.pm/firstboot/nftables.config
@@ -0,0 +1,328 @@
+#!/usr/sbin/nft -f
+
+
+################################
+# interface definitions
+################################
+
+# external interface
+define EXTERNAL_IF = efg
+
+# loopback interface
+define LOOPBACK_IF = lo
+
+# perimeter interface
+define PERIMETER_IF = eth0
+
+################################
+# address definitions
+################################
+
+# loopback address
+define LOOPBACK_IP = 127.0.0.1
+
+# public addresses
+define PUBLIC_EFG_IP       = 194.149.40.146
+define PUBLIC_MX_IP        = 194.149.40.147
+define PUBLIC_NS_IP        = 194.149.40.148
+define PUBLIC_VPN_IP       = 194.149.40.149
+define PUBLIC_WS_IP        = 194.149.40.150
+define PUBLIC_MINECRAFT_IP = 194.149.40.151
+define PUBLIC_IP_152       = 194.149.40.152
+define PUBLIC_IP_153       = 194.149.40.153
+define PUBLIC_IP_154       = 194.149.40.154
+define PUBLIC_IP_155       = 194.149.40.155
+define PUBLIC_IP_156       = 194.149.40.156
+define PUBLIC_IP_157       = 194.149.40.157
+define PUBLIC_DL380E_IP    = 194.149.40.158
+
+# efg address (perimeter network)
+define EFG_PERIMETER_IP = 192.168.173.254
+
+# transfer web server address (perimeter network)
+define XFR_PERIMETER_IP = 192.168.173.251
+
+# web server address (perimeter network)
+define WS_PERIMETER_IP = 192.168.173.249
+
+# perimeter name server address (perimeter network)
+define PNS_PERIMETER_IP = 192.168.173.174
+
+# external name server address (perimeter network)
+define ENS_PERIMETER_IP = 192.168.173.64
+
+# ifg address (perimeter network)
+define IFG_PERIMETER_IP = 192.168.173.1
+
+# dvredmine address (internal network)
+define DVREDMINE_INTERNAL_IP = 10.228.62.193
+
+# minicrm address (internal network)
+define MINICRM_INTERNAL_IP = 10.228.109.133
+
+# store address (internal network)
+define STORE_INTERNAL_IP = 10.228.109.250
+
+# service address (internal network)
+define SVC_INTERNAL_IP = 10.228.109.253
+
+# vpn address (internal network)
+define VPN_INTERNAL_IP = 10.228.109.236
+
+# primary name server address (internal network)
+define PNS_INTERNAL_IP = 10.228.109.174
+
+# internal name server address (internal network)
+define INS_INTERNAL_IP = 10.228.109.104
+
+# worksheet address (internal network)
+define WORKSHEET_SR_IP = 192.168.42.248
+
+################################
+# network definitions
+################################
+
+# internal networks
+define USR_NET = 10.228.0.0/16
+define SR_NET = 192.168.42.0/24
+define IN_NET = 192.168.43.0/24
+define INTERNAL_NETS = { $USR_NET, $SR_NET, $IN_NET }
+
+# perimeter network
+define PERIMETER_NET = 192.168.173.0/24
+
+# vpn client network
+define VPN_NET = 172.16.223.0/24
+
+# peep-bo network
+define PEEP_BO_NET = 10.162.104.0/24
+
+################################
+# port definitions
+################################
+
+#define MX_PORTS = { 25, 110, 143, 465, 587, 993, 995 }
+define WS_PORTS = { 80, 443 }
+
+
+################################
+# reset nftables
+################################
+
+create table inet efg_filter
+create table ip efg_nat
+
+create chain inet efg_filter input { type filter hook input priority 0; policy drop; }
+create chain inet efg_filter forward { type filter hook forward priority 0; policy drop; }
+create chain inet efg_filter output { type filter hook output priority 0; policy drop; }
+create chain ip efg_nat prerouting { type nat hook prerouting priority 0; policy accept; }
+create chain ip efg_nat postrouting { type nat hook postrouting priority 0; policy accept; }
+
+
+################################
+# NAT prerouting rules
+################################
+
+add rule ip efg_nat prerouting \
+    ip protocol udp \
+    iifname $EXTERNAL_IF \
+    ip daddr $PUBLIC_VPN_IP udp dport 1194 \
+    counter dnat $VPN_INTERNAL_IP comment "Incoming VPN traffic"
+
+#add rule ip efg_nat prerouting \
+#    ip protocol tcp \
+#    iifname $EXTERNAL_IF \
+#    ip daddr $PUBLIC_MX_IP tcp dport $MX_PORTS \
+#    counter dnat $MX_PERIMETER_IP comment "Incoming MX traffic"
+
+add rule ip efg_nat prerouting \
+    ip protocol udp \
+    iifname $EXTERNAL_IF udp sport 1024-65535 \
+    ip daddr $PUBLIC_NS_IP udp dport 53 \
+    counter dnat $ENS_PERIMETER_IP comment "Incoming DNS requests (udp)"
+
+add rule ip efg_nat prerouting \
+    ip protocol tcp \
+    iifname $EXTERNAL_IF tcp sport 1024-65535 \
+    ip daddr $PUBLIC_NS_IP tcp dport 53 \
+    counter dnat $ENS_PERIMETER_IP comment "Incoming DNS requests (tcp)"
+
+add rule ip efg_nat prerouting \
+    ip protocol tcp \
+    iifname $EXTERNAL_IF tcp sport 1024-65535 \
+    ip daddr $PUBLIC_WS_IP tcp dport $WS_PORTS \
+    counter dnat $WS_PERIMETER_IP comment "Incoming http(s) requests"
+
+
+################################
+# FILTER input rules
+################################
+
+add rule inet efg_filter input \
+    ct state established \
+    ip protocol udp \
+    iifname $PERIMETER_IF ip saddr $PNS_PERIMETER_IP udp sport 53 \
+    ip daddr $EFG_PERIMETER_IP udp dport 1024-65535 \
+    counter accept comment "DNS replies"
+
+add rule inet efg_filter input \
+    ip protocol icmp \
+    counter accept comment "ICMP"
+
+add rule inet efg_filter input \
+    counter log prefix "INPUT"
+
+
+################################
+# FILTER forward rules
+################################
+
+add rule inet efg_filter forward \
+    ct state established, related \
+    iifname $EXTERNAL_IF \
+    oifname $PERIMETER_IF ip daddr $INTERNAL_NETS \
