Updated ifg.in (continued implementing ipv6).

diff --git a/sources/ifg.in/firstboot/01_setupnetworking.sh b/sources/ifg.in/firstboot/01_setupnetworking.sh
index eddec6abdca701ab06e5673afcad9fffd2329246..a969a48dfcd23c12e9879329eafae5bda2b1edf8 100755 (executable)
--- a/sources/ifg.in/firstboot/01_setupnetworking.sh
+++ b/sources/ifg.in/firstboot/01_setupnetworking.sh
@@ -52,7 +52,10 @@ nmcli connection add \
     ipv4.dns-search "in.useribm.hu" \
     ipv4.method "manual" \
     ipv4.routes "172.16.223.0/24 10.228.109.236, 10.162.104.0/24 10.228.109.236" \
-    ipv6.method "auto" \
+    ipv6.addresses "2a02:d400:0000:f268:000c:18ff:fe03:6dfe/64" \
+    ipv6.dns "2a02:d400:0000:f268:000c:18ff:fe03:6d68, 2a02:d400:0000:f268:000c:18ff:fe03:6dfd" \
+    ipv6.dns-search "in.useribm.hu" \
+    ipv6.method "manual" \
     save yes
 
 nmcli connection add \
@@ -63,7 +66,9 @@ nmcli connection add \
     ipv4.addresses "192.168.173.1/24" \
     ipv4.gateway "192.168.173.254" \
     ipv4.method "manual" \
-    ipv6.method "auto" \
+    ipv6.addresses "2a02:d400:0000:f2ad:000c:18ff:fe03:ad01/64" \
+    ipv6.gateway "2a02:d400:0000:f2ad:000c:18ff:fe03:adfe" \
+    ipv6.method "manual" \
     save yes
 
 nmcli connection show

diff --git a/sources/ifg.in/firstboot/nftables.config b/sources/ifg.in/firstboot/nftables.config
index 3b994d1db1ab5d964698f4d0c788298a916245e4..c02de0a97954d3a296c0825e49de73e0b83d52a1 100644 (file)
--- a/sources/ifg.in/firstboot/nftables.config
+++ b/sources/ifg.in/firstboot/nftables.config
@@ -155,8 +155,22 @@ add rule inet ifg_filter input \
     ip protocol icmp \
     counter accept comment "ICMP"
 add rule inet ifg_filter input \
-    ip protocol icmpv6 \
-    counter accept comment "ICMP"
+    icmpv6 type { destination-unreachable, \
+                  echo-reply, \
+                  echo-request, \
+                  mld-listener-done, \
+                  mld-listener-query, \
+                  mld-listener-report, \
+                  nd-redirect, \
+                  nd-router-solicit, \
+                  nd-router-advert, \
+                  nd-neighbor-solicit, \
+                  nd-neighbor-advert, \
+                  packet-too-big, \
+                  parameter-problem, \
+                  router-renumbering, \
+                  time-exceeded } \
+    counter accept comment "ICMPv6"
 
 add rule inet ifg_filter input \
     ip protocol gre \
@@ -263,8 +277,22 @@ add rule inet ifg_filter forward \
     ip protocol icmp \
     counter accept comment "ICMP"
 add rule inet ifg_filter forward \
-    ip protocol icmpv6 \
-    counter accept comment "ICMP"
+    icmpv6 type { destination-unreachable, \
+                  echo-reply, \
+                  echo-request, \
+                  mld-listener-done, \
+                  mld-listener-query, \
+                  mld-listener-report, \
+                  nd-redirect, \
+                  nd-router-solicit, \
+                  nd-router-advert, \
+                  nd-neighbor-solicit, \
+                  nd-neighbor-advert, \
+                  packet-too-big, \
+                  parameter-problem, \
+                  router-renumbering, \
+                  time-exceeded } \
+    counter accept comment "ICMPv6"
 
 add rule inet ifg_filter forward \
     counter log prefix "FORWARD"
@@ -285,8 +313,22 @@ add rule inet ifg_filter output \
     ip protocol icmp \
     counter accept comment "ICMP"
 add rule inet ifg_filter output \
-    ip protocol icmpv6 \
-    counter accept comment "ICMP"
+    icmpv6 type { destination-unreachable, \
+                  echo-reply, \
+                  echo-request, \
+                  mld-listener-done, \
+                  mld-listener-query, \
+                  mld-listener-report, \
+                  nd-redirect, \
+                  nd-router-solicit, \
+                  nd-router-advert, \
+                  nd-neighbor-solicit, \
+                  nd-neighbor-advert, \
+                  packet-too-big, \
+                  parameter-problem, \
+                  router-renumbering, \
+                  time-exceeded } \
+    counter accept comment "ICMPv6"
 
 add rule inet ifg_filter output \
     counter log prefix "OUTPUT"

diff --git a/sources/ifg.in/postinstall/install/etc/radvd.conf b/sources/ifg.in/postinstall/install/etc/radvd.conf
index cee6da6656fe433bb05811cfbfe2818b67368b39..989fd9902e48461a03dcbe45e767b5dc53279757 100644 (file)
--- a/sources/ifg.in/postinstall/install/etc/radvd.conf
+++ b/sources/ifg.in/postinstall/install/etc/radvd.conf
@@ -7,4 +7,8 @@ interface eth0
                 AdvOnLink on;
                 AdvAutonomous on;
         };
+
+        route ::/0
+        {
+        };
 };

diff --git a/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf b/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
index 5334abcc8e49384222920b0f5d3c4b81d7cbfef7..94bd7517921d454d8127bd553e629ab55b4ec7db 100644 (file)
--- a/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
+++ b/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
@@ -1,2 +1,4 @@
 net.ipv4.conf.all.forwarding = 1
 net.ipv6.conf.all.forwarding = 1
+net.ipv6.conf.eth0.forwarding = 1
+net.ipv6.conf.eth1.forwarding = 1