From 19875ff5dbdb9d35b2078370a5ee397d4a8cb9bc Mon Sep 17 00:00:00 2001 From: root Date: Tue, 18 Aug 2020 20:35:29 +1000 Subject: [PATCH] OSPF-Intro done --- H10/config | 28 ++++++++++ H10/rootfs/etc/bird/bird.conf | 0 H10/rootfs/etc/bird/bird6.conf | 0 H10/rootfs/etc/hosts | 5 ++ H10/rootfs/etc/network/interfaces | 0 H10/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ H12/config | 28 ++++++++++ H12/rootfs/etc/bird/bird.conf | 0 H12/rootfs/etc/bird/bird6.conf | 0 H12/rootfs/etc/hosts | 5 ++ H12/rootfs/etc/network/interfaces | 0 H12/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ H5/config | 28 ++++++++++ H5/rootfs/etc/bird/bird.conf | 0 H5/rootfs/etc/bird/bird6.conf | 0 H5/rootfs/etc/hosts | 5 ++ H5/rootfs/etc/network/interfaces | 0 H5/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ H8/config | 28 ++++++++++ H8/rootfs/etc/bird/bird.conf | 0 H8/rootfs/etc/bird/bird6.conf | 0 H8/rootfs/etc/hosts | 5 ++ H8/rootfs/etc/network/interfaces | 0 H8/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ R1/config | 53 ++++++++++++++++++ R1/rootfs/etc/bird/bird.conf | 47 ++++++++++++++++ R1/rootfs/etc/bird/bird6.conf | 47 ++++++++++++++++ R1/rootfs/etc/hosts | 5 ++ R1/rootfs/etc/network/firewall | 3 + R1/rootfs/etc/network/interfaces | 16 ++++++ R1/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ R2/config | 44 +++++++++++++++ R2/rootfs/etc/bird/bird.conf | 30 ++++++++++ R2/rootfs/etc/bird/bird6.conf | 30 ++++++++++ R2/rootfs/etc/hosts | 5 ++ R2/rootfs/etc/network/interfaces | 4 ++ R2/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ R5/config | 35 ++++++++++++ R5/rootfs/etc/bird/bird.conf | 26 +++++++++ R5/rootfs/etc/bird/bird6.conf | 26 +++++++++ R5/rootfs/etc/hosts | 5 ++ R5/rootfs/etc/network/interfaces | 4 ++ R5/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ R6/config | 35 ++++++++++++ R6/rootfs/etc/bird/bird.conf | 27 +++++++++ R6/rootfs/etc/bird/bird6.conf | 27 +++++++++ R6/rootfs/etc/hosts | 5 ++ R6/rootfs/etc/network/interfaces | 4 ++ R6/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ sparrow/config | 32 +++++++++++ sparrow/rootfs/etc/bird/bird.conf | 0 sparrow/rootfs/etc/bird/bird6.conf | 0 sparrow/rootfs/etc/hosts | 5 ++ sparrow/rootfs/etc/network/firewall | 4 ++ sparrow/rootfs/etc/network/interfaces | 18 ++++++ sparrow/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ weaver/config | 24 ++++++++ weaver/rootfs/etc/bird/bird.conf | 0 weaver/rootfs/etc/bird/bird6.conf | 0 weaver/rootfs/etc/hosts | 5 ++ weaver/rootfs/etc/network/interfaces | 10 ++++ weaver/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ webshop/config | 24 ++++++++ webshop/rootfs/etc/bird/bird.conf | 0 webshop/rootfs/etc/bird/bird6.conf | 0 webshop/rootfs/etc/hosts | 5 ++ webshop/rootfs/etc/network/interfaces | 11 ++++ webshop/rootfs/etc/sysctl.conf | 79 +++++++++++++++++++++++++++ 68 files changed, 1617 insertions(+) create mode 100644 H10/config create mode 100644 H10/rootfs/etc/bird/bird.conf create mode 100644 H10/rootfs/etc/bird/bird6.conf create mode 100644 H10/rootfs/etc/hosts create mode 100644 H10/rootfs/etc/network/interfaces create mode 100644 H10/rootfs/etc/sysctl.conf create mode 100644 H12/config create mode 100644 H12/rootfs/etc/bird/bird.conf create mode 100644 H12/rootfs/etc/bird/bird6.conf create mode 100644 H12/rootfs/etc/hosts create mode 100644 H12/rootfs/etc/network/interfaces create mode 100644 H12/rootfs/etc/sysctl.conf create mode 100644 