+    counter accept comment "Established sessions"
+
+add rule inet efg_filter forward \
+    iifname $PERIMETER_IF ip saddr $INTERNAL_NETS \
+    oifname $EXTERNAL_IF \
+    counter accept comment "Internet access"
+
+add rule inet efg_filter forward \
+    ip protocol udp \
+    iifname $EXTERNAL_IF \
+    oifname $PERIMETER_IF ip daddr $VPN_INTERNAL_IP udp dport 1194 \
+    counter accept comment "Incoming VPN traffic"
+
+add rule inet efg_filter forward \
+    ip protocol tcp \
+    iifname $EXTERNAL_IF tcp sport 1024-65535 \
+    oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IP tcp dport $WS_PORTS \
+    counter accept comment "Incoming http(s) requests"
+
+add rule inet efg_filter forward \
+    ct state established \
+    ip protocol tcp \
+    iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IP tcp sport $WS_PORTS \
+    oifname $EXTERNAL_IF tcp dport 1024-65535 \
+    counter accept comment "Outgoing http(s) replies"
+
+add rule inet efg_filter forward \
+    ip protocol udp \
+    iifname $EXTERNAL_IF udp sport 1024-65535 \
+    oifname $PERIMETER_IF ip daddr $ENS_PERIMETER_IP udp dport 53 \
+    counter accept comment "Incoming DNS requests/notifications (udp)"
+
+add rule inet efg_filter forward \
+    ct state established, related \
+    ip protocol udp \
+    iifname $PERIMETER_IF ip saddr $ENS_PERIMETER_IP udp sport 53 \
+    oifname $EXTERNAL_IF udp dport 1024-65535 \
+    counter accept comment "Outgoing DNS replies (udp)"
+
+add rule inet efg_filter forward \
+    ip protocol tcp \
+    iifname $EXTERNAL_IF tcp sport 1024-65535 \
+    oifname $PERIMETER_IF ip daddr $ENS_PERIMETER_IP tcp dport 53 \
+    counter accept comment "Incoming DNS requests (tcp)"
+
+add rule inet efg_filter forward \
+    ct state established, related \
+    ip protocol tcp \
+    iifname $PERIMETER_IF ip saddr $ENS_PERIMETER_IP tcp sport 53 \
+    oifname $EXTERNAL_IF tcp dport 1024-65535 \
+    counter accept comment "Outgoing DNS replies (tcp)"
+
+add rule inet efg_filter forward \
+    ip protocol udp \
+    iifname $PERIMETER_IF ip saddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } udp sport 1024-65535 \
+    oifname $EXTERNAL_IF udp dport 53 \
+    counter accept comment "Outgoing DNS requests/notifications (udp)"
+
+add rule inet efg_filter forward \
+    ct state established, related \
+    ip protocol udp \
+    iifname $EXTERNAL_IF udp sport 53 \
+    oifname $PERIMETER_IF ip daddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } udp dport 1024-65535 \
+    counter accept comment "Incoming DNS replies (udp)"
+
+add rule inet efg_filter forward \
+    ip protocol tcp \
+    iifname $PERIMETER_IF ip saddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } tcp sport 1024-65535 \
+    oifname $EXTERNAL_IF tcp dport 53 \
+    counter accept comment "Outgoing DNS requests (tcp)"
+
+add rule inet efg_filter forward \
+    ct state established, related \
+    ip protocol tcp \
+    iifname $EXTERNAL_IF tcp sport 53 \
+    oifname $PERIMETER_IF ip daddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } tcp dport 1024-65535 \
+    counter accept comment "Incoming DNS replies (tcp)"
+
+add rule inet efg_filter forward \
+    ip protocol tcp \
+    iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IP tcp sport 1024-65535 \
+    oifname $EXTERNAL_IF tcp dport $WS_PORTS \
+    counter accept comment "Outgoing let's encrypt requests"
+
+add rule inet efg_filter forward \
+    ct state established \
+    ip protocol tcp \
+    iifname $EXTERNAL_IF tcp sport $WS_PORTS \
+    oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IP tcp dport 1024-65535 \
+    counter accept comment "Incoming let's encrypt replies"
+
+add rule inet efg_filter forward \
+    ip protocol icmp \
+    counter accept comment "ICMP"
+
+add rule inet efg_filter forward \
+    counter log prefix "FORWARD"
+
+
+################################
+# FILTER output rules
+################################
+
+add rule inet efg_filter output \
+    ct state new \
+    ip protocol udp \
+    ip saddr $EFG_PERIMETER_IP udp sport 1024-65535 \
+    oifname $PERIMETER_IF ip daddr $PNS_PERIMETER_IP udp dport 53 \
+    counter accept comment "DNS requests"
+
+add rule inet efg_filter output \
+    ip protocol icmp \
+    counter accept comment "ICMP"
+
+add rule inet efg_filter output \
+    counter log prefix "OUTPUT"
+
+
+################################
+# NAT postrouting rules
+################################
+
+add rule ip efg_nat postrouting \
+    oifname $EXTERNAL_IF ip saddr $VPN_INTERNAL_IP \
+    counter snat $PUBLIC_VPN_IP comment "Outgoing VPN traffic"
+
+add rule ip efg_nat postrouting \
+    oifname $EXTERNAL_IF ip saddr $INTERNAL_NETS \
+    counter snat $PUBLIC_EFG_IP comment "Outgoing internal traffic"
+
+#add rule ip efg_nat postrouting \
+#    oifname $EXTERNAL_IF ip saddr $MX_PERIMETER_IP \
+#    counter snat $PUBLIC_MX_IP comment "Outgoing MX traffic"
+
+add rule ip efg_nat postrouting \
+    oifname $EXTERNAL_IF ip saddr $ENS_PERIMETER_IP \
+    counter snat $PUBLIC_NS_IP comment "Outgoing external DNS traffic"
+
+add rule ip efg_nat postrouting \
+    oifname $EXTERNAL_IF ip saddr $PNS_PERIMETER_IP \
+    counter snat $PUBLIC_EFG_IP comment "Outgoing perimeter DNS traffic"
+
+add rule ip efg_nat postrouting \
+    oifname $EXTERNAL_IF ip saddr $WS_PERIMETER_IP \
+    counter snat $PUBLIC_WS_IP comment "Outgoing WS traffic"

