From: Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Date: Wed, 14 Apr 2021 20:02:24 +0000 (+0200)
Subject: Updated ifg.in (started implementing ipv6).
X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=0e9c8eaf0836b56cff514dce93fb769eabd26c90;p=user-lxc.git

Updated ifg.in (started implementing ipv6).
---

diff --git a/sources/ifg.in/firstboot/10_setupnftables.sh b/sources/ifg.in/firstboot/10_setupnftables.sh
index a522aaf..714ff6b 100755
--- a/sources/ifg.in/firstboot/10_setupnftables.sh
+++ b/sources/ifg.in/firstboot/10_setupnftables.sh
@@ -4,14 +4,8 @@
 REAL_PATH=$(realpath $(dirname $0))
 
 
-nft list ruleset | grep ^table | sed 's/ {$//' | while read TABLE_SPEC
-do
-    nft flush $TABLE_SPEC
-    nft delete $TABLE_SPEC
-done
-
+nft flush ruleset
 nft --echo --file $REAL_PATH/nftables.config
-nft list ruleset >/etc/nftables/ifg.nft
-nft list ruleset
+nft list ruleset | tee /etc/nftables/ifg.nft
 
 systemctl enable nftables.service
diff --git a/sources/ifg.in/firstboot/nftables.config b/sources/ifg.in/firstboot/nftables.config
index d770979..3b994d1 100644
--- a/sources/ifg.in/firstboot/nftables.config
+++ b/sources/ifg.in/firstboot/nftables.config
@@ -154,6 +154,9 @@ add rule inet ifg_filter input \
 add rule inet ifg_filter input \
     ip protocol icmp \
     counter accept comment "ICMP"
+add rule inet ifg_filter input \
+    ip protocol icmpv6 \
+    counter accept comment "ICMP"
 
 add rule inet ifg_filter input \
     ip protocol gre \
@@ -259,6 +262,9 @@ add rule inet ifg_filter forward \
 add rule inet ifg_filter forward \
     ip protocol icmp \
     counter accept comment "ICMP"
+add rule inet ifg_filter forward \
+    ip protocol icmpv6 \
+    counter accept comment "ICMP"
 
 add rule inet ifg_filter forward \
     counter log prefix "FORWARD"
@@ -278,6 +284,9 @@ add rule inet ifg_filter output \
 add rule inet ifg_filter output \
     ip protocol icmp \
     counter accept comment "ICMP"
+add rule inet ifg_filter output \
+    ip protocol icmpv6 \
+    counter accept comment "ICMP"
 
 add rule inet ifg_filter output \
     counter log prefix "OUTPUT"
diff --git a/sources/ifg.in/postinstall/install/etc/radvd.conf b/sources/ifg.in/postinstall/install/etc/radvd.conf
new file mode 100644
index 0000000..cee6da6
--- /dev/null
+++ b/sources/ifg.in/postinstall/install/etc/radvd.conf
@@ -0,0 +1,10 @@
+interface eth0
+{
+        AdvSendAdvert on;
+
+        prefix 2a02:d400:0000:f268::/64
+        {
+                AdvOnLink on;
+                AdvAutonomous on;
+        };
+};
diff --git a/sources/ifg.in/postinstall/install/etc/resolv.conf b/sources/ifg.in/postinstall/install/etc/resolv.conf
deleted file mode 100644
index 656e3f2..0000000
--- a/sources/ifg.in/postinstall/install/etc/resolv.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-nameserver 10.228.109.253
-nameserver 10.228.109.104
-domain usr.user.hu
-search usr.user.hu
diff --git a/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf b/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
index 05b3f78..5334abc 100644
--- a/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
+++ b/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
@@ -1 +1,2 @@
 net.ipv4.conf.all.forwarding = 1
+net.ipv6.conf.all.forwarding = 1