Change of prefix

H10/config

@@ -15,14 +15,3 @@ lxc.arch = amd64
 lxc.pty.max = 1024
 lxc.rootfs.path = btrfs:/var/lib/lxc/H10/rootfs
 lxc.uts.name = H10
-lxc.net.0.type = veth
-lxc.net.0.flags = up
-lxc.net.0.name = vlan1082
-lxc.net.0.veth.pair = h10.1082
-lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
-lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
-lxc.net.0.hwaddr = 02:00:0a:08:02:0a
-lxc.net.0.ipv4.address = 10.8.2.10/24
-lxc.net.0.ipv4.gateway = 10.8.2.1
-lxc.net.0.ipv6.address = 2001:db8:2501:82::10/64
-lxc.net.0.ipv6.gateway = 2001:db8:2501:82::1

H12/config

@@ -15,14 +15,3 @@ lxc.arch = amd64
 lxc.pty.max = 1024
 lxc.rootfs.path = btrfs:/var/lib/lxc/H12/rootfs
 lxc.uts.name = H12
-lxc.net.0.type = veth
-lxc.net.0.flags = up
-lxc.net.0.name = vlan1050
-lxc.net.0.veth.pair = h12.1050
-lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
-lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
-lxc.net.0.hwaddr = 02:00:0a:32:01:0c
-lxc.net.0.ipv4.address = 10.50.1.12/24
-lxc.net.0.ipv4.gateway = 10.50.1.1
-lxc.net.0.ipv6.address = 2001:db8:2501:501::12/64
-lxc.net.0.ipv6.gateway = 2001:db8:2501:501::1

H13/config

@@ -15,10 +15,4 @@ lxc.arch = amd64
 lxc.pty.max = 1024
 lxc.rootfs.path = btrfs:/var/lib/lxc/H13/rootfs
 lxc.uts.name = H13
-lxc.net.0.type = veth
-lxc.net.0.flags = up
-lxc.net.0.name = vlan1050
-lxc.net.0.veth.pair = h13.1050
-lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
-lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
 

H19/config

@@ -0,0 +1,25 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/H19/rootfs
+lxc.uts.name = H19
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = vlan48
+lxc.net.0.veth.pair = h19.48
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+lxc.net.0.hwaddr = 02:00:0a:28:34:13

H19/rootfs/etc/bird/bird.conf

@@ -0,0 +1 @@
+

H19/rootfs/etc/bird/bird6.conf

@@ -0,0 +1 @@
+

H19/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

H19/rootfs/etc/network/interfaces

@@ -0,0 +1,14 @@
+auto lo
+iface lo inet loopback
+
+auto vlan48
+iface vlan48 inet manual
+	up ip link set up dev vlan48
+	up ip addr add 10.40.52.19/21 brd + dev vlan48
+	up ip addr add 2001:db8:10:30::413/117 dev vlan48
+	up ip route add default via 10.40.48.1 dev vlan48
+	up ip route add default via 2001:db8:10:30::1 dev vlan48
+	down ip route -6 del default
+	down ip addr del 2001:db8:10:30::413/117 dev vlan48
+	down ip addr del 10.40.52.19/21 dev vlan48
+	down up link set down dev vlan48

H19/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

H34/config

@@ -0,0 +1,25 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/H34/rootfs
+lxc.uts.name = H34
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = vlan36
+lxc.net.0.veth.pair = h34.36
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+lxc.net.0.hwaddr = 02:00:0a:28:24:22

H34/rootfs/etc/bird/bird.conf

@@ -0,0 +1 @@
+

H34/rootfs/etc/bird/bird6.conf

@@ -0,0 +1 @@
+

H34/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

H34/rootfs/etc/network/interfaces

@@ -0,0 +1,14 @@
+auto lo
+iface lo inet loopback
+
+auto vlan36
+iface vlan36 inet manual
+	up ip link set up dev vlan36
+	up ip addr add 10.40.36.34/24 brd + dev vlan36
+	up ip addr add 2001:db8:10:24::22/120 dev vlan36
+	up ip route add default via 10.40.36.1 dev vlan36
+	up ip route add default via 2001:db8:10:24::1 dev vlan36
+	down ip route -6 del default
+	down ip addr del 2001:db8:10:24::22/120 dev vlan36
+	down ip addr del 10.40.36.34/24 dev vlan36
+	down up link set down dev vlan36

H34/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

H5/config

@@ -15,14 +15,3 @@ lxc.arch = amd64
 lxc.pty.max = 1024
 lxc.rootfs.path = btrfs:/var/lib/lxc/H5/rootfs
 lxc.uts.name = H5
-lxc.net.0.type = veth
-lxc.net.0.flags = up
-lxc.net.0.name = vlan1034
-lxc.net.0.veth.pair = h5.1034
-lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
-lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
-lxc.net.0.hwaddr = 02:00:0a:2b:02:05
-lxc.net.0.ipv4.address = 10.34.2.5/24
-lxc.net.0.ipv4.gateway = 10.34.2.1
-lxc.net.0.ipv6.address = 2001:db8:2501:342::5/64
-lxc.net.0.ipv6.gateway = 2001:db8:2501:342::1

H6/config

@@ -0,0 +1,25 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/H6/rootfs
+lxc.uts.name = H6
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = vlan2
+lxc.net.0.veth.pair = h6.2
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+lxc.net.0.hwaddr = 02:00:0a:28:02:06