diff --git a/sources/efg.pm/firstboot/traversal.txt b/sources/efg.pm/firstboot/traversal.txt
new file mode 100644 (file)
index 0000000..97ebf2d
--- /dev/null
+++ b/sources/efg.pm/firstboot/traversal.txt
@@ -0,0 +1,53 @@
+###############################
+ chain traversal
+ for all tables
+###############################
+
+                   NETWORK
+                      |
+                ______v_____
+               /    raw     \
+               | PREROUTING |
+               \____________/
+                      |
+  ________      ______v_____
+ / mangle \    /   mangle   \
+ | INPUT  |<-  | PREROUTING |
+ \________/  | \____________/
+      |      |        |
+  ____v___   |  ______v_____
+ / filter \  | /    nat     \
+ | INPUT  |  | | PREROUTING |
+ \________/  | \____________/
+      |      |        |
+  ____v____  |    ____v___
+ |         | |   /        \
+ |  local  | |__/ routing  \__________
+ | process |    \ decision /          |
+ |_________|     \________/       ____v____
+      |                          / mangle  \
+   ___v____                      | FORWARD |
+  /        \                     \_________/
+ / routing  \                         |
+ \ decision /                     ____v____
+  \________/                     / filter  \
+      |                          | FORWARD |
+  ____v___        ________       \_________/
+ /  raw   \      /        \           |
+ | OUTPUT |     / routing  \          |
+ \________/   ->\ decision /<---------
+      |      |   \________/
+  ____v___   |        |
+ / mangle \  |  ______v______
+ | OUTPUT |  | /   mangle    \
+ \________/  | | POSTROUTING |
+      |      | \_____________/
+  ____v___   |        |
+ /  nat   \  |  ______v______
+ | OUTPUT |  | /     nat     \
+ \________/  | | POSTROUTING |
+      |      | \_____________/
+  ____v___   |        |
+ / filter \  |        v
+ | OUTPUT |--      NETWORK
+ \________/

