Updated ifg.in (mostly ipv6 address changes).

diff --git a/sources/ifg.in/c3d/firstboot/data/nftables.config b/sources/ifg.in/c3d/firstboot/data/nftables.config
index 6a3278543e0db79714242ef6eb89e9a9b17cc014..0399e0efd78f18ef5c4ee0137c2f511b97a6d51a 100644 (file)
--- a/sources/ifg.in/c3d/firstboot/data/nftables.config
+++ b/sources/ifg.in/c3d/firstboot/data/nftables.config
@@ -42,80 +42,72 @@ define PUBLIC_BROADCAST_IPV4 = 213.253.216.175
 # efg address (perimeter network)
 define EFG_PERIMETER_IPV4 = 192.168.173.254
 
-# transfer web server address (perimeter network)
-define XFR_PERIMETER_IPV4 = 192.168.173.251
-
 # web server address (perimeter network)
 define WS_PERIMETER_IPV4 = 192.168.173.249
-define WS_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:adf9
-
-# subversion server address (perimeter network)
-define SVN_PERIMETER_IPV4 = 192.168.173.212
-define SVN_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:add4
+define WS_PERIMETER_IPV6 = 2001:1aa1:000a:7c0c:000c:18ff:fe03:adf9
 
 # perimeter name server address (perimeter network)
-define PNS_PERIMETER_IPV4 = 192.168.173.174
-define PNS_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:adae
+define PNS_PERIMETER_IPV4 = 192.168.173.223
+define PNS_PERIMETER_IPV6 = 2001:1aa1:000a:7c0c:000c:18ff:fe03:addf
 
-# mercurial server address (perimeter network)
-define HG_PERIMETER_IPV4 = 192.168.173.87
-define HG_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:ad57
-
-# git server address (perimeter network)
-define GIT_PERIMETER_IPV4 = 192.168.173.79
-define GIT_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:ad4f
+# transfer web server address (perimeter network)
+define XFR_PERIMETER_IPV4 = 192.168.173.174
 
 # external name server address (perimeter network)
-define ENS_PERIMETER_IPV4 = 192.168.173.64
-define ENS_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:ad40
+define ENS_PERIMETER_IPV4 = 192.168.173.147
+define ENS_PERIMETER_IPV6 = 2001:1aa1:000a:7c0c:000c:18ff:fe03:ad93
+
+# git server address (perimeter network)
+define GIT_PERIMETER_IPV4 = 192.168.173.42
+define GIT_PERIMETER_IPV6 = 2001:1aa1:000a:7c0c:000c:18ff:fe03:ad2a
 
 # ifg address (perimeter network)
 define IFG_PERIMETER_IPV4 = 192.168.173.1
-define IFG_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:ad01
+define IFG_PERIMETER_IPV6 = 2001:1aa1:000a:7c0c:000c:18ff:fe03:ad01
 
 # ifg addresses (internal network)
 define IFG_INTERNAL_IPV4 = 10.228.109.254
-define IFG_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6dfe
+define IFG_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe
 define IFG_SR_IPV4 = 192.168.42.254
 define IFG_IN_IPV4 = 192.168.43.254
 
 # store address (internal network)
 define STORE_INTERNAL_IPV4 = 10.228.109.250
-define STORE_INTERNAL_IPV6 = 2001:1aa1:000a:0424:da9d:67ff:fe63:dc68
+define STORE_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:da9d:67ff:fe63:dc68
 
 # wiki server address (internal network)
-define WIKI_INTERNAL_IPV4 = 10.228.109.239
-define WIKI_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6def
+define WIKI_INTERNAL_IPV4 = 10.228.109.211
+define WIKI_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:6dd3
 
 # vpn address (internal network)
 define VPN_INTERNAL_IPV4 = 10.228.109.236
 
-# source name server address (internal network)
-define SNS_INTERNAL_IPV4 = 10.228.109.204
-define SNS_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6dcc
-
 # public key infrastructure server address (internal network)
-define PKI_INTERNAL_IPV4 = 10.228.109.171
-define PKI_INTERNAL_IPV6 = 2a02:d400:0:f268:c:18ff:fe03:6dab
+define PKI_INTERNAL_IPV4 = 10.228.109.183
+define PKI_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:6db7
 
