Compare commits
7 Commits
Author | SHA1 | Date |
---|---|---|
pwarren | d1cc47a9dc | |
pwarren | 064483ea4f | |
root | 49d02ab309 | |
root | 1ccb20421d | |
root | 32d0faadfe | |
root | 664bdd7950 | |
root | b7603e7521 |
11
H10/config
11
H10/config
|
@ -15,14 +15,3 @@ lxc.arch = amd64
|
|||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H10/rootfs
|
||||
lxc.uts.name = H10
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1082
|
||||
lxc.net.0.veth.pair = h10.1082
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:08:02:0a
|
||||
lxc.net.0.ipv4.address = 10.8.2.10/24
|
||||
lxc.net.0.ipv4.gateway = 10.8.2.1
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:82::10/64
|
||||
lxc.net.0.ipv6.gateway = 2001:db8:2501:82::1
|
||||
|
|
11
H12/config
11
H12/config
|
@ -15,14 +15,3 @@ lxc.arch = amd64
|
|||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H12/rootfs
|
||||
lxc.uts.name = H12
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1050
|
||||
lxc.net.0.veth.pair = h12.1050
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:32:01:0c
|
||||
lxc.net.0.ipv4.address = 10.50.1.12/24
|
||||
lxc.net.0.ipv4.gateway = 10.50.1.1
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:501::12/64
|
||||
lxc.net.0.ipv6.gateway = 2001:db8:2501:501::1
|
||||
|
|
|
@ -15,10 +15,4 @@ lxc.arch = amd64
|
|||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H13/rootfs
|
||||
lxc.uts.name = H13
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1050
|
||||
lxc.net.0.veth.pair = h13.1050
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H19/rootfs
|
||||
lxc.uts.name = H19
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan48
|
||||
lxc.net.0.veth.pair = h19.48
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:28:34:13
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto vlan48
|
||||
iface vlan48 inet manual
|
||||
up ip link set up dev vlan48
|
||||
up ip addr add 10.40.52.19/21 brd + dev vlan48
|
||||
up ip addr add 2001:db8:10:30::413/117 dev vlan48
|
||||
up ip route add default via 10.40.48.1 dev vlan48
|
||||
up ip route add default via 2001:db8:10:30::1 dev vlan48
|
||||
down ip route -6 del default
|
||||
down ip addr del 2001:db8:10:30::413/117 dev vlan48
|
||||
down ip addr del 10.40.52.19/21 dev vlan48
|
||||
down up link set down dev vlan48
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,25 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H34/rootfs
|
||||
lxc.uts.name = H34
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan36
|
||||
lxc.net.0.veth.pair = h34.36
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:28:24:22
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto vlan36
|
||||
iface vlan36 inet manual
|
||||
up ip link set up dev vlan36
|
||||
up ip addr add 10.40.36.34/24 brd + dev vlan36
|
||||
up ip addr add 2001:db8:10:24::22/120 dev vlan36
|
||||
up ip route add default via 10.40.36.1 dev vlan36
|
||||
up ip route add default via 2001:db8:10:24::1 dev vlan36
|
||||
down ip route -6 del default
|
||||
down ip addr del 2001:db8:10:24::22/120 dev vlan36
|
||||
down ip addr del 10.40.36.34/24 dev vlan36
|
||||
down up link set down dev vlan36
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
11
H5/config
11
H5/config
|
@ -15,14 +15,3 @@ lxc.arch = amd64
|
|||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H5/rootfs
|
||||
lxc.uts.name = H5
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1034
|
||||
lxc.net.0.veth.pair = h5.1034
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:2b:02:05
|
||||
lxc.net.0.ipv4.address = 10.34.2.5/24
|
||||
lxc.net.0.ipv4.gateway = 10.34.2.1
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:342::5/64
|
||||
lxc.net.0.ipv6.gateway = 2001:db8:2501:342::1
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H6/rootfs
|
||||
lxc.uts.name = H6
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan2
|
||||
lxc.net.0.veth.pair = h6.2
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:28:02:06
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto vlan2
|
||||
iface vlan2 inet manual
|
||||
up ip link set up dev vlan2
|
||||
up ip addr add 10.40.2.6/24 brd + dev vlan2
|
||||
up ip addr add 2001:db8:40:2::6/120 dev vlan2
|
||||
up ip route add default via 10.40.2.1 dev vlan2
|
||||
up ip route add default via 2001:db8:40:2::1 dev vlan2
|
||||
down ip route -6 del default
|
||||
down ip addr del 2001:db8:40:2::6/120 dev vlan2
|
||||