H5/config create mode 100644 H5/rootfs/etc/bird/bird.conf create mode 100644 H5/rootfs/etc/bird/bird6.conf create mode 100644 H5/rootfs/etc/hosts create mode 100644 H5/rootfs/etc/network/interfaces create mode 100644 H5/rootfs/etc/sysctl.conf create mode 100644 H8/config create mode 100644 H8/rootfs/etc/bird/bird.conf create mode 100644 H8/rootfs/etc/bird/bird6.conf create mode 100644 H8/rootfs/etc/hosts create mode 100644 H8/rootfs/etc/network/interfaces create mode 100644 H8/rootfs/etc/sysctl.conf create mode 100644 R1/config create mode 100644 R1/rootfs/etc/bird/bird.conf create mode 100644 R1/rootfs/etc/bird/bird6.conf create mode 100644 R1/rootfs/etc/hosts create mode 100644 R1/rootfs/etc/network/firewall create mode 100644 R1/rootfs/etc/network/interfaces create mode 100644 R1/rootfs/etc/sysctl.conf create mode 100644 R2/config create mode 100644 R2/rootfs/etc/bird/bird.conf create mode 100644 R2/rootfs/etc/bird/bird6.conf create mode 100644 R2/rootfs/etc/hosts create mode 100644 R2/rootfs/etc/network/interfaces create mode 100644 R2/rootfs/etc/sysctl.conf create mode 100644 R5/config create mode 100644 R5/rootfs/etc/bird/bird.conf create mode 100644 R5/rootfs/etc/bird/bird6.conf create mode 100644 R5/rootfs/etc/hosts create mode 100644 R5/rootfs/etc/network/interfaces create mode 100644 R5/rootfs/etc/sysctl.conf create mode 100644 R6/config create mode 100644 R6/rootfs/etc/bird/bird.conf create mode 100644 R6/rootfs/etc/bird/bird6.conf create mode 100644 R6/rootfs/etc/hosts create mode 100644 R6/rootfs/etc/network/interfaces create mode 100644 R6/rootfs/etc/sysctl.conf create mode 100644 sparrow/config create mode 100644 sparrow/rootfs/etc/bird/bird.conf create mode 100644 sparrow/rootfs/etc/bird/bird6.conf create mode 100644 sparrow/rootfs/etc/hosts create mode 100644 sparrow/rootfs/etc/network/firewall create mode 100644 sparrow/rootfs/etc/network/interfaces create mode 100644 sparrow/rootfs/etc/sysctl.conf create mode 100644 weaver/config create mode 100644 weaver/rootfs/etc/bird/bird.conf create mode 100644 weaver/rootfs/etc/bird/bird6.conf create mode 100644 weaver/rootfs/etc/hosts create mode 100644 weaver/rootfs/etc/network/interfaces create mode 100644 weaver/rootfs/etc/sysctl.conf create mode 100644 webshop/config create mode 100644 webshop/rootfs/etc/bird/bird.conf create mode 100644 webshop/rootfs/etc/bird/bird6.conf create mode 100644 webshop/rootfs/etc/hosts create mode 100644 webshop/rootfs/etc/network/interfaces create mode 100644 webshop/rootfs/etc/sysctl.conf diff --git a/H10/config b/H10/config new file mode 100644 index 0000000..93ad611 --- /dev/null +++ b/H10/config @@ -0,0 +1,28 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/H10/rootfs +lxc.uts.name = H10 +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan1082 +lxc.net.0.veth.pair = h10.1082 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:08:02:0a +lxc.net.0.ipv4.address = 10.8.2.10/24 +lxc.net.0.ipv4.gateway = 10.8.2.1 +lxc.net.0.ipv6.address = 2001:db8:2501:82::10/64 +lxc.net.0.ipv6.gateway = 2001:db8:2501:82::1 diff --git a/H10/rootfs/etc/bird/bird.conf b/H10/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/H10/rootfs/etc/bird/bird6.conf b/H10/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/H10/rootfs/etc/hosts b/H10/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/H10/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/H10/rootfs/etc/network/interfaces