diff --git a/sources/efg.pm/postinstall/01_setownership.sh b/sources/efg.pm/postinstall/01_setownership.sh
new file mode 100755 (executable)
index 0000000..f2e6b94
--- /dev/null
+++ b/sources/efg.pm/postinstall/01_setownership.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install
+
+chown -R root.root $SOURCE_PATH/*

diff --git a/sources/efg.pm/postinstall/02_setpermissions.sh b/sources/efg.pm/postinstall/02_setpermissions.sh
new file mode 100755 (executable)
index 0000000..241386a
--- /dev/null
+++ b/sources/efg.pm/postinstall/02_setpermissions.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install

diff --git a/sources/efg.pm/postinstall/03_installfiles.sh b/sources/efg.pm/postinstall/03_installfiles.sh
new file mode 100755 (executable)
index 0000000..f190caf
--- /dev/null
+++ b/sources/efg.pm/postinstall/03_installfiles.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+tar --create \
+    --directory=$REAL_PATH \
+    --to-stdout \
+    install \
+    | tar --extract \
+          --backup \
+          --directory=/ \
+          --no-overwrite-dir \
+          --strip-components=1 \
+          --suffix=.orig

diff --git a/sources/efg.pm/postinstall/10_setupservices.sh b/sources/efg.pm/postinstall/10_setupservices.sh
new file mode 100755 (executable)
index 0000000..69dd107
--- /dev/null
+++ b/sources/efg.pm/postinstall/10_setupservices.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+systemctl enable NetworkManager-wait-online.service
+
+systemctl mask wpa_supplicant.service

diff --git a/sources/efg.pm/postinstall/99_cleanup.sh b/sources/efg.pm/postinstall/99_cleanup.sh
new file mode 100755 (executable)
index 0000000..b87f2f4
--- /dev/null
+++ b/sources/efg.pm/postinstall/99_cleanup.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH

diff --git a/sources/efg.pm/postinstall/install/etc/hosts b/sources/efg.pm/postinstall/install/etc/hosts
new file mode 100644 (file)
index 0000000..278fb43
--- /dev/null
+++ b/sources/efg.pm/postinstall/install/etc/hosts
@@ -0,0 +1,4 @@
+127.0.0.1      localhost.localdomain localhost localhost4.localdomain4 localhost4
+::1            localhost6.localdomain6 localhost6
+
+192.168.173.254        efg.pm.user.hu efg

diff --git a/sources/efg.pm/postinstall/install/etc/resolv.conf b/sources/efg.pm/postinstall/install/etc/resolv.conf
new file mode 100644 (file)
index 0000000..1a69e03
--- /dev/null
+++ b/sources/efg.pm/postinstall/install/etc/resolv.conf
@@ -0,0 +1,3 @@
+nameserver 192.168.173.174
+domain pm.user.hu
+search pm.user.hu

diff --git a/sources/efg.pm/postinstall/install/etc/sysconfig/nftables.conf b/sources/efg.pm/postinstall/install/etc/sysconfig/nftables.conf
new file mode 100644 (file)
index 0000000..0c461d7
--- /dev/null
+++ b/sources/efg.pm/postinstall/install/etc/sysconfig/nftables.conf
@@ -0,0 +1 @@
+include "/etc/nftables/efg.nft"

diff --git a/sources/efg.pm/postinstall/install/etc/sysctl.d/01_ipforward.conf b/sources/efg.pm/postinstall/install/etc/sysctl.d/01_ipforward.conf
new file mode 100644 (file)
index 0000000..05b3f78
--- /dev/null
+++ b/sources/efg.pm/postinstall/install/etc/sysctl.d/01_ipforward.conf
@@ -0,0 +1 @@
+net.ipv4.conf.all.forwarding = 1