down ip addr del 10.40.2.6/24 dev vlan2
|
||||
down up link set down dev vlan2
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,25 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H7/rootfs
|
||||
lxc.uts.name = H7
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan3
|
||||
lxc.net.0.veth.pair = h7.3
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:28:03:07
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto vlan3
|
||||
iface vlan3 inet manual
|
||||
up ip link set up dev vlan3
|
||||
up ip addr add 10.40.3.7/24 brd + dev vlan3
|
||||
up ip addr add 2001:db8:40:3::7/120 dev vlan3
|
||||
up ip route add default via 10.40.3.1 dev vlan3
|
||||
up ip route add default via 2001:db8:40:3::1 dev vlan3
|
||||
down ip route -6 del default
|
||||
down ip addr del 2001:db8:40:3::7/120 dev vlan3
|
||||
down ip addr del 10.40.3.7/24 dev vlan3
|
||||
down up link set down dev vlan3
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
11
H8/config
11
H8/config
|
@ -15,14 +15,3 @@ lxc.arch = amd64
|
|||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/H8/rootfs
|
||||
lxc.uts.name = H8
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan1356
|
||||
lxc.net.0.veth.pair = h8.1356
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:03:38:08
|
||||
lxc.net.0.ipv4.address = 10.3.56.8/24
|
||||
lxc.net.0.ipv4.gateway = 10.3.56.1
|
||||
lxc.net.0.ipv6.address = 2001:db8:2501:56::8/64
|
||||
lxc.net.0.ipv6.gateway = 2001:db8:2501:56::1
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHA1/rootfs
|
||||
lxc.uts.name = PWHA1
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,17 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHA2/rootfs
|
||||
lxc.uts.name = PWHA2
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,17 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAA/rootfs
|
||||
lxc.uts.name = PWHAA
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,17 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAB/rootfs
|
||||
lxc.uts.name = PWHAB
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,17 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAC/rootfs
|
||||
lxc.uts.name = PWHAC
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,17 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAD/rootfs
|
||||
lxc.uts.name = PWHAD
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,26 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAE/rootfs
|
||||
lxc.uts.name = PWHAE
|
||||
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan2215
|
||||
lxc.net.0.veth.pair = pwhae.2215
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto vlan2215
|
||||
#iface vlan2215 inet dhcp
|
||||
iface vlan2215 inet6 auto
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,24 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHAF/rootfs
|
||||
lxc.uts.name = PWHAF
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan2217
|
||||
lxc.net.0.veth.pair = pwhaf.2217
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
up ip addr add 2001:db8:2b::40 dev lo
|
||||
|
||||
auto vlan2217
|
||||
iface vlan2217 inet dhcp
|
||||
iface vlan2217 inet6 auto
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,27 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE00/rootfs
|
||||
lxc.uts.name = PWHE00
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan2001
|
||||
lxc.net.0.veth.pair = pwhe00.2001
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:25:e0:00
|
||||
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto vlan2001
|
||||
iface vlan2001 inet dhcp
|
||||
|
||||
iface vlan2001 inet6 auto
|
||||
# accept_ra 1
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,17 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE01/rootfs
|
||||
lxc.uts.name = PWHE01
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,26 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE1/rootfs
|
||||
lxc.uts.name = PWHE1
|
||||
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.flags = up
|
||||
lxc.net.0.name = vlan2002
|
||||
lxc.net.0.veth.pair = pwhe1.2002
|
||||
lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
|
||||
lxc.net.0.hwaddr = 02:00:0a:25:e1:32
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto vlan2002
|
||||
iface vlan2001 inet dhcp
|
||||
|
||||
iface vlan2002 inet6 auto
|
||||
# accept_ra 1
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# /etc/sysctl.conf - Configuration file for setting system variables
