OSPF-Intro done
This commit is contained in:
root
parent
314f22c87c
commit
19875ff5db
|
|
@ -0,0 +1,28 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H10/rootfs
|
||||
lxc.uts.name = H10
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1082
|
||||
lxc.net.0.veth.pair = h10.1082
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:08:02:0a
|
||||
lxc.net.0.ipv4.address = 10.8.2.10/24
|
||||
lxc.net.0.ipv4.gateway = 10.8.2.1
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:82::10/64
|
||||
lxc.net.0.ipv6.gateway = 2001:db8:2501:82::1
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H12/rootfs
|
||||
lxc.uts.name = H12
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1050
|
||||
lxc.net.0.veth.pair = h12.1050
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:32:01:0c
|
||||
lxc.net.0.ipv4.address = 10.50.1.12/24
|
||||
lxc.net.0.ipv4.gateway = 10.50.1.1
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:501::12/64
|
||||
lxc.net.0.ipv6.gateway = 2001:db8:2501:501::1
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H5/rootfs
|
||||
lxc.uts.name = H5
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1034
|
||||
lxc.net.0.veth.pair = h5.1034
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:2b:02:05
|
||||
lxc.net.0.ipv4.address = 10.34.2.5/24
|
||||
lxc.net.0.ipv4.gateway = 10.34.2.1
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:342::5/64
|
||||
lxc.net.0.ipv6.gateway = 2001:db8:2501:342::1
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H8/rootfs
|
||||
lxc.uts.name = H8
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1356
|
||||
lxc.net.0.veth.pair = h8.1356
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:03:38:08
|
||||
lxc.net.0.ipv4.address = 10.3.56.8/24
|
||||
lxc.net.0.ipv4.gateway = 10.3.56.1
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:56::8/64
|
||||
lxc.net.0.ipv6.gateway = 2001:db8:2501:56::1
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/R1/rootfs
|
||||
lxc.uts.name = R1
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1001
|
||||
lxc.net.0.veth.pair = r1.1001
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:00:01:05
|
||||
lxc.net.0.ipv4.address = 10.0.1.5/24
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:1::5/64
|
||||
lxc.net.1.type = veth
|
||||
lxc.net.1.flags = up
|
||||
lxc.net.1.name = vlan1012
|
||||
lxc.net.1.veth.pair = r1.1012
|
||||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.hwaddr = 02:00:0a:01:02:07
|
||||
lxc.net.1.ipv4.address = 10.1.2.7/24
|
||||
lxc.net.1.ipv6.address = 2001:db8:2501:2::7/64
|
||||
lxc.net.2.type = veth
|
||||
lxc.net.2.flags = up
|
||||
lxc.net.2.name = vlan1356
|
||||
lxc.net.2.veth.pair = r1.1356
|
||||
lxc.net.2.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.2.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.2.hwaddr = 02:00:0a:03:38:01
|
||||
lxc.net.2.ipv4.address = 10.3.56.1/24
|
||||
lxc.net.2.ipv6.address = 2001:db8:2501:56::1/64
|
||||
|
||||
|
||||
lxc.net.3.type = veth
|
||||
lxc.net.3.name = vlan10
|
||||
lxc.net.3.veth.pair = r1.10
|
||||
lxc.net.3.flags = up
|
||||
lxc.net.3.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.3.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
router id 10.9.99.1;
|
||||
|
||||
log "/var/log/bird/bird.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
||||
protocol kernel {
|
||||
#import none;
|
||||
export all;
|
||||
learn;
|
||||
preference 254;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
# defaults...
|
||||
scan time 10;
|
||||
}
|
||||
|
||||
protocol direct {
|
||||
interface "vlan10";
|
||||
}
|
||||
|
||||
filter ospfexport {
|
||||
if (source = RTS_DEVICE) || (net = 0.0.0.0/0)
|
||||
then accept;
|
||||
else reject;
|
||||
};
|
||||
|
||||
protocol ospf {
|
||||
export filter ospfexport;
|
||||
import all;
|
||||
area 0 {
|
||||
interface "lo" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1001" {
|
||||
};
|
||||
interface "vlan1012" {
|
||||
};
|
||||
interface "vlan1356" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan10" {
|
||||
type broadcast;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
router id 10.9.99.1;
|
||||
|
||||
log "/var/log/bird/bird.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
||||
protocol kernel {
|
||||
#import none;
|
||||
export all;
|
||||
learn;