 # name server 1 address (internal network)
 define NS1_INTERNAL_IPV4 = 10.228.109.159
-define NS1_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6d9f
+define NS1_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f
+
+# fedora directory server address (internal network)
+define FDS_INTERNAL_IPV4 = 10.228.109.147
+define FDS_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:6d93
 
 # minicrm address (internal network)
 define MINICRM_INTERNAL_IPV4 = 10.228.109.133
 
-# fedora directory server address (internal network)
-define FDS_INTERNAL_IPV4 = 10.228.109.83
-define FDS_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6d53
-
 # fedora directory client address (internal network)
-define FDC_INTERNAL_IPV4 = 10.228.109.67
-define FDC_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6d43
+define FDC_INTERNAL_IPV4 = 10.228.109.131
+define FDC_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:6d83
+
+# source name server address (internal network)
+define SNS_INTERNAL_IPV4 = 10.228.109.11
+define SNS_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:6d0b
 
 # name server 2 address (internal network)
 define NS2_INTERNAL_IPV4 = 10.228.92.159
-define NS2_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:5c9f
+define NS2_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f
 
 # dvredmine address (internal network)
 define DVREDMINE_INTERNAL_IPV4 = 10.228.62.193
@@ -129,7 +121,7 @@ define WORKSHEET_SR_IPV4 = 192.168.42.248
 
 # internal networks
 define INTERNAL_IPV4_NET = 10.228.0.0/16
-define INTERNAL_IPV6_NET = 2001:1aa1:000a:0424::/64
+define INTERNAL_IPV6_NET = 2001:1aa1:000a:7dae::/64
 define SR_IPV4_NET = 192.168.42.0/24
 define IN_IPV4_NET = 192.168.43.0/24
 define INTERNAL_IPV4_NETS = { $INTERNAL_IPV4_NET, \
@@ -138,7 +130,7 @@ define INTERNAL_IPV4_NETS = { $INTERNAL_IPV4_NET, \
 
 # perimeter network
 define PERIMETER_NET = 192.168.173.0/24
-define PERIMETER_IPV6_NET = 2001:1aa1:000a:00ad::/64
+define PERIMETER_IPV6_NET = 2001:1aa1:000a:7c0c::/64
 
 # vpn client network
 define VPN_CLIENT_NET = 172.24.232.0/24
@@ -317,6 +309,12 @@ add rule ip ifg-filter forward \
     oifname $INTERNAL_IF ip daddr $VPN_INTERNAL_IPV4 udp dport $VPN_PORT \
     counter accept comment "Incoming VPN traffic"
 
+add rule ip ifg-filter forward \
+    ip protocol tcp \
+    iifname $PERIMETER_IF ip saddr != $PERIMETER_NET tcp sport 1024-65535 \
+    oifname $INTERNAL_IF ip daddr $STORE_INTERNAL_IPV4 tcp dport { http, https } \
+    counter accept comment "Incoming store traffic"
+
 add rule ip ifg-filter forward \
     iifname $INTERNAL_IF \
     oifname $INTERNAL_IF \
@@ -381,31 +379,23 @@ add rule ip ifg-filter forward \
     counter accept comment "Worksheet replies"
 
 add rule ip ifg-filter forward \
-    iifname $PERIMETER_IF ip saddr { $GIT_PERIMETER_IPV4, \
-                                     $HG_PERIMETER_IPV4, \
-                                     $SVN_PERIMETER_IPV4 } tcp sport 1024-65535 \
+    iifname $PERIMETER_IF ip saddr { $GIT_PERIMETER_IPV4 } tcp sport 1024-65535 \
     oifname $INTERNAL_IF ip daddr $FDS_INTERNAL_IPV4 tcp dport { ldap, ldaps } \
     counter accept comment "Git, mercurial and subversion directory server requests"
 add rule ip6 ifg-filter forward \
-    iifname $PERIMETER_IF ip6 saddr { $GIT_PERIMETER_IPV6, \
-                                      $HG_PERIMETER_IPV6, \
-                                      $SVN_PERIMETER_IPV6 } tcp sport 1024-65535 \
+    iifname $PERIMETER_IF ip6 saddr { $GIT_PERIMETER_IPV6 } tcp sport 1024-65535 \
     oifname $INTERNAL_IF ip6 daddr $FDS_INTERNAL_IPV6 tcp dport { ldap, ldaps } \
     counter accept comment "Git, mercurial and subversion directory server requests"
 