H6/rootfs/etc/bird/bird.conf

@@ -0,0 +1 @@
+

H6/rootfs/etc/bird/bird6.conf

@@ -0,0 +1 @@
+

H6/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

H6/rootfs/etc/network/interfaces

@@ -0,0 +1,14 @@
+auto lo
+iface lo inet loopback
+
+auto vlan2
+iface vlan2 inet manual
+	up ip link set up dev vlan2
+	up ip addr add 10.40.2.6/24 brd + dev vlan2
+	up ip addr add 2001:db8:40:2::6/120 dev vlan2
+	up ip route add default via 10.40.2.1 dev vlan2
+	up ip route add default via 2001:db8:40:2::1 dev vlan2
+	down ip route -6 del default
+	down ip addr del 2001:db8:40:2::6/120 dev vlan2
+	down ip addr del 10.40.2.6/24 dev vlan2
+	down up link set down dev vlan2

H6/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

H7/config

@@ -0,0 +1,25 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/H7/rootfs
+lxc.uts.name = H7
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = vlan3
+lxc.net.0.veth.pair = h7.3
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+lxc.net.0.hwaddr = 02:00:0a:28:03:07

H7/rootfs/etc/bird/bird.conf

@@ -0,0 +1 @@
+

H7/rootfs/etc/bird/bird6.conf

@@ -0,0 +1 @@
+

H7/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

H7/rootfs/etc/network/interfaces

@@ -0,0 +1,14 @@
+auto lo
+iface lo inet loopback
+
+auto vlan3
+iface vlan3 inet manual
+	up ip link set up dev vlan3
+	up ip addr add 10.40.3.7/24 brd + dev vlan3
+	up ip addr add 2001:db8:40:3::7/120 dev vlan3
+	up ip route add default via 10.40.3.1 dev vlan3
+	up ip route add default via 2001:db8:40:3::1 dev vlan3
+	down ip route -6 del default
+	down ip addr del 2001:db8:40:3::7/120 dev vlan3
+	down ip addr del 10.40.3.7/24 dev vlan3
+	down up link set down dev vlan3

H7/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

H8/config

@@ -15,14 +15,3 @@ lxc.arch = amd64
 lxc.pty.max = 1024
 lxc.rootfs.path = btrfs:/var/lib/lxc/H8/rootfs
 lxc.uts.name = H8
-lxc.net.0.type = veth
-lxc.net.0.flags = up
-lxc.net.0.name = vlan1356
-lxc.net.0.veth.pair = h8.1356
-lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
-lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
-lxc.net.0.hwaddr = 02:00:0a:03:38:08
-lxc.net.0.ipv4.address = 10.3.56.8/24
-lxc.net.0.ipv4.gateway = 10.3.56.1
-lxc.net.0.ipv6.address = 2001:db8:2501:56::8/64
-lxc.net.0.ipv6.gateway = 2001:db8:2501:56::1

PWHA1/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHA1/rootfs
+lxc.uts.name = PWHA1

PWHA1/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHA1/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHA2/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHA2/rootfs
+lxc.uts.name = PWHA2

PWHA2/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHA2/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAA/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAA/rootfs
+lxc.uts.name = PWHAA

PWHAA/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAA/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAB/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAB/rootfs
+lxc.uts.name = PWHAB

PWHAB/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAB/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAC/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAC/rootfs
+lxc.uts.name = PWHAC

PWHAC/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAC/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAD/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAD/rootfs
+lxc.uts.name = PWHAD

PWHAD/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAD/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAE/config

@@ -0,0 +1,26 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAE/rootfs
+lxc.uts.name = PWHAE
+
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = vlan2215
+lxc.net.0.veth.pair = pwhae.2215
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+

PWHAE/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAE/rootfs/etc/network/interfaces

@@ -0,0 +1,7 @@
+auto lo
+iface lo inet loopback
+
+auto vlan2215
+#iface vlan2215 inet dhcp
+iface vlan2215 inet6 auto
+

PWHAE/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHAF/config

@@ -0,0 +1,24 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAF/rootfs
+lxc.uts.name = PWHAF
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = vlan2217
+lxc.net.0.veth.pair = pwhaf.2217
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch

PWHAF/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHAF/rootfs/etc/network/interfaces

@@ -0,0 +1,7 @@
+auto lo
+iface lo inet loopback
+	up ip addr add 2001:db8:2b::40 dev lo
+
+auto vlan2217
+iface vlan2217 inet dhcp
+iface vlan2217 inet6 auto

PWHAF/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHE00/config

@@ -0,0 +1,27 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE00/rootfs
+lxc.uts.name = PWHE00
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = vlan2001
+lxc.net.0.veth.pair = pwhe00.2001
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+lxc.net.0.hwaddr = 02:00:0a:25:e0:00
+
+

PWHE00/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHE00/rootfs/etc/network/interfaces

@@ -0,0 +1,8 @@
+auto lo
+iface lo inet loopback
+
+auto vlan2001
+iface vlan2001 inet dhcp
+
+iface vlan2001 inet6 auto
+#	accept_ra 1

PWHE00/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHE01/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE01/rootfs
+lxc.uts.name = PWHE01

PWHE01/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHE01/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHE1/config

@@ -0,0 +1,26 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE1/rootfs
+lxc.uts.name = PWHE1
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.name = vlan2002
+lxc.net.0.veth.pair = pwhe1.2002
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+lxc.net.0.hwaddr = 02:00:0a:25:e1:32
+

PWHE1/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+

PWHE1/rootfs/etc/network/interfaces

@@ -0,0 +1,9 @@
+auto lo
+iface lo inet loopback
+
+auto vlan2002
+iface vlan2001 inet dhcp
+
+iface vlan2002 inet6 auto
+#	accept_ra 1
+

PWHE1/rootfs/etc/sysctl.conf

@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0

PWHE2/config

@@ -0,0 +1,17 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+# Container specific configuration
+lxc.tty.max = 4
+lxc.arch = amd64
+lxc.pty.max = 1024
+lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE2/rootfs
+lxc.uts.name = PWHE2

PWHE2/rootfs/etc/hosts

@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+