|
||||
preference 254;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
# defaults...
|
||||
scan time 10;
|
||||
}
|
||||
|
||||
protocol direct {
|
||||
interface "vlan10";
|
||||
}
|
||||
|
||||
filter ospfexport {
|
||||
if (source = RTS_DEVICE) || (net = ::/0)
|
||||
then accept;
|
||||
else reject;
|
||||
}
|
||||
|
||||
protocol ospf {
|
||||
export filter ospfexport;
|
||||
import all;
|
||||
area 0 {
|
||||
interface "lo" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1001" {
|
||||
};
|
||||
interface "vlan1012" {
|
||||
};
|
||||
interface "vlan1356" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan10" {
|
||||
type broadcast;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
*nat
|
||||
-A POSTROUTING -o vlan10 -j MASQUERADE
|
||||
COMMIT
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 10.9.99.1/32 dev lo
|
||||
down ip addr del 10.9.99.1/32 dev lo
|
||||
|
||||
iface vlan10 inet manual
|
||||
pre-up iptables-restore < /etc/network/firewall
|
||||
up ip link set up dev vlan10
|
||||
up ip addr add 198.51.100.13/26 brd + dev vlan10
|
||||
up ip route add default via 198.51.100.1 dev vlan10
|
||||
up ip -6 addr add 2001:db8:1998::19/120 dev vlan10
|
||||
up ip -6 route add default via 2001:db8:1998::1 dev vlan10
|
||||
down ip addr del 198.51.100.19/26 dev vlan10
|
||||
down ip -6 addr del 2001:db8:1998::19/120 dev vlan10
|
||||
down ip link set down dev vlan10
|
||||
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/R2/rootfs
|
||||
lxc.uts.name = R2
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1012
|
||||
lxc.net.0.veth.pair = r2.1012
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:01:02:7b
|
||||
lxc.net.0.ipv4.address = 10.1.2.123/24
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:2::123/64
|
||||
lxc.net.1.type = veth
|
||||
lxc.net.1.flags = up
|
||||
lxc.net.1.name = vlan1082
|
||||
lxc.net.1.veth.pair = r2.1082
|
||||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.hwaddr = 02:00:0a:08:02:01
|
||||
lxc.net.1.ipv4.address = 10.8.2.1/24
|
||||
lxc.net.1.ipv6.address = 2001:db8:2501:82::1/64
|
||||
lxc.net.2.type = veth
|
||||
lxc.net.2.flags = up
|
||||
lxc.net.2.name = vlan1050
|
||||
lxc.net.2.veth.pair = r2.1050
|
||||
lxc.net.2.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.2.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.2.hwaddr = 02:00:0a:32:01:01
|
||||
lxc.net.2.ipv4.address = 10.50.1.1/24
|
||||
lxc.net.2.ipv6.address = 2001:db8:2501:501::1/64
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
router id 10.9.99.2;
|
||||
|
||||
log "/var/log/bird/bird.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
||||
protocol kernel {
|
||||
import none;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
# defaults...
|
||||
}
|
||||
|
||||
protocol ospf {
|
||||
area 0 {
|
||||
interface "lo" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1082" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1050" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1012" {
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
router id 10.9.99.2;
|
||||
|
||||
log "/var/log/bird/bird.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
||||
protocol kernel {
|
||||
import none;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
# defaults...
|
||||
}
|
||||
|
||||
protocol ospf {
|
||||
area 0 {
|
||||
interface "lo" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1082" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1050" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1012" {
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 10.9.99.2/32 dev lo
|
||||
down ip addr del 10.9.99.2/32 dev lo
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/R5/rootfs
|
||||
lxc.uts.name = R5
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1001
|
||||
lxc.net.0.veth.pair = r5.1001
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:00:01:04
|
||||
lxc.net.0.ipv4.address = 10.0.1.4/24
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:1::4/64
|
||||
lxc.net.1.type = veth
|
||||
lxc.net.1.flags = up
|
||||
lxc.net.1.name = vlan1012
|
||||
lxc.net.1.veth.pair = r5.1012
|
||||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.hwaddr = 02:00:0a:01:02:38
|
||||
lxc.net.1.ipv4.address = 10.1.2.56/24
|
||||
lxc.net.1.ipv6.address = 2001:db8:2501:2::56/64
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
router id 10.9.99.5;
|
||||
|
||||
log "/var/log/bird/bird.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
||||
protocol kernel {
|
||||
import none;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
# defaults...
|
||||
}
|
||||
|
||||
protocol ospf {
|
||||
area 0 {
|
||||
interface "lo" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1001" {
|
||||
};
|
||||
interface "vlan1012" {
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
router id 10.9.99.5;