 add rule ip ifg-filter forward \
     ct state established \
     iifname $INTERNAL_IF ip saddr $FDS_INTERNAL_IPV4 tcp sport { ldap, ldaps } \
-    oifname $PERIMETER_IF ip daddr { $GIT_PERIMETER_IPV4, \
-                                     $HG_PERIMETER_IPV4, \
-                                     $SVN_PERIMETER_IPV4 } tcp dport 1024-65535 \
+    oifname $PERIMETER_IF ip daddr { $GIT_PERIMETER_IPV4 } tcp dport 1024-65535 \
     counter accept comment "Git, mercurial and subversion directory server replies"
 add rule ip6 ifg-filter forward \
     ct state established \
     iifname $INTERNAL_IF ip6 saddr $FDS_INTERNAL_IPV6 tcp sport {ldap, ldaps } \
-    oifname $PERIMETER_IF ip6 daddr { $GIT_PERIMETER_IPV6, \
-                                      $HG_PERIMETER_IPV6, \
-                                      $SVN_PERIMETER_IPV6 } tcp dport 1024-65535 \
+    oifname $PERIMETER_IF ip6 daddr { $GIT_PERIMETER_IPV6 } tcp dport 1024-65535 \
     counter accept comment "Git, mercurial and subversion directory server replies"
 
 add rule ip ifg-filter forward \

diff --git a/sources/ifg.in/c3d/firstboot/scripts/01_setupnetworking.sh b/sources/ifg.in/c3d/firstboot/scripts/01_setupnetworking.sh
index e6f3dc237d7bc6df51f4812e621bced5b0956006..805cc921400bee35fbbb2e23338e0508ec94cc5c 100755 (executable)
--- a/sources/ifg.in/c3d/firstboot/scripts/01_setupnetworking.sh
+++ b/sources/ifg.in/c3d/firstboot/scripts/01_setupnetworking.sh
@@ -76,8 +76,8 @@ nmcli connection add \
     ipv4.dns-search "in.useribm.hu" \
     ipv4.method "manual" \
     ipv4.routes "172.16.223.0/24 10.228.109.236, 172.24.232.0/24 10.228.109.236, 10.162.0.0/16 10.228.109.236" \
-    ipv6.addresses "2001:1aa1:000a:0424:000c:18ff:fe03:6dfe/64" \
-    ipv6.dns "2001:1aa1:000a:0424:000c:18ff:fe03:6d9f, 2001:1aa1:000a:0424:000c:18ff:fe03:5c9f" \
+    ipv6.addresses "2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe/64" \
+    ipv6.dns "2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f, 2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f" \
     ipv6.dns-search "in.useribm.hu" \
     ipv6.method "manual" \
     save yes
@@ -90,8 +90,8 @@ nmcli connection add \
     ipv4.addresses "192.168.173.1/24" \
     ipv4.gateway "192.168.173.254" \
     ipv4.method "manual" \
-    ipv6.addresses "2001:1aa1:000a:00ad:000c:18ff:fe03:ad01/64" \
-    ipv6.gateway "2001:1aa1:000a:00ad:000c:18ff:fe03:adfe" \
+    ipv6.addresses "2001:1aa1:000a:7c0c:000c:18ff:fe03:ad01/64" \
+    ipv6.gateway "2001:1aa1:000a:7c0c:000c:18ff:fe03:adfe" \
     ipv6.method "manual" \
     save yes
 

diff --git a/sources/ifg.in/c3d/postinstall/install-data/etc/radvd.conf b/sources/ifg.in/c3d/postinstall/install-data/etc/radvd.conf
index f862b57ae7a28d428d2d41c03399030fe9bb19fb..a1984552abbb64dd2d09ba77fb1d0c60dd081e3a 100644 (file)
--- a/sources/ifg.in/c3d/postinstall/install-data/etc/radvd.conf
+++ b/sources/ifg.in/c3d/postinstall/install-data/etc/radvd.conf
@@ -2,13 +2,9 @@ interface eth0
 {
         AdvSendAdvert on;
 
-        prefix 2001:1aa1:000a:0424::/64
+        prefix ::/64
         {
                 AdvOnLink on;
                 AdvAutonomous on;
         };
-
-        route ::/0
-        {
-        };
 };