From: Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Date: Thu, 15 Apr 2021 13:04:55 +0000 (+0200)
Subject: Updated ifg.in (continued implementing ipv6).
X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=5ab7b9d2311221ec14dd6baac6f9b0a308ca1f41;p=user-lxc.git

Updated ifg.in (continued implementing ipv6).
---

diff --git a/sources/ifg.in/firstboot/01_setupnetworking.sh b/sources/ifg.in/firstboot/01_setupnetworking.sh
index eddec6a..a969a48 100755
--- a/sources/ifg.in/firstboot/01_setupnetworking.sh
+++ b/sources/ifg.in/firstboot/01_setupnetworking.sh
@@ -52,7 +52,10 @@ nmcli connection add \
     ipv4.dns-search "in.useribm.hu" \
     ipv4.method "manual" \
     ipv4.routes "172.16.223.0/24 10.228.109.236, 10.162.104.0/24 10.228.109.236" \
-    ipv6.method "auto" \
+    ipv6.addresses "2a02:d400:0000:f268:000c:18ff:fe03:6dfe/64" \
+    ipv6.dns "2a02:d400:0000:f268:000c:18ff:fe03:6d68, 2a02:d400:0000:f268:000c:18ff:fe03:6dfd" \
+    ipv6.dns-search "in.useribm.hu" \
+    ipv6.method "manual" \
     save yes
 
 nmcli connection add \
@@ -63,7 +66,9 @@ nmcli connection add \
     ipv4.addresses "192.168.173.1/24" \
     ipv4.gateway "192.168.173.254" \
     ipv4.method "manual" \
-    ipv6.method "auto" \
+    ipv6.addresses "2a02:d400:0000:f2ad:000c:18ff:fe03:ad01/64" \
+    ipv6.gateway "2a02:d400:0000:f2ad:000c:18ff:fe03:adfe" \
+    ipv6.method "manual" \
     save yes
 
 nmcli connection show
diff --git a/sources/ifg.in/firstboot/nftables.config b/sources/ifg.in/firstboot/nftables.config
index 3b994d1..c02de0a 100644
--- a/sources/ifg.in/firstboot/nftables.config
+++ b/sources/ifg.in/firstboot/nftables.config
@@ -155,8 +155,22 @@ add rule inet ifg_filter input \
     ip protocol icmp \
     counter accept comment "ICMP"
 add rule inet ifg_filter input \
-    ip protocol icmpv6 \
-    counter accept comment "ICMP"
+    icmpv6 type { destination-unreachable, \
+                  echo-reply, \
+                  echo-request, \
+                  mld-listener-done, \
+                  mld-listener-query, \
+                  mld-listener-report, \
+                  nd-redirect, \
+                  nd-router-solicit, \
+                  nd-router-advert, \
+                  nd-neighbor-solicit, \
+                  nd-neighbor-advert, \
+                  packet-too-big, \
+                  parameter-problem, \
+                  router-renumbering, \
+                  time-exceeded } \
+    counter accept comment "ICMPv6"
 
 add rule inet ifg_filter input \
     ip protocol gre \
@@ -263,8 +277,22 @@ add rule inet ifg_filter forward \
     ip protocol icmp \
     counter accept comment "ICMP"
 add rule inet ifg_filter forward \
-    ip protocol icmpv6 \
-    counter accept comment "ICMP"
+    icmpv6 type { destination-unreachable, \
+                  echo-reply, \
+                  echo-request, \
+                  mld-listener-done, \
+                  mld-listener-query, \
+                  mld-listener-report, \
+                  nd-redirect, \
+                  nd-router-solicit, \
+                  nd-router-advert, \
+                  nd-neighbor-solicit, \
+                  nd-neighbor-advert, \
+                  packet-too-big, \
+                  parameter-problem, \
+                  router-renumbering, \
+                  time-exceeded } \
+    counter accept comment "ICMPv6"
 
 add rule inet ifg_filter forward \
     counter log prefix "FORWARD"
@@ -285,8 +313,22 @@ add rule inet ifg_filter output \
     ip protocol icmp \
     counter accept comment "ICMP"
 add rule inet ifg_filter output \
-    ip protocol icmpv6 \
-    counter accept comment "ICMP"
+    icmpv6 type { destination-unreachable, \
+                  echo-reply, \
+                  echo-request, \
+                  mld-listener-done, \
+                  mld-listener-query, \
+                  mld-listener-report, \
+                  nd-redirect, \
+                  nd-router-solicit, \
+                  nd-router-advert, \
+                  nd-neighbor-solicit, \
+                  nd-neighbor-advert, \
+                  packet-too-big, \
+                  parameter-problem, \
+                  router-renumbering, \
+                  time-exceeded } \
+    counter accept comment "ICMPv6"
 
 add rule inet ifg_filter output \
     counter log prefix "OUTPUT"
diff --git a/sources/ifg.in/postinstall/install/etc/radvd.conf b/sources/ifg.in/postinstall/install/etc/radvd.conf
index cee6da6..989fd99 100644
--- a/sources/ifg.in/postinstall/install/etc/radvd.conf
+++ b/sources/ifg.in/postinstall/install/etc/radvd.conf
@@ -7,4 +7,8 @@ interface eth0
                 AdvOnLink on;
                 AdvAutonomous on;
         };
+
+        route ::/0
+        {
+        };
 };
diff --git a/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf b/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
index 5334abc..94bd751 100644
--- a/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
+++ b/sources/ifg.in/postinstall/install/etc/sysctl.d/01_ipforward.conf
@@ -1,2 +1,4 @@
 net.ipv4.conf.all.forwarding = 1
 net.ipv6.conf.all.forwarding = 1
+net.ipv6.conf.eth0.forwarding = 1
+net.ipv6.conf.eth1.forwarding = 1