Top half of homework net done

PWHA1/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHA1/rootfs
+lxc.uts.name = PWHA1

PWHA1/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHA1/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHA2/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHA2/rootfs
+lxc.uts.name = PWHA2

PWHA2/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHA2/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAA/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAA/rootfs
+lxc.uts.name = PWHAA

PWHAA/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAA/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAB/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAB/rootfs
+lxc.uts.name = PWHAB

PWHAB/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAB/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAC/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAC/rootfs
+lxc.uts.name = PWHAC

PWHAC/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAC/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAD/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAD/rootfs
+lxc.uts.name = PWHAD

PWHAD/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAD/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAE/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAE/rootfs
+lxc.uts.name = PWHAE

PWHAE/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAE/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAF/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAF/rootfs
+lxc.uts.name = PWHAF

PWHAF/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAF/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHE00/config

@@ -0,0 +1,27 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE00/rootfs
+lxc.uts.name = PWHE00
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = vlan2001
+lxc.net.0.veth.pair = pwhe00.2001
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+lxc.net.0.hwaddr = 02:00:0a:25:e0:00
+
+

PWHE00/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHE00/rootfs/etc/network/interfaces

@@ -0,0 +1,8 @@
+auto lo
+iface lo inet loopback
+
+auto vlan2001
+iface vlan2001 inet dhcp
+
+iface vlan2001 inet6 auto
+#	accept_ra 1

PWHE00/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHE01/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE01/rootfs
+lxc.uts.name = PWHE01

PWHE01/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHE01/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHE1/config

@@ -0,0 +1,26 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE1/rootfs
+lxc.uts.name = PWHE1
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = vlan2002
+lxc.net.0.veth.pair = pwhe1.2002
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+lxc.net.0.hwaddr = 02:00:0a:25:e1:32
+

PWHE1/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHE1/rootfs/etc/network/interfaces

@@ -0,0 +1,9 @@
+auto lo
+iface lo inet loopback
+
+auto vlan2002
+iface vlan2001 inet dhcp
+
+iface vlan2002 inet6 auto
+#	accept_ra 1
+

PWHE1/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHE2/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE2/rootfs
+lxc.uts.name = PWHE2

PWHE2/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHE2/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHE3/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE3/rootfs
+lxc.uts.name = PWHE3

PWHE3/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHE3/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHE4/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE4/rootfs
+lxc.uts.name = PWHE4