|
||||
|
||||
log "/var/log/bird/bird.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
||||
protocol kernel {
|
||||
import none;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
# defaults...
|
||||
}
|
||||
|
||||
protocol ospf {
|
||||
area 0 {
|
||||
interface "lo" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1001" {
|
||||
};
|
||||
interface "vlan1012" {
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 10.9.99.5/32 dev lo
|
||||
down ip addr del 10.9.99.5/32 dev lo
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/R6/rootfs
|
||||
lxc.uts.name = R6
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1001
|
||||
lxc.net.0.veth.pair = r6.1001
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:00:01:08
|
||||
lxc.net.0.ipv4.address = 10.0.1.8/24
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:1::8/64
|
||||
lxc.net.1.type = veth
|
||||
lxc.net.1.flags = up
|
||||
lxc.net.1.name = vlan1034
|
||||
lxc.net.1.veth.pair = r6.1034
|
||||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.hwaddr = 02:00:0a:2b:02:01
|
||||
lxc.net.1.ipv4.address = 10.34.2.1/24
|
||||
lxc.net.1.ipv6.address = 2001:db8:2501:342::1/64
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
router id 10.9.99.6;
|
||||
|
||||
log "/var/log/bird/bird.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
||||
protocol kernel {
|
||||
import none;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
# defaults...
|
||||
}
|
||||
|
||||
|
||||
protocol ospf {
|
||||
area 0 {
|
||||
interface "lo" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1001" {
|
||||
};
|
||||
interface "vlan1034" {
|
||||
stub;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
router id 10.9.99.6;
|
||||
|
||||
log "/var/log/bird/bird.log" all;
|
||||
debug protocols { states, routes, filters, interfaces }
|
||||
|
||||
protocol kernel {
|
||||
import none;
|
||||
export all;
|
||||
}
|
||||
|
||||
protocol device {
|
||||
# defaults...
|
||||
}
|
||||
|
||||
|
||||
protocol ospf {
|
||||
area 0 {
|
||||
interface "lo" {
|
||||
stub;
|
||||
};
|
||||
interface "vlan1001" {
|
||||
};
|
||||
interface "vlan1034" {
|
||||
stub;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 10.9.99.6/32 dev lo
|
||||
down ip addr del 10.9.99.6/32 dev lo
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.net.0.type = veth
|
||||
#lxc.net.0.link = vlan10
|
||||
lxc.net.0.name = vlan10
|
||||
lxc.net.0.veth.pair = sparrow.10
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
lxc.net.1.type = veth
|
||||
lxc.net.1.name = vlan60
|
||||
lxc.net.1.veth.pair = sparrow.60
|
||||
lxc.net.1.flags = up
|
||||
lxc.net.1.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.1.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/sparrow/rootfs
|
||||
lxc.uts.name = sparrow
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
*nat
|
||||
-A POSTROUTING -o vlan10 -j MASQUERADE
|
||||
COMMIT
|
||||
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto vlan10
|
||||
iface vlan10 inet manual
|
||||
pre-up iptables-restore < /etc/network/firewall
|
||||
up ip link set up dev vlan10
|
||||
up ip addr add 198.51.100.19/26 brd + dev vlan10
|
||||
up ip route add default via 198.51.100.1 dev vlan10
|
||||
down ip addr del 198.51.100.19/26 dev vlan10
|
||||
down ip link set down dev vlan10
|
||||
|
||||
auto vlan60
|
||||
iface vlan60 inet manual
|
||||
up ip link set up dev vlan60
|
||||
up ip addr add 10.1.60.1/24 brd + dev vlan60
|
||||
down ip addr del 10.1.60.1/24 dev vlan60
|
||||
down ip link set down dev vlan60
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.net.0.type = veth
|
||||
#lxc.net.0.link = vlan10
|
||||
lxc.net.0.name = vlan60
|
||||
lxc.net.0.veth.pair = waever.60
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/weaver/rootfs
|
||||
lxc.uts.name = weaver
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto vlan60
|
||||
iface vlan60 inet manual
|
||||
up ip link set up dev vlan60
|
||||
up ip addr add 10.1.60.21/24 brd + dev vlan60
|
||||
up ip route add default via 10.1.60.1 dev vlan60
|
||||
down ip addr del 10.1.60.21/24 dev vlan60
|
||||
down ip link set down dev vlan60
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.net.0.type = veth
|
||||
#lxc.net.0.link = vlan10
|
||||
lxc.net.0.name = vlan10
|
||||
lxc.net.0.veth.pair = webshop.10
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/webshop/rootfs
|
||||
lxc.uts.name = webshop
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto vlan10
|
||||
iface vlan10 inet manual
|
||||
up ip link set up dev vlan10
|
||||
up ip addr add 198.51.100.36/26 brd + dev vlan10
|
||||
up ip route add default via 198.51.100.1 dev vlan10
|
||||
down ip addr del 198.51.100.36 dev vlan10
|
||||
down ip link set down dev vlan10
|
||||
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
||||
Loading…
Reference in New Issue