|
||||
# See /etc/sysctl.d/ for additional system variables.
|
||||
# See sysctl.conf (5) for information.
|
||||
#
|
||||
|
||||
#kernel.domainname = example.com
|
||||
|
||||
# Uncomment the following to stop low-level messages on console
|
||||
#kernel.printk = 3 4 1 3
|
||||
|
||||
##############################################################3
|
||||
# Functions previously found in netbase
|
||||
#
|
||||
|
||||
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
||||
# Turn on Source Address Verification in all interfaces to
|
||||
# prevent some spoofing attacks
|
||||
#net.ipv4.conf.default.rp_filter=1
|
||||
#net.ipv4.conf.all.rp_filter=1
|
||||
|
||||
# Uncomment the next line to enable TCP/IP SYN cookies
|
||||
# See http://lwn.net/Articles/277146/
|
||||
# Note: This may impact IPv6 TCP sessions too
|
||||
#net.ipv4.tcp_syncookies=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv4
|
||||
net.ipv4.ip_forward=1
|
||||
|
||||
# Uncomment the next line to enable packet forwarding for IPv6
|
||||
# Enabling this option disables Stateless Address Autoconfiguration
|
||||
# based on Router Advertisements for this host
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
|
||||
net.ipv4.icmp_ratelimit = 0
|
||||
net.ipv6.icmp.ratelimit = 0
|
||||
|
||||
###################################################################
|
||||
# Additional settings - these settings can improve the network
|
||||
# security of the host and prevent against some network attacks
|
||||
# including spoofing attacks and man in the middle attacks through
|
||||
# redirection. Some network environments, however, require that these
|
||||
# settings are disabled so review and enable them as needed.
|
||||
#
|
||||
# Do not accept ICMP redirects (prevent MITM attacks)
|
||||
#net.ipv4.conf.all.accept_redirects = 0
|
||||
#net.ipv6.conf.all.accept_redirects = 0
|
||||
# _or_
|
||||
# Accept ICMP redirects only for gateways listed in our default
|
||||
# gateway list (enabled by default)
|
||||
# net.ipv4.conf.all.secure_redirects = 1
|
||||
#
|
||||
# Do not send ICMP redirects (we are not a router)
|
||||
#net.ipv4.conf.all.send_redirects = 0
|
||||
#
|
||||
# Do not accept IP source route packets (we are not a router)
|
||||
#net.ipv4.conf.all.accept_source_route = 0
|
||||
#net.ipv6.conf.all.accept_source_route = 0
|
||||
#
|
||||
# Log Martian Packets
|
||||
#net.ipv4.conf.all.log_martians = 1
|
||||
#
|
||||
|
||||
###################################################################
|
||||
# Magic system request Key
|
||||
# 0=disable, 1=enable all
|
||||
# Debian kernels have this set to 0 (disable the key)
|
||||
# See https://www.kernel.org/doc/Documentation/sysrq.txt
|
||||
# for what other values do
|
||||
#kernel.sysrq=1
|
||||
|
||||
###################################################################
|
||||
# Protected links
|
||||
#
|
||||
# Protects against creating or following links under certain conditions
|
||||
# Debian kernels have both set to 1 (restricted)
|
||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||
#fs.protected_hardlinks=0
|
||||
#fs.protected_symlinks=0
|
|
@ -0,0 +1,17 @@
|
|||
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
|
||||
# Parameters passed to the template: -r stretch
|
||||
# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
|
||||
# For additional config options, please look at lxc.container.conf(5)
|
||||
# Uncomment the following line to support nesting containers:
|
||||
#lxc.include = /usr/share/lxc/config/nesting.conf
|
||||
# (Be aware this has security implications)
|
||||
lxc.apparmor.profile = generated
|
||||
lxc.apparmor.allow_nesting = 1
|
||||
# Common configuration
|
||||
lxc.include = /usr/share/lxc/config/debian.common.conf
|
||||
# Container specific configuration
|
||||
lxc.tty.max = 4
|
||||
lxc.arch = amd64
|
||||
lxc.pty.max = 1024
|
||||
lxc.rootfs.path = btrfs:/var/lib/lxc/PWHE2/rootfs
|
||||
lxc.uts.name = PWHE2
|
|
@ -0,0 +1,5 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue