OSPF-Intro done

main
root 3 years ago
parent 314f22c87c
commit 19875ff5db

@ -0,0 +1,28 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/H10/rootfs
lxc.uts.name = H10
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.name = vlan1082
lxc.net.0.veth.pair = h10.1082
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.net.0.hwaddr = 02:00:0a:08:02:0a
lxc.net.0.ipv4.address = 10.8.2.10/24
lxc.net.0.ipv4.gateway = 10.8.2.1
lxc.net.0.ipv6.address = 2001:db8:2501:82::10/64
lxc.net.0.ipv6.gateway = 2001:db8:2501:82::1

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
net.ipv4.icmp_ratelimit = 0
net.ipv6.icmp.ratelimit = 0
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0

@ -0,0 +1,28 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/H12/rootfs
lxc.uts.name = H12
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.name = vlan1050
lxc.net.0.veth.pair = h12.1050
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.net.0.hwaddr = 02:00:0a:32:01:0c
lxc.net.0.ipv4.address = 10.50.1.12/24
lxc.net.0.ipv4.gateway = 10.50.1.1
lxc.net.0.ipv6.address = 2001:db8:2501:501::12/64
lxc.net.0.ipv6.gateway = 2001:db8:2501:501::1

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
net.ipv4.icmp_ratelimit = 0
net.ipv6.icmp.ratelimit = 0
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0

@ -0,0 +1,28 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/H5/rootfs
lxc.uts.name = H5
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.name = vlan1034
lxc.net.0.veth.pair = h5.1034
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.net.0.hwaddr = 02:00:0a:2b:02:05
lxc.net.0.ipv4.address = 10.34.2.5/24
lxc.net.0.ipv4.gateway = 10.34.2.1
lxc.net.0.ipv6.address = 2001:db8:2501:342::5/64
lxc.net.0.ipv6.gateway = 2001:db8:2501:342::1

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
net.ipv4.icmp_ratelimit = 0
net.ipv6.icmp.ratelimit = 0
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0

@ -0,0 +1,28 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/H8/rootfs
lxc.uts.name = H8
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.name = vlan1356
lxc.net.0.veth.pair = h8.1356
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.net.0.hwaddr = 02:00:0a:03:38:08
lxc.net.0.ipv4.address = 10.3.56.8/24
lxc.net.0.ipv4.gateway = 10.3.56.1
lxc.net.0.ipv6.address = 2001:db8:2501:56::8/64
lxc.net.0.ipv6.gateway = 2001:db8:2501:56::1

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
net.ipv4.icmp_ratelimit = 0
net.ipv6.icmp.ratelimit = 0
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0

@ -0,0 +1,53 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/R1/rootfs
lxc.uts.name = R1
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.name = vlan1001
lxc.net.0.veth.pair = r1.1001
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.net.0.hwaddr = 02:00:0a:00:01:05
lxc.net.0.ipv4.address = 10.0.1.5/24
lxc.net.0.ipv6.address = 2001:db8:2501:1::5/64
lxc.net.1.type = veth
lxc.net.1.flags = up
lxc.net.1.name = vlan1012
lxc.net.1.veth.pair = r1.1012
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
lxc.net.1.hwaddr = 02:00:0a:01:02:07
lxc.net.1.ipv4.address = 10.1.2.7/24
lxc.net.1.ipv6.address = 2001:db8:2501:2::7/64
lxc.net.2.type = veth
lxc.net.2.flags = up
lxc.net.2.name = vlan1356
lxc.net.2.veth.pair = r1.1356
lxc.net.2.script.up = /etc/lxc/lxc-openvswitch
lxc.net.2.script.down = /etc/lxc/lxc-openvswitch
lxc.net.2.hwaddr = 02:00:0a:03:38:01
lxc.net.2.ipv4.address = 10.3.56.1/24
lxc.net.2.ipv6.address = 2001:db8:2501:56::1/64
lxc.net.3.type = veth
lxc.net.3.name = vlan10
lxc.net.3.veth.pair = r1.10
lxc.net.3.flags = up
lxc.net.3.script.up = /etc/lxc/lxc-openvswitch
lxc.net.3.script.down = /etc/lxc/lxc-openvswitch