b/H10/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/H10/rootfs/etc/sysctl.conf b/H10/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/H10/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/H12/config b/H12/config new file mode 100644 index 0000000..39f9a69 --- /dev/null +++ b/H12/config @@ -0,0 +1,28 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/H12/rootfs +lxc.uts.name = H12 +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan1050 +lxc.net.0.veth.pair = h12.1050 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:32:01:0c +lxc.net.0.ipv4.address = 10.50.1.12/24 +lxc.net.0.ipv4.gateway = 10.50.1.1 +lxc.net.0.ipv6.address = 2001:db8:2501:501::12/64 +lxc.net.0.ipv6.gateway = 2001:db8:2501:501::1 diff --git a/H12/rootfs/etc/bird/bird.conf b/H12/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/H12/rootfs/etc/bird/bird6.conf b/H12/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/H12/rootfs/etc/hosts b/H12/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/H12/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/H12/rootfs/etc/network/interfaces b/H12/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/H12/rootfs/etc/sysctl.conf b/H12/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/H12/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/H5/config b/H5/config new file mode 100644 index 0000000..0761214 --- /dev/null +++ b/H5/config @@ -0,0 +1,28 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/H5/rootfs +lxc.uts.name = H5 +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan1034 +lxc.net.0.veth.pair = h5.1034 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:2b:02:05 +lxc.net.0.ipv4.address = 10.34.2.5/24 +lxc.net.0.ipv4.gateway = 10.34.2.1 +lxc.net.0.ipv6.address = 2001:db8:2501:342::5/64 +lxc.net.0.ipv6.gateway = 2001:db8:2501:342::1 diff --git a/H5/rootfs/etc/bird/bird.conf b/H5/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/H5/rootfs/etc/bird/bird6.conf b/H5/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/H5/rootfs/etc/hosts b/H5/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/H5/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/H5/rootfs/etc/network/interfaces b/H5/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/H5/rootfs/etc/sysctl.conf b/H5/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/H5/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/H8/config b/H8/config new file mode 100644 index 0000000..ca1bfed --- /dev/null +++ b/H8/config @@ -0,0 +1,28 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/H8/rootfs +lxc.uts.name = H8 +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan1356 +lxc.net.0.veth.pair = h8.1356 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:03:38:08 +lxc.net.0.ipv4.address = 10.3.56.8/24 +lxc.net.0.ipv4.gateway = 10.3.56.1 +lxc.net.0.ipv6.address = 2001:db8:2501:56::8/64 +lxc.net.0.ipv6.gateway = 2001:db8:2501:56::1 diff --git a/H8/rootfs/etc/bird/bird.conf b/H8/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/H8/rootfs/etc/bird/bird6.conf b/H8/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/H8/rootfs/etc/hosts b/H8/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/H8/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/H8/rootfs/etc/network/interfaces b/H8/rootfs/etc/network/interfaces new file mode 100644 index 0000000..e69de29 diff --git a/H8/rootfs/etc/sysctl.conf b/H8/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/H8/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/R1/config