lixonet-ee/tinc/tinc-up.tmpl

#!/bin/sh
sysctl -w net.ipv6.conf.\$INTERFACE.disable_ipv6=1 || echo "[WARNING] IPv6 couldn't be disabled on the \$INTERFACE interface!  Make sure you disable IPv6 at the host level with sysctl -w net.ipv6.conf.all.disable_ipv6=1"

{{ if len "${vip:-}" }}ifconfig "\$INTERFACE:0" ${vip}{{ end }}
{{ if len "${ip_aliases:-}" }}{{ range "$ip_aliases" | split "," }}iptables -t nat -I PREROUTING -d {{ . }} -i \$INTERFACE -j DNAT --to-destination ${tinc_peer_address}
iptables -t nat -I PREROUTING -d {{ . }} -i ${internal_interface:-eth0} -j DNAT --to-destination ${tinc_peer_address}
{{ end }}{{ end }}

# Enable IPv4 kernel routing/forwarding for this network
iptables -A FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j ACCEPT
{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -A FORWARD -o ${internal_interface:-eth0} -d {{.}} -j ACCEPT
{{ end }}{{ end }}

# Prevent spoofing attacks
iptables -A FORWARD -i \$INTERFACE ! -s ${network_address}/${global_prefix:-16} -j DROP
{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -A FORWARD -i \$INTERFACE -s {{.}} -j DROP
{{ end }}{{ end }}

ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0}
Update build.sh, README.md, bird/bird.conf.tmpl, tinc/subnet-down.tmpl, tinc/subnet-up.tmpl, tinc/tinc-up.tmpl, tinc/tinc.conf.tmpl, docker-compose.yml files Deleted gortr/roas.json, tinc/lixonet/hosts/daltx_nurd_lixo, tinc/lixonet/hosts/denco_mane_lixo, tinc/lixonet/hosts/inwwv_nurd_lixo, tinc/lixonet/hosts/lkwco_mane_lixo, tinc/lixonet/hosts/manva_nurd_lixo, tinc/lixonet/subnet-down.tmpl, tinc/lixonet/subnet-up.tmpl, tinc/lixonet/tinc-up.tmpl, tinc/lixonet/tinc.conf.tmpl, bird/rpki/hosts/denco_mane_lixo, bird/rpki/known_hosts, bird/neighbors/daltx_nurd_lixo, bird/neighbors/denco_mane_lixo, bird/neighbors/glaz_nurd_lixo, bird/neighbors/lkwco_mane_lixo, bird/neighbors/phxaz_nurd_lixo files 2020-05-21 21:22:04 +00:00			`#!/bin/sh`
Update tinc-up.tmpl 2020-06-22 00:32:04 +00:00			`sysctl -w net.ipv6.conf.\$INTERFACE.disable_ipv6=1 \|\| echo "[WARNING] IPv6 couldn't be disabled on the \$INTERFACE interface! Make sure you disable IPv6 at the host level with sysctl -w net.ipv6.conf.all.disable_ipv6=1"`
Update tinc-up.tmpl 2020-06-21 21:34:24 +00:00
Update tinc/tinc-up.tmpl 2020-06-21 04:22:23 +00:00			`{{ if len "${vip:-}" }}ifconfig "\$INTERFACE:0" ${vip}{{ end }}`
Update tinc/tinc-up.tmpl, tinc/tinc.conf.tmpl, tinc/tinc-down.tmpl files 2020-06-21 05:01:27 +00:00			`{{ if len "${ip_aliases:-}" }}{{ range "$ip_aliases" \| split "," }}iptables -t nat -I PREROUTING -d {{ . }} -i \$INTERFACE -j DNAT --to-destination ${tinc_peer_address}`
			`iptables -t nat -I PREROUTING -d {{ . }} -i ${internal_interface:-eth0} -j DNAT --to-destination ${tinc_peer_address}`
			`{{ end }}{{ end }}`
Update tinc/tinc-up.tmpl 2020-06-08 15:28:22 +00:00
			`# Enable IPv4 kernel routing/forwarding for this network`
Update tinc/tinc-up.tmpl, tinc/tinc-down.tmpl, Dockerfile.tinc files 2020-06-09 16:32:09 +00:00			`iptables -A FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j ACCEPT`
			`{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" \| split "," }}iptables -A FORWARD -o ${internal_interface:-eth0} -d {{.}} -j ACCEPT`
Update tinc/tinc-up.tmpl 2020-06-08 15:28:22 +00:00			`{{ end }}{{ end }}`
Update tinc-up.tmpl 2020-06-12 22:58:53 +00:00
			`# Prevent spoofing attacks`
Update tinc-up.tmpl 2020-06-12 23:16:41 +00:00			`iptables -A FORWARD -i \$INTERFACE ! -s ${network_address}/${global_prefix:-16} -j DROP`
Update tinc-up.tmpl 2020-06-12 23:12:41 +00:00			`{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" \| split "," }}iptables -A FORWARD -i \$INTERFACE -s {{.}} -j DROP`
Update tinc/tinc-up.tmpl, README.md files 2020-06-21 04:11:46 +00:00			`{{ end }}{{ end }}`
Update tinc-up.tmpl 2020-06-21 21:34:58 +00:00
			`ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0}`