@ -0,0 +1,47 @@
router id 10.9.99.1;
log "/var/log/bird/bird.log" all;
debug protocols { states, routes, filters, interfaces }
protocol kernel {
#import none;
export all;
learn;
preference 254;
}
protocol device {
# defaults...
scan time 10;
}
protocol direct {
interface "vlan10";
}
filter ospfexport {
if (source = RTS_DEVICE) || (net = 0.0.0.0/0)
then accept;
else reject;
};
protocol ospf {
export filter ospfexport;
import all;
area 0 {
interface "lo" {
stub;
};
interface "vlan1001" {
};
interface "vlan1012" {
};
interface "vlan1356" {
stub;
};
interface "vlan10" {
type broadcast;
};
};
};

@ -0,0 +1,47 @@
router id 10.9.99.1;
log "/var/log/bird/bird.log" all;
debug protocols { states, routes, filters, interfaces }
protocol kernel {
#import none;
export all;
learn;
preference 254;
}
protocol device {
# defaults...
scan time 10;
}
protocol direct {
interface "vlan10";
}
filter ospfexport {
if (source = RTS_DEVICE) || (net = ::/0)
then accept;
else reject;
}
protocol ospf {
export filter ospfexport;
import all;
area 0 {
interface "lo" {
stub;
};
interface "vlan1001" {
};
interface "vlan1012" {
};
interface "vlan1356" {
stub;
};
interface "vlan10" {
type broadcast;
};
};
};

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,3 @@
*nat
-A POSTROUTING -o vlan10 -j MASQUERADE
COMMIT

@ -0,0 +1,16 @@
auto lo
iface lo inet loopback
up ip addr add 10.9.99.1/32 dev lo
down ip addr del 10.9.99.1/32 dev lo
iface vlan10 inet manual
pre-up iptables-restore < /etc/network/firewall
up ip link set up dev vlan10
up ip addr add 198.51.100.13/26 brd + dev vlan10
up ip route add default via 198.51.100.1 dev vlan10
up ip -6 addr add 2001:db8:1998::19/120 dev vlan10
up ip -6 route add default via 2001:db8:1998::1 dev vlan10
down ip addr del 198.51.100.19/26 dev vlan10
down ip -6 addr del 2001:db8:1998::19/120 dev vlan10
down ip link set down dev vlan10

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
net.ipv4.icmp_ratelimit = 0
net.ipv6.icmp.ratelimit = 0
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0

@ -0,0 +1,44 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/R2/rootfs
lxc.uts.name = R2
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.name = vlan1012
lxc.net.0.veth.pair = r2.1012
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.net.0.hwaddr = 02:00:0a:01:02:7b
lxc.net.0.ipv4.address = 10.1.2.123/24
lxc.net.0.ipv6.address = 2001:db8:2501:2::123/64
lxc.net.1.type = veth
lxc.net.1.flags = up
lxc.net.1.name = vlan1082
lxc.net.1.veth.pair = r2.1082
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
lxc.net.1.hwaddr = 02:00:0a:08:02:01
lxc.net.1.ipv4.address = 10.8.2.1/24
lxc.net.1.ipv6.address = 2001:db8:2501:82::1/64
lxc.net.2.type = veth
lxc.net.2.flags = up
lxc.net.2.name = vlan1050
lxc.net.2.veth.pair = r2.1050
lxc.net.2.script.up = /etc/lxc/lxc-openvswitch
lxc.net.2.script.down = /etc/lxc/lxc-openvswitch
lxc.net.2.hwaddr = 02:00:0a:32:01:01
lxc.net.2.ipv4.address = 10.50.1.1/24
lxc.net.2.ipv6.address = 2001:db8:2501:501::1/64

