Disable IPv6 forwarding on node 2

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
master
Yohann D'ANELLO 3 years ago
parent 8f8bd941af
commit b90a98cedc
Signed by: ynerant
GPG Key ID: 3A75C55819C8CF85

@ -8,8 +8,9 @@ table inet filter {
}
chain forward {
type filter hook forward priority 0; policy accept
ip6 saddr fd00:42::/32 dport { 80 } reject;
ip6 daddr fd00:42::/32 dport { 80 } reject;
ip daddr 172.17.0.0/30 tcp dport { 80 } accept;
tcp dport { 0-65535 } reject;
udp dport { 0-65535 } reject;
accept
}
chain output {

@ -112,8 +112,11 @@ tmux send-keys -t ns1 "ip route add 172.17.2.0/24 via 172.17.1.2 dev vde1 proto
ip route add 172.17.1.0/24 via 172.17.0.2
ip route add 172.17.2.0/24 via 172.17.0.2
# Restrict HTTP transport on node 2
# Restrict HTTP transport on nodes 2 and 3
tmux send-keys -t ns2 "nft -f $dir/firewall/restrict-http.conf" Enter
tmux send-keys -t ns3 "nft -f $dir/firewall/restrict-http.conf" Enter
# Disable ip forwarding on node 2, woops
tmux send-keys -t ns2 "sleep 10 && sysctl -w net.ipv6.conf.all.forwarding=0" Enter
for i in 1 2 3 4; do
mkdir -p $dir/certs/node$i $dir/states/node$i
@ -125,8 +128,8 @@ for i in 1 2 3 4; do
sleep 15
fi
tmux split-window -h -t ns$i nsenter -t `cat $dir/run/node$i.pid` --net
subnet=1
if [[ $i == 4 ]]; then subnet=2; fi
subnet=2
if [[ $i == 1 ]]; then subnet=1; fi
tmux send-keys -t ns$i "re6stnet --registry http://172.17.0.1 --ip 172.17.$subnet.$i --ca $dir/certs/node$i/ca.crt --cert $dir/certs/node$i/cert.crt --key $dir/certs/node$i/cert.key --state $dir/states/node$i --log $dir/log/node$i --run $dir/run/re6stnet-node$i.pid" Enter
tmux select-pane -t ns$i -L
done

Loading…
Cancel
Save