7

2024-03-20 16:31:18 +00:00 · 2024-03-20 16:31:18 +00:00 · ec74b0b40f
commit ec74b0b40f
parent 666a14210a
5 changed files with 91 additions and 0 deletions
--- a/50-cloud-init.yaml
+++ b/50-cloud-init.yaml
@ -0,0 +1,26 @@
+# This file is generated from information provided by the datasource.  Changes
+# to it will not persist across an instance reboot.  To disable cloud-init's
+# network configuration capabilities, write a file
+# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
+# network: {config: disabled}
+network:
+    ethernets:
+        eth0:
+            dhcp4: true
+            dhcp6: false
+            match:
+                macaddress: 00:15:5d:ce:28:e1
+            set-name: eth0
+        eth1:
+            dhcp4: false
+            dhcp6: false
+            match:
+                macaddress: ###ETH1_MAC###
+            set-name: eth1
+
+    bridges:
+        br0:
+          dhcp4: false
+          dhcp6: false
+          interfaces: [eth1]
+    version: 2
--- a/12
+++ b/12
@ -11,6 +11,9 @@ remove-debian-sources:
 install-il-debian-sources:
 	cp -vf il-sources.list /etc/apt/sources.list.d/il-sources.list

+install-iptables-tools:
+	apt install iptables iptstate conntrack iptables-persistent netfilter-persistent -y
+
 install: install-gns3

 install-docker:
@ -104,3 +107,12 @@ get-busy-box-static:

 disable-firewalld:
 	systemctl disable --now firewalld
+
+
+fix-cloudinit-netplan-permissions:
+	chmod 600 /etc/netplan/50-cloud-init.yaml
+
+install-default-iptables-persistent-rules:
+	cp -vf rules.v4 /etc/iptables/rules.v4
+	cp -vf rules.v6 /etc/iptables/rules.v6
+
--- a/get-ethernet-mac-address.sh
+++ b/get-ethernet-mac-address.sh
@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+INTERFACE="$1"
+
+ip -o l show ${INTERCACE} | sed -e "s@.*link\/ether @@g" -e "s@\ brd\ .*@@g"
+
--- a/rules.v4
+++ b/rules.v4
@ -0,0 +1,35 @@
+# Generated by iptables-save v1.8.9 (nf_tables) on Wed Mar 20 16:29:04 2024
+*mangle
+:PREROUTING ACCEPT [5906:480354]
+:INPUT ACCEPT [5847:469379]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [4269:489003]
+:POSTROUTING ACCEPT [4272:489210]
+COMMIT
+# Completed on Wed Mar 20 16:29:04 2024
+# Generated by iptables-save v1.8.9 (nf_tables) on Wed Mar 20 16:29:04 2024
+*raw
+:PREROUTING ACCEPT [5906:480354]
+:OUTPUT ACCEPT [4269:489003]
+COMMIT
+# Completed on Wed Mar 20 16:29:04 2024
+# Generated by iptables-save v1.8.9 (nf_tables) on Wed Mar 20 16:29:04 2024
+*filter
+:INPUT ACCEPT [4526:358155]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [4269:489003]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i br0 -j ACCEPT
+-A FORWARD -o br0 -j ACCEPT
+COMMIT
+# Completed on Wed Mar 20 16:29:04 2024
+# Generated by iptables-save v1.8.9 (nf_tables) on Wed Mar 20 16:29:04 2024
+*nat
+:PREROUTING ACCEPT [17:3221]
+:INPUT ACCEPT [4:772]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+COMMIT
+# Completed on Wed Mar 20 16:29:04 2024
--- a/rules.v6
+++ b/rules.v6
@ -0,0 +1,12 @@
+# Generated by ip6tables-save v1.8.9 (nf_tables) on Wed Mar 20 16:29:00 2024
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i br0 -j ACCEPT
+-A FORWARD -o br0 -j ACCEPT
+COMMIT
+# Completed on Wed Mar 20 16:29:00 2024