@ -0,0 +1,30 @@
router id 10.9.99.2;
log "/var/log/bird/bird.log" all;
debug protocols { states, routes, filters, interfaces }
protocol kernel {
import none;
export all;
}
protocol device {
# defaults...
}
protocol ospf {
area 0 {
interface "lo" {
stub;
};
interface "vlan1082" {
stub;
};
interface "vlan1050" {
stub;
};
interface "vlan1012" {
};
};
};

@ -0,0 +1,30 @@
router id 10.9.99.2;
log "/var/log/bird/bird.log" all;
debug protocols { states, routes, filters, interfaces }
protocol kernel {
import none;
export all;
}
protocol device {
# defaults...
}
protocol ospf {
area 0 {
interface "lo" {
stub;
};
interface "vlan1082" {
stub;
};
interface "vlan1050" {
stub;
};
interface "vlan1012" {
};
};
};

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,4 @@
auto lo
iface lo inet loopback
up ip addr add 10.9.99.2/32 dev lo
down ip addr del 10.9.99.2/32 dev lo

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
net.ipv4.icmp_ratelimit = 0
net.ipv6.icmp.ratelimit = 0
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0

@ -0,0 +1,35 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/R5/rootfs
lxc.uts.name = R5
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.name = vlan1001
lxc.net.0.veth.pair = r5.1001
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.net.0.hwaddr = 02:00:0a:00:01:04
lxc.net.0.ipv4.address = 10.0.1.4/24
lxc.net.0.ipv6.address = 2001:db8:2501:1::4/64
lxc.net.1.type = veth
lxc.net.1.flags = up
lxc.net.1.name = vlan1012
lxc.net.1.veth.pair = r5.1012
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
lxc.net.1.hwaddr = 02:00:0a:01:02:38
lxc.net.1.ipv4.address = 10.1.2.56/24
lxc.net.1.ipv6.address = 2001:db8:2501:2::56/64

@ -0,0 +1,26 @@
router id 10.9.99.5;
log "/var/log/bird/bird.log" all;
debug protocols { states, routes, filters, interfaces }
protocol kernel {
import none;
export all;
}
protocol device {
# defaults...
}
protocol ospf {
area 0 {
interface "lo" {
stub;
};
interface "vlan1001" {
};
interface "vlan1012" {
};
};
};

@ -0,0 +1,26 @@
router id 10.9.99.5;
log "/var/log/bird/bird.log" all;
debug protocols { states, routes, filters, interfaces }
protocol kernel {
import none;
export all;
}
protocol device {
# defaults...
}
protocol ospf {
area 0 {
interface "lo" {
stub;
};
interface "vlan1001" {
};
interface "vlan1012" {
};
};
};

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,4 @@
auto lo
iface lo inet loopback
up ip addr add 10.9.99.5/32 dev lo
down ip addr del 10.9.99.5/32 dev lo

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
net.ipv4.icmp_ratelimit = 0
net.ipv6.icmp.ratelimit = 0
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0

@ -0,0 +1,35 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/R6/rootfs
lxc.uts.name = R6
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.name = vlan1001
lxc.net.0.veth.pair = r6.1001
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.net.0.hwaddr = 02:00:0a:00:01:08
lxc.net.0.ipv4.address = 10.0.1.8/24
lxc.net.0.ipv6.address = 2001:db8:2501:1::8/64
lxc.net.1.type = veth
lxc.net.1.flags = up
lxc.net.1.name = vlan1034
lxc.net.1.veth.pair = r6.1034
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
lxc.net.1.hwaddr = 02:00:0a:2b:02:01
lxc.net.1.ipv4.address = 10.34.2.1/24
lxc.net.1.ipv6.address = 2001:db8:2501:342::1/64

@ -0,0 +1,27 @@
router id 10.9.99.6;
log "/var/log/bird/bird.log" all;
debug protocols { states, routes, filters, interfaces }
protocol kernel {
import none;
export all;
}
protocol device {
# defaults...
}
protocol ospf {
area 0 {
interface "lo" {
stub;
};
interface "vlan1001" {
};
interface "vlan1034" {
stub;
};
};
};

@ -0,0 +1,27 @@
router id 10.9.99.6;
log "/var/log/bird/bird.log" all;
debug protocols { states, routes, filters, interfaces }
protocol kernel {
import none;
export all;
}
protocol device {
# defaults...
}
protocol ospf {
area 0 {
interface "lo" {
stub;
};
interface "vlan1001" {
};
interface "vlan1034" {
stub;
};
};
};

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,4 @@
auto lo
iface lo inet loopback
up ip addr add 10.9.99.6/32 dev lo
down ip addr del 10.9.99.6/32 dev lo

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
net.ipv4.icmp_ratelimit = 0
net.ipv6.icmp.ratelimit = 0
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0

@ -0,0 +1,32 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.net.0.type = veth
#lxc.net.0.link = vlan10
lxc.net.0.name = vlan10
lxc.net.0.veth.pair = sparrow.10
lxc.net.0.flags = up
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.net.1.type = veth
lxc.net.1.name = vlan60
lxc.net.1.veth.pair = sparrow.60
lxc.net.1.flags = up
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/sparrow/rootfs
lxc.uts.name = sparrow

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,4 @@
*nat
-A POSTROUTING -o vlan10 -j MASQUERADE
COMMIT

@ -0,0 +1,18 @@
auto lo
iface lo inet loopback
auto vlan10
iface vlan10 inet manual
pre-up iptables-restore < /etc/network/firewall
up ip link set up dev vlan10
up ip addr add 198.51.100.19/26 brd + dev vlan10
up ip route add default via 198.51.100.1 dev vlan10
down ip addr del 198.51.100.19/26 dev vlan10
down ip link set down dev vlan10
auto vlan60
iface vlan60 inet manual
up ip link set up dev vlan60
up ip addr add 10.1.60.1/24 brd + dev vlan60
down ip addr del 10.1.60.1/24 dev vlan60
down ip link set down dev vlan60

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
net.ipv4.icmp_ratelimit = 0
net.ipv6.icmp.ratelimit = 0
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0

@ -0,0 +1,24 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.net.0.type = veth
#lxc.net.0.link = vlan10
lxc.net.0.name = vlan60
lxc.net.0.veth.pair = waever.60
lxc.net.0.flags = up
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/weaver/rootfs
lxc.uts.name = weaver

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,10 @@
auto lo
iface lo inet loopback
auto vlan60
iface vlan60 inet manual
up ip link set up dev vlan60
up ip addr add 10.1.60.21/24 brd + dev vlan60
up ip route add default via 10.1.60.1 dev vlan60
down ip addr del 10.1.60.21/24 dev vlan60
down ip link set down dev vlan60

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
net.ipv4.icmp_ratelimit = 0
net.ipv6.icmp.ratelimit = 0
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1
###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0

@ -0,0 +1,24 @@
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r stretch
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.net.0.type = veth
#lxc.net.0.link = vlan10
lxc.net.0.name = vlan10
lxc.net.0.veth.pair = webshop.10
lxc.net.0.flags = up
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.rootfs.path = btrfs:/var/lib/lxc/webshop/rootfs
lxc.uts.name = webshop

@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

@ -0,0 +1,11 @@
auto lo
iface lo inet loopback
auto vlan10
iface vlan10 inet manual
up ip link set up dev vlan10
up ip addr add 198.51.100.36/26 brd + dev vlan10
up ip route add default via 198.51.100.1 dev vlan10
down ip addr del 198.51.100.36 dev vlan10
down ip link set down dev vlan10

@ -0,0 +1,79 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)