From ec74b0b40f60a0946359fdf4dc4cfe9391fd2171 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 20 Mar 2024 16:31:18 +0000 Subject: [PATCH] 7 --- 50-cloud-init.yaml | 26 ++++++++++++++++++++++++++ Makefile | 12 ++++++++++++ get-ethernet-mac-address.sh | 6 ++++++ rules.v4 | 35 +++++++++++++++++++++++++++++++++++ rules.v6 | 12 ++++++++++++ 5 files changed, 91 insertions(+) create mode 100644 50-cloud-init.yaml create mode 100755 get-ethernet-mac-address.sh create mode 100644 rules.v4 create mode 100644 rules.v6 diff --git a/50-cloud-init.yaml b/50-cloud-init.yaml new file mode 100644 index 0000000..f09b501 --- /dev/null +++ b/50-cloud-init.yaml @@ -0,0 +1,26 @@ +# This file is generated from information provided by the datasource. Changes +# to it will not persist across an instance reboot. To disable cloud-init's +# network configuration capabilities, write a file +# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: +# network: {config: disabled} +network: + ethernets: + eth0: + dhcp4: true + dhcp6: false + match: + macaddress: 00:15:5d:ce:28:e1 + set-name: eth0 + eth1: + dhcp4: false + dhcp6: false + match: + macaddress: ###ETH1_MAC### + set-name: eth1 + + bridges: + br0: + dhcp4: false + dhcp6: false + interfaces: [eth1] + version: 2 diff --git a/Makefile b/Makefile index 4f3e8c1..55aefe7 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,9 @@ remove-debian-sources: install-il-debian-sources: cp -vf il-sources.list /etc/apt/sources.list.d/il-sources.list +install-iptables-tools: + apt install iptables iptstate conntrack iptables-persistent netfilter-persistent -y + install: install-gns3 install-docker: @@ -104,3 +107,12 @@ get-busy-box-static: disable-firewalld: systemctl disable --now firewalld + + +fix-cloudinit-netplan-permissions: + chmod 600 /etc/netplan/50-cloud-init.yaml + +install-default-iptables-persistent-rules: + cp -vf rules.v4 /etc/iptables/rules.v4 + cp -vf rules.v6 /etc/iptables/rules.v6 + diff --git a/get-ethernet-mac-address.sh b/get-ethernet-mac-address.sh new file mode 100755 index 0000000..1a8eb32 --- /dev/null +++ b/get-ethernet-mac-address.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +INTERFACE="$1" + +ip -o l show ${INTERCACE} | sed -e "s@.*link\/ether @@g" -e "s@\ brd\ .*@@g" + diff --git a/rules.v4 b/rules.v4 new file mode 100644 index 0000000..a119255 --- /dev/null +++ b/rules.v4 @@ -0,0 +1,35 @@ +# Generated by iptables-save v1.8.9 (nf_tables) on Wed Mar 20 16:29:04 2024 +*mangle +:PREROUTING ACCEPT [5906:480354] +:INPUT ACCEPT [5847:469379] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [4269:489003] +:POSTROUTING ACCEPT [4272:489210] +COMMIT +# Completed on Wed Mar 20 16:29:04 2024 +# Generated by iptables-save v1.8.9 (nf_tables) on Wed Mar 20 16:29:04 2024 +*raw +:PREROUTING ACCEPT [5906:480354] +:OUTPUT ACCEPT [4269:489003] +COMMIT +# Completed on Wed Mar 20 16:29:04 2024 +# Generated by iptables-save v1.8.9 (nf_tables) on Wed Mar 20 16:29:04 2024 +*filter +:INPUT ACCEPT [4526:358155] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [4269:489003] +-A INPUT -i lo -j ACCEPT +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -i br0 -j ACCEPT +-A FORWARD -o br0 -j ACCEPT +COMMIT +# Completed on Wed Mar 20 16:29:04 2024 +# Generated by iptables-save v1.8.9 (nf_tables) on Wed Mar 20 16:29:04 2024 +*nat +:PREROUTING ACCEPT [17:3221] +:INPUT ACCEPT [4:772] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +COMMIT +# Completed on Wed Mar 20 16:29:04 2024 diff --git a/rules.v6 b/rules.v6 new file mode 100644 index 0000000..ae84ce4 --- /dev/null +++ b/rules.v6 @@ -0,0 +1,12 @@ +# Generated by ip6tables-save v1.8.9 (nf_tables) on Wed Mar 20 16:29:00 2024 +*filter +:INPUT ACCEPT [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -i lo -j ACCEPT +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -i br0 -j ACCEPT +-A FORWARD -o br0 -j ACCEPT +COMMIT +# Completed on Wed Mar 20 16:29:00 2024