ynerant/babel-tester
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disable IPv6 forwarding on node 2

Browse Source 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
Yohann D'ANELLO 2021-06-15 11:52:48 +02:00
parent 8f8bd941af
commit b90a98cedc
Signed by: ynerant
GPG Key ID: 3A75C55819C8CF85
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
firewall/restrict-http.conf
View File

@ -8,8 +8,9 @@ table inet filter {
} }
chain forward { chain forward {
type filter hook forward priority 0; policy accept type filter hook forward priority 0; policy accept
ip6 saddr fd00:42::/32 dport { 80 } reject; ip daddr 172.17.0.0/30 tcp dport { 80 } accept;
ip6 daddr fd00:42::/32 dport { 80 } reject; tcp dport { 0-65535 } reject;
udp dport { 0-65535 } reject;
accept accept
} }
chain output { chain output {

9
start.sh
View File

@ -112,8 +112,11 @@ tmux send-keys -t ns1 "ip route add 172.17.2.0/24 via 172.17.1.2 dev vde1 proto
ip route add 172.17.1.0/24 via 172.17.0.2 ip route add 172.17.1.0/24 via 172.17.0.2
ip route add 172.17.2.0/24 via 172.17.0.2 ip route add 172.17.2.0/24 via 172.17.0.2
# Restrict HTTP transport on node 2 # Restrict HTTP transport on nodes 2 and 3
tmux send-keys -t ns2 "nft -f $dir/firewall/restrict-http.conf" Enter tmux send-keys -t ns2 "nft -f $dir/firewall/restrict-http.conf" Enter
tmux send-keys -t ns3 "nft -f $dir/firewall/restrict-http.conf" Enter
# Disable ip forwarding on node 2, woops
tmux send-keys -t ns2 "sleep 10 && sysctl -w net.ipv6.conf.all.forwarding=0" Enter
for i in 1 2 3 4; do for i in 1 2 3 4; do
mkdir -p $dir/certs/node$i $dir/states/node$i mkdir -p $dir/certs/node$i $dir/states/node$i
@ -125,8 +128,8 @@ for i in 1 2 3 4; do
sleep 15 sleep 15
fi fi
tmux split-window -h -t ns$i nsenter -t `cat $dir/run/node$i.pid` --net tmux split-window -h -t ns$i nsenter -t `cat $dir/run/node$i.pid` --net
subnet=1 subnet=2
if [[ $i == 4 ]]; then subnet=2; fi if [[ $i == 1 ]]; then subnet=1; fi
tmux send-keys -t ns$i "re6stnet --registry http://172.17.0.1 --ip 172.17.$subnet.$i --ca $dir/certs/node$i/ca.crt --cert $dir/certs/node$i/cert.crt --key $dir/certs/node$i/cert.key --state $dir/states/node$i --log $dir/log/node$i --run $dir/run/re6stnet-node$i.pid" Enter tmux send-keys -t ns$i "re6stnet --registry http://172.17.0.1 --ip 172.17.$subnet.$i --ca $dir/certs/node$i/ca.crt --cert $dir/certs/node$i/cert.crt --key $dir/certs/node$i/cert.key --state $dir/states/node$i --log $dir/log/node$i --run $dir/run/re6stnet-node$i.pid" Enter
tmux select-pane -t ns$i -L tmux select-pane -t ns$i -L
done done