From e969a9b105f82026fb354afd9ba430440c1c230e Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Tue, 7 Feb 2017 01:22:19 +0100
Subject: [PATCH] ipv6ify mgmt

---
 salt-pillar/hosts/init.sls   | 41 ++++++++++++++++++++++++++++++++++++
 salt-pillar/subnets/init.sls |  1 +
 salt/firewall/mgmt-gw.sh     |  6 ++++++
 salt/firewall/mgmt-gw.sls    |  3 +++
 4 files changed, 51 insertions(+)

diff --git a/salt-pillar/hosts/init.sls b/salt-pillar/hosts/init.sls
index 5b8ba95..8389fc7 100644
--- a/salt-pillar/hosts/init.sls
+++ b/salt-pillar/hosts/init.sls
@@ -147,6 +147,47 @@ hosts-inet:
     bgp: 172.22.99.250
 
 hosts-inet6:
+  mgmt:
+    server1: fd23:42:c3d2:580::1
+    server2: fd23:42:c3d2:580::2
+    switch-b1: fd23:42:c3d2:580::10
+    switch-b2: fd23:42:c3d2:580::11
+    switch-c1: fd23:42:c3d2:580::12
+    switch-d1: fd23:42:c3d2:580::13
+    ap1: fd23:42:c3d2:580::4:1
+    ap2: fd23:42:c3d2:580::4:2
+    ap3: fd23:42:c3d2:580::4:3
+    ap4: fd23:42:c3d2:580::4:4
+    ap5: fd23:42:c3d2:580::4:5
+    ap6: fd23:42:c3d2:580::4:6
+    ap7: fd23:42:c3d2:580::4:7
+    ap8: fd23:42:c3d2:580::4:8
+    ap9: fd23:42:c3d2:580::4:9
+    ap10: fd23:42:c3d2:580::4:a
+    ap11: fd23:42:c3d2:580::4:b
+    ap12: fd23:42:c3d2:580::4:c
+    ap13: fd23:42:c3d2:580::4:d
+    ap14: fd23:42:c3d2:580::4:e
+    ap15: fd23:42:c3d2:580::4:f
+    ap16: fd23:42:c3d2:580::4:10
+    ap17: fd23:42:c3d2:580::4:11
+    ap18: fd23:42:c3d2:580::4:12
+    ap19: fd23:42:c3d2:580::4:13
+    ap20: fd23:42:c3d2:580::4:14
+    ap21: fd23:42:c3d2:580::4:15
+    ap22: fd23:42:c3d2:580::4:16
+    ap23: fd23:42:c3d2:580::4:17
+    ap24: fd23:42:c3d2:580::4:18
+    ap25: fd23:42:c3d2:580::4:19
+    ap26: fd23:42:c3d2:580::4:1a
+    ap27: fd23:42:c3d2:580::4:1b
+    ap28: fd23:42:c3d2:580::4:1c
+    ap29: fd23:42:c3d2:580::4:1d
+    ap30: fd23:42:c3d2:580::4:1e
+    ap31: fd23:42:c3d2:580::4:1f
+    ap32: fd23:42:c3d2:580::4:20
+    mgmt-gw: fd23:42:c3d2:580:ffff:ffff:ffff:ffff
+
   core:
     server1: fd23:42:c3d2:581::1
     server2: fd23:42:c3d2:581::102
diff --git a/salt-pillar/subnets/init.sls b/salt-pillar/subnets/init.sls
index a9981d3..b451a4f 100644
--- a/salt-pillar/subnets/init.sls
+++ b/salt-pillar/subnets/init.sls
@@ -22,6 +22,7 @@ subnets-inet:
   mgmt: 10.0.0.0/24
 
 subnets-inet6:
+  mgmt: fd23:42:c3d2:580::/64
   core: fd23:42:c3d2:581::/64
   serv: fd23:42:c3d2:582::/64
   pub: fd23:42:c3d2:583::/64
diff --git a/salt/firewall/mgmt-gw.sh b/salt/firewall/mgmt-gw.sh
index b3430ef..a6d6c4f 100644
--- a/salt/firewall/mgmt-gw.sh
+++ b/salt/firewall/mgmt-gw.sh
@@ -2,12 +2,18 @@
 
 if [ "$IFACE" = "{{ interface }}" ]; then
     iptables -F FORWARD
+    ip6tables -F FORWARD
     iptables -P FORWARD REJECT
+    ip6tables -P FORWARD REJECT
     iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
+    ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
     # DNS
     iptables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
+    ip6tables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
     # NTP
     iptables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
+    ip6tables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
     # collectd
     iptables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
+    ip6tables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
 fi
diff --git a/salt/firewall/mgmt-gw.sls b/salt/firewall/mgmt-gw.sls
index 06f643c..ce31ed7 100644
--- a/salt/firewall/mgmt-gw.sls
+++ b/salt/firewall/mgmt-gw.sls
@@ -1,3 +1,6 @@
+iptables:
+  pkg.installed: []
+
 /etc/network/if-pre-up.d/firewall:
   file.managed:
     - source: salt://upstream/mgmt-gw.sh