upstream1: prepare dhcp6
This commit is contained in:
parent
7031aa150b
commit
5f265ea641
|
@ -41,6 +41,8 @@ base:
|
||||||
'upstream2':
|
'upstream2':
|
||||||
- upstream.port-forwarding
|
- upstream.port-forwarding
|
||||||
- upstream.ipv6-tunnel
|
- upstream.ipv6-tunnel
|
||||||
|
'upstream1':
|
||||||
|
- upstream.dhcp6
|
||||||
'anon*':
|
'anon*':
|
||||||
- no-ssh
|
- no-ssh
|
||||||
- forwarding
|
- forwarding
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
{%- set interface = pillar['upstream']['interface'] %}
|
||||||
|
|
||||||
|
/etc/wide-dhcpv6/dhcp6c.conf:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://upstream/dhcp6c.conf
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
interface: {{ interface }}
|
||||||
|
- mode: 744
|
||||||
|
|
||||||
|
wide-dhcpv6-client:
|
||||||
|
pkg.installed: []
|
||||||
|
service:
|
||||||
|
- running
|
||||||
|
- enable: True
|
||||||
|
- restart: True
|
||||||
|
- watch:
|
||||||
|
- file: /etc/wide-dhcpv6/dhcp6c.conf
|
||||||
|
- pkg: wide-dhcpv6-client
|
|
@ -0,0 +1,21 @@
|
||||||
|
interface {{ interface }} {
|
||||||
|
send rapid-commit;
|
||||||
|
send ia-pd 0;
|
||||||
|
send ia-na 0;
|
||||||
|
request sip-server-domain-name;
|
||||||
|
request sip-server-address;
|
||||||
|
};
|
||||||
|
|
||||||
|
id-assoc pd 0 {
|
||||||
|
prefix ::/56 infinity;
|
||||||
|
prefix-interface core {
|
||||||
|
# 0x81 in decimal
|
||||||
|
sla-id 129;
|
||||||
|
# 64 - 56
|
||||||
|
sla-len 8;
|
||||||
|
# …::0/64
|
||||||
|
ifid 0;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
id-assoc na 0 {
|
||||||
|
};
|
|
@ -11,6 +11,8 @@ if [ "$IFACE" = "{{ interface }}" ]; then
|
||||||
ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
iptables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
|
iptables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
|
||||||
ip6tables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
|
ip6tables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
|
||||||
|
# DHCPv6
|
||||||
|
ip6tables -A INPUT -i "$IFACE" -p udp --sport 547 --dport 546 -j ACCEPT
|
||||||
iptables -A INPUT -i "$IFACE" -j DROP
|
iptables -A INPUT -i "$IFACE" -j DROP
|
||||||
ip6tables -A INPUT -i "$IFACE" -j DROP
|
ip6tables -A INPUT -i "$IFACE" -j DROP
|
||||||
iptables -P INPUT ACCEPT
|
iptables -P INPUT ACCEPT
|
||||||
|
|
Loading…
Reference in New Issue