forked from zentralwerk/network
upstream1: prepare dhcp6
This commit is contained in:
parent
7031aa150b
commit
5f265ea641
|
@ -41,6 +41,8 @@ base:
|
|||
'upstream2':
|
||||
- upstream.port-forwarding
|
||||
- upstream.ipv6-tunnel
|
||||
'upstream1':
|
||||
- upstream.dhcp6
|
||||
'anon*':
|
||||
- no-ssh
|
||||
- forwarding
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
{%- set interface = pillar['upstream']['interface'] %}
|
||||
|
||||
/etc/wide-dhcpv6/dhcp6c.conf:
|
||||
file.managed:
|
||||
- source: salt://upstream/dhcp6c.conf
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
interface: {{ interface }}
|
||||
- mode: 744
|
||||
|
||||
wide-dhcpv6-client:
|
||||
pkg.installed: []
|
||||
service:
|
||||
- running
|
||||
- enable: True
|
||||
- restart: True
|
||||
- watch:
|
||||
- file: /etc/wide-dhcpv6/dhcp6c.conf
|
||||
- pkg: wide-dhcpv6-client
|
|
@ -0,0 +1,21 @@
|
|||
interface {{ interface }} {
|
||||
send rapid-commit;
|
||||
send ia-pd 0;
|
||||
send ia-na 0;
|
||||
request sip-server-domain-name;
|
||||
request sip-server-address;
|
||||
};
|
||||
|
||||
id-assoc pd 0 {
|
||||
prefix ::/56 infinity;
|
||||
prefix-interface core {
|
||||
# 0x81 in decimal
|
||||
sla-id 129;
|
||||
# 64 - 56
|
||||
sla-len 8;
|
||||
# …::0/64
|
||||
ifid 0;
|
||||
};
|
||||
};
|
||||
id-assoc na 0 {
|
||||
};
|
|
@ -11,6 +11,8 @@ if [ "$IFACE" = "{{ interface }}" ]; then
|
|||
ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
|
||||
ip6tables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
|
||||
# DHCPv6
|
||||
ip6tables -A INPUT -i "$IFACE" -p udp --sport 547 --dport 546 -j ACCEPT
|
||||
iptables -A INPUT -i "$IFACE" -j DROP
|
||||
ip6tables -A INPUT -i "$IFACE" -j DROP
|
||||
iptables -P INPUT ACCEPT
|
||||
|
|
Loading…
Reference in New Issue