b/R1/config new file mode 100644 index 0000000..160c08e --- /dev/null +++ b/R1/config @@ -0,0 +1,53 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/R1/rootfs +lxc.uts.name = R1 +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan1001 +lxc.net.0.veth.pair = r1.1001 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:00:01:05 +lxc.net.0.ipv4.address = 10.0.1.5/24 +lxc.net.0.ipv6.address = 2001:db8:2501:1::5/64 +lxc.net.1.type = veth +lxc.net.1.flags = up +lxc.net.1.name = vlan1012 +lxc.net.1.veth.pair = r1.1012 +lxc.net.1.script.up = /etc/lxc/lxc-openvswitch +lxc.net.1.script.down = /etc/lxc/lxc-openvswitch +lxc.net.1.hwaddr = 02:00:0a:01:02:07 +lxc.net.1.ipv4.address = 10.1.2.7/24 +lxc.net.1.ipv6.address = 2001:db8:2501:2::7/64 +lxc.net.2.type = veth +lxc.net.2.flags = up +lxc.net.2.name = vlan1356 +lxc.net.2.veth.pair = r1.1356 +lxc.net.2.script.up = /etc/lxc/lxc-openvswitch +lxc.net.2.script.down = /etc/lxc/lxc-openvswitch +lxc.net.2.hwaddr = 02:00:0a:03:38:01 +lxc.net.2.ipv4.address = 10.3.56.1/24 +lxc.net.2.ipv6.address = 2001:db8:2501:56::1/64 + + +lxc.net.3.type = veth +lxc.net.3.name = vlan10 +lxc.net.3.veth.pair = r1.10 +lxc.net.3.flags = up +lxc.net.3.script.up = /etc/lxc/lxc-openvswitch +lxc.net.3.script.down = /etc/lxc/lxc-openvswitch + diff --git a/R1/rootfs/etc/bird/bird.conf b/R1/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..1eaf253 --- /dev/null +++ b/R1/rootfs/etc/bird/bird.conf @@ -0,0 +1,47 @@ +router id 10.9.99.1; + +log "/var/log/bird/bird.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + #import none; + export all; + learn; + preference 254; +} + +protocol device { + # defaults... + scan time 10; +} + +protocol direct { + interface "vlan10"; +} + +filter ospfexport { + if (source = RTS_DEVICE) || (net = 0.0.0.0/0) + then accept; + else reject; +}; + +protocol ospf { + export filter ospfexport; + import all; + area 0 { + interface "lo" { + stub; + }; + interface "vlan1001" { + }; + interface "vlan1012" { + }; + interface "vlan1356" { + stub; + }; + interface "vlan10" { + type broadcast; + }; + }; +}; + diff --git a/R1/rootfs/etc/bird/bird6.conf b/R1/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..75c2366 --- /dev/null +++ b/R1/rootfs/etc/bird/bird6.conf @@ -0,0 +1,47 @@ +router id 10.9.99.1; + +log "/var/log/bird/bird.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + #import none; + export all; + learn; + preference 254; +} + +protocol device { + # defaults... + scan time 10; +} + +protocol direct { + interface "vlan10"; +} + +filter ospfexport { + if (source = RTS_DEVICE) || (net = ::/0) + then accept; + else reject; +} + +protocol ospf { + export filter ospfexport; + import all; + area 0 { + interface "lo" { + stub; + }; + interface "vlan1001" { + }; + interface "vlan1012" { + }; + interface "vlan1356" { + stub; + }; + interface "vlan10" { + type broadcast; + }; + }; +}; + diff --git a/R1/rootfs/etc/hosts b/R1/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/R1/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/R1/rootfs/etc/network/firewall b/R1/rootfs/etc/network/firewall new file mode 100644 index 0000000..7f8ccb8 --- /dev/null +++ b/R1/rootfs/etc/network/firewall @@ -0,0 +1,3 @@ +*nat +-A POSTROUTING -o vlan10 -j MASQUERADE +COMMIT diff --git a/R1/rootfs/etc/network/interfaces b/R1/rootfs/etc/network/interfaces new file mode 100644 index 0000000..eb610d0 --- /dev/null +++ b/R1/rootfs/etc/network/interfaces @@ -0,0 +1,16 @@ +auto lo +iface lo inet loopback + up ip addr add 10.9.99.1/32 dev lo + down ip addr del 10.9.99.1/32 dev lo + +iface vlan10 inet manual + pre-up iptables-restore < /etc/network/firewall + up ip link set up dev vlan10 + up ip addr add 198.51.100.13/26 brd + dev vlan10 + up ip route add default via 198.51.100.1 dev vlan10 + up ip -6 addr add 2001:db8:1998::19/120 dev vlan10 + up ip -6 route add default via 2001:db8:1998::1 dev vlan10 + down ip addr del 198.51.100.19/26 dev vlan10 + down ip -6 addr del 2001:db8:1998::19/120 dev vlan10 + down ip link set down dev vlan10 + diff --git a/R1/rootfs/etc/sysctl.conf b/R1/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/R1/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/R2/config b/R2/config new file mode 100644 index 0000000..36f04c0 --- /dev/null +++ b/R2/config @@ -0,0 +1,44 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/R2/rootfs +lxc.uts.name = R2 +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan1012 +lxc.net.0.veth.pair = r2.1012 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:01:02:7b +lxc.net.0.ipv4.address = 10.1.2.123/24 +lxc.net.0.ipv6.address = 2001:db8:2501:2::123/64 +lxc.net.1.type = veth +lxc.net.1.flags = up +lxc.net.1.name = vlan1082 +lxc.net.1.veth.pair = r2.1082 +lxc.net.1.script.up = /etc/lxc/lxc-openvswitch +lxc.net.1.script.down = /etc/lxc/lxc-openvswitch +lxc.net.1.hwaddr = 02:00:0a:08:02:01 +lxc.net.1.ipv4.address = 10.8.2.1/24 +lxc.net.1.ipv6.address = 2001:db8:2501:82::1/64 +lxc.net.2.type = veth +lxc.net.2.flags = up +lxc.net.2.name = vlan1050 +lxc.net.2.veth.pair = r2.1050 +lxc.net.2.script.up = /etc/lxc/lxc-openvswitch +lxc.net.2.script.down = /etc/lxc/lxc-openvswitch +lxc.net.2.hwaddr = 02:00:0a:32:01:01 +lxc.net.2.ipv4.address = 10.50.1.1/24 +lxc.net.2.ipv6.address = 2001:db8:2501:501::1/64 diff --git a/R2/rootfs/etc/bird/bird.conf b/R2/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..ed1cc94 --- /dev/null +++ b/R2/rootfs/etc/bird/bird.conf @@ -0,0 +1,30 @@ +router id 10.9.99.2; + +log "/var/log/bird/bird.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan1082" { + stub; + }; + interface "vlan1050" { + stub; + }; + interface "vlan1012" { + }; + }; +}; + diff --git a/R2/rootfs/etc/bird/bird6.conf b/R2/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..ed1cc94 --- /dev/null +++ b/R2/rootfs/etc/bird/bird6.conf @@ -0,0 +1,30 @@ +router id 10.9.99.2; + +log "/var/log/bird/bird.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan1082" { + stub; + }; + interface "vlan1050" { + stub; + }; + interface "vlan1012" { + }; + }; +}; + diff --git a/R2/rootfs/etc/hosts b/R2/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/R2/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/R2/rootfs/etc/network/interfaces b/R2/rootfs/etc/network/interfaces new file mode 100644 index 0000000..723f775 --- /dev/null +++ b/R2/rootfs/etc/network/interfaces @@ -0,0 +1,4 @@ +auto lo +iface lo inet loopback + up ip addr add 10.9.99.2/32 dev lo + down ip addr del 10.9.99.2/32 dev lo diff --git a/R2/rootfs/etc/sysctl.conf b/R2/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/R2/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/R5/config b/R5/config new file mode 100644 index 0000000..6ce23e9 --- /dev/null +++ b/R5/config @@ -0,0 +1,35 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/R5/rootfs +lxc.uts.name = R5 +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan1001 +lxc.net.0.veth.pair = r5.1001 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:00:01:04 +lxc.net.0.ipv4.address = 10.0.1.4/24 +lxc.net.0.ipv6.address = 2001:db8:2501:1::4/64 +lxc.net.1.type = veth +lxc.net.1.flags = up +lxc.net.1.name = vlan1012 +lxc.net.1.veth.pair = r5.1012 +lxc.net.1.script.up = /etc/lxc/lxc-openvswitch +lxc.net.1.script.down = /etc/lxc/lxc-openvswitch +lxc.net.1.hwaddr = 02:00:0a:01:02:38 +lxc.net.1.ipv4.address = 10.1.2.56/24 +lxc.net.1.ipv6.address = 2001:db8:2501:2::56/64 diff --git a/R5/rootfs/etc/bird/bird.conf b/R5/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..de43fc9 --- /dev/null +++ b/R5/rootfs/etc/bird/bird.conf @@ -0,0 +1,26 @@ +router id 10.9.99.5; + +log "/var/log/bird/bird.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan1001" { + }; + interface "vlan1012" { + }; + }; +}; + diff --git a/R5/rootfs/etc/bird/bird6.conf b/R5/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..de43fc9 --- /dev/null +++ b/R5/rootfs/etc/bird/bird6.conf @@ -0,0 +1,26 @@ +router id 10.9.99.5; + +log "/var/log/bird/bird.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan1001" { + }; + interface "vlan1012" { + }; + }; +}; + diff --git a/R5/rootfs/etc/hosts b/R5/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/R5/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/R5/rootfs/etc/network/interfaces b/R5/rootfs/etc/network/interfaces new file mode 100644 index 0000000..fb6dd80 --- /dev/null +++ b/R5/rootfs/etc/network/interfaces @@ -0,0 +1,4 @@ +auto lo +iface lo inet loopback + up ip addr add 10.9.99.5/32 dev lo + down ip addr del 10.9.99.5/32 dev lo diff --git a/R5/rootfs/etc/sysctl.conf b/R5/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/R5/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/R6/config b/R6/config new file mode 100644 index 0000000..b5a043f --- /dev/null +++ b/R6/config @@ -0,0 +1,35 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/R6/rootfs +lxc.uts.name = R6 +lxc.net.0.type = veth +lxc.net.0.flags = up +lxc.net.0.name = vlan1001 +lxc.net.0.veth.pair = r6.1001 +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.net.0.hwaddr = 02:00:0a:00:01:08 +lxc.net.0.ipv4.address = 10.0.1.8/24 +lxc.net.0.ipv6.address = 2001:db8:2501:1::8/64 +lxc.net.1.type = veth +lxc.net.1.flags = up +lxc.net.1.name = vlan1034 +lxc.net.1.veth.pair = r6.1034 +lxc.net.1.script.up = /etc/lxc/lxc-openvswitch +lxc.net.1.script.down = /etc/lxc/lxc-openvswitch +lxc.net.1.hwaddr = 02:00:0a:2b:02:01 +lxc.net.1.ipv4.address = 10.34.2.1/24 +lxc.net.1.ipv6.address = 2001:db8:2501:342::1/64 diff --git a/R6/rootfs/etc/bird/bird.conf b/R6/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..0f6bd41 --- /dev/null +++ b/R6/rootfs/etc/bird/bird.conf @@ -0,0 +1,27 @@ +router id 10.9.99.6; + +log "/var/log/bird/bird.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan1001" { + }; + interface "vlan1034" { + stub; + }; + }; +}; diff --git a/R6/rootfs/etc/bird/bird6.conf b/R6/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..0f6bd41 --- /dev/null +++ b/R6/rootfs/etc/bird/bird6.conf @@ -0,0 +1,27 @@ +router id 10.9.99.6; + +log "/var/log/bird/bird.log" all; +debug protocols { states, routes, filters, interfaces } + +protocol kernel { + import none; + export all; +} + +protocol device { + # defaults... +} + + +protocol ospf { + area 0 { + interface "lo" { + stub; + }; + interface "vlan1001" { + }; + interface "vlan1034" { + stub; + }; + }; +}; diff --git a/R6/rootfs/etc/hosts b/R6/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/R6/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/R6/rootfs/etc/network/interfaces b/R6/rootfs/etc/network/interfaces new file mode 100644 index 0000000..03f4ed4 --- /dev/null +++ b/R6/rootfs/etc/network/interfaces @@ -0,0 +1,4 @@ +auto lo +iface lo inet loopback + up ip addr add 10.9.99.6/32 dev lo + down ip addr del 10.9.99.6/32 dev lo diff --git a/R6/rootfs/etc/sysctl.conf b/R6/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/R6/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/sparrow/config b/sparrow/config new file mode 100644 index 0000000..4726c23 --- /dev/null +++ b/sparrow/config @@ -0,0 +1,32 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.net.0.type = veth +#lxc.net.0.link = vlan10 +lxc.net.0.name = vlan10 +lxc.net.0.veth.pair = sparrow.10 +lxc.net.0.flags = up +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch + +lxc.net.1.type = veth +lxc.net.1.name = vlan60 +lxc.net.1.veth.pair = sparrow.60 +lxc.net.1.flags = up +lxc.net.1.script.up = /etc/lxc/lxc-openvswitch +lxc.net.1.script.down = /etc/lxc/lxc-openvswitch + +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/sparrow/rootfs +lxc.uts.name = sparrow diff --git a/sparrow/rootfs/etc/bird/bird.conf b/sparrow/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/sparrow/rootfs/etc/bird/bird6.conf b/sparrow/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/sparrow/rootfs/etc/hosts b/sparrow/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/sparrow/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/sparrow/rootfs/etc/network/firewall b/sparrow/rootfs/etc/network/firewall new file mode 100644 index 0000000..879e813 --- /dev/null +++ b/sparrow/rootfs/etc/network/firewall @@ -0,0 +1,4 @@ +*nat +-A POSTROUTING -o vlan10 -j MASQUERADE +COMMIT + diff --git a/sparrow/rootfs/etc/network/interfaces b/sparrow/rootfs/etc/network/interfaces new file mode 100644 index 0000000..5feede0 --- /dev/null +++ b/sparrow/rootfs/etc/network/interfaces @@ -0,0 +1,18 @@ +auto lo +iface lo inet loopback + +auto vlan10 +iface vlan10 inet manual + pre-up iptables-restore < /etc/network/firewall + up ip link set up dev vlan10 + up ip addr add 198.51.100.19/26 brd + dev vlan10 + up ip route add default via 198.51.100.1 dev vlan10 + down ip addr del 198.51.100.19/26 dev vlan10 + down ip link set down dev vlan10 + +auto vlan60 +iface vlan60 inet manual + up ip link set up dev vlan60 + up ip addr add 10.1.60.1/24 brd + dev vlan60 + down ip addr del 10.1.60.1/24 dev vlan60 + down ip link set down dev vlan60 \ No newline at end of file diff --git a/sparrow/rootfs/etc/sysctl.conf b/sparrow/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/sparrow/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/weaver/config b/weaver/config new file mode 100644 index 0000000..5dbdbf9 --- /dev/null +++ b/weaver/config @@ -0,0 +1,24 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.net.0.type = veth +#lxc.net.0.link = vlan10 +lxc.net.0.name = vlan60 +lxc.net.0.veth.pair = waever.60 +lxc.net.0.flags = up +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/weaver/rootfs +lxc.uts.name = weaver diff --git a/weaver/rootfs/etc/bird/bird.conf b/weaver/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/weaver/rootfs/etc/bird/bird6.conf b/weaver/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/weaver/rootfs/etc/hosts b/weaver/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/weaver/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/weaver/rootfs/etc/network/interfaces b/weaver/rootfs/etc/network/interfaces new file mode 100644 index 0000000..f1c0547 --- /dev/null +++ b/weaver/rootfs/etc/network/interfaces @@ -0,0 +1,10 @@ +auto lo +iface lo inet loopback + +auto vlan60 +iface vlan60 inet manual + up ip link set up dev vlan60 + up ip addr add 10.1.60.21/24 brd + dev vlan60 + up ip route add default via 10.1.60.1 dev vlan60 + down ip addr del 10.1.60.21/24 dev vlan60 + down ip link set down dev vlan60 diff --git a/weaver/rootfs/etc/sysctl.conf b/weaver/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/weaver/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0 diff --git a/webshop/config b/webshop/config new file mode 100644 index 0000000..c384cd0 --- /dev/null +++ b/webshop/config @@ -0,0 +1,24 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r stretch +# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873 +# For additional config options, please look at lxc.container.conf(5) +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) +lxc.net.0.type = veth +#lxc.net.0.link = vlan10 +lxc.net.0.name = vlan10 +lxc.net.0.veth.pair = webshop.10 +lxc.net.0.flags = up +lxc.net.0.script.up = /etc/lxc/lxc-openvswitch +lxc.net.0.script.down = /etc/lxc/lxc-openvswitch +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf +# Container specific configuration +lxc.tty.max = 4 +lxc.arch = amd64 +lxc.pty.max = 1024 +lxc.rootfs.path = btrfs:/var/lib/lxc/webshop/rootfs +lxc.uts.name = webshop diff --git a/webshop/rootfs/etc/bird/bird.conf b/webshop/rootfs/etc/bird/bird.conf new file mode 100644 index 0000000..e69de29 diff --git a/webshop/rootfs/etc/bird/bird6.conf b/webshop/rootfs/etc/bird/bird6.conf new file mode 100644 index 0000000..e69de29 diff --git a/webshop/rootfs/etc/hosts b/webshop/rootfs/etc/hosts new file mode 100644 index 0000000..72e1fd8 --- /dev/null +++ b/webshop/rootfs/etc/hosts @@ -0,0 +1,5 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/webshop/rootfs/etc/network/interfaces b/webshop/rootfs/etc/network/interfaces new file mode 100644 index 0000000..f053ff8 --- /dev/null +++ b/webshop/rootfs/etc/network/interfaces @@ -0,0 +1,11 @@ +auto lo +iface lo inet loopback + +auto vlan10 +iface vlan10 inet manual + up ip link set up dev vlan10 + up ip addr add 198.51.100.36/26 brd + dev vlan10 + up ip route add default via 198.51.100.1 dev vlan10 + down ip addr del 198.51.100.36 dev vlan10 + down ip link set down dev vlan10 + diff --git a/webshop/rootfs/etc/sysctl.conf b/webshop/rootfs/etc/sysctl.conf new file mode 100644 index 0000000..25809a1 --- /dev/null +++ b/webshop/rootfs/etc/sysctl.conf @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + +net.ipv4.icmp_ratelimit = 0 +net.ipv6.icmp.ratelimit = 0 + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all +# Debian kernels have this set to 0 (disable the key) +# See https://www.kernel.org/doc/Documentation/sysrq.txt +# for what other values do +#kernel.sysrq=1 + +################################################################### +# Protected links +# +# Protects against creating or following links under certain conditions +# Debian kernels have both set to 1 (restricted) +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks=0 +#fs.protected_symlinks=0