#!/bin/sh sysctl -w net.ipv6.conf.\$INTERFACE.disable_ipv6=1 || echo "[WARNING] IPv6 couldn't be disabled on the \$INTERFACE interface! Make sure you disable IPv6 at the host level with sysctl -w net.ipv6.conf.all.disable_ipv6=1" {{ if len "${vip:-}" }}ifconfig "\$INTERFACE:0" ${vip}{{ end }} {{ if len "${ip_aliases:-}" }}{{ range "$ip_aliases" | split "," }}iptables -t nat -I PREROUTING -d {{ . }} -i \$INTERFACE -j DNAT --to-destination ${tinc_peer_address} iptables -t nat -I PREROUTING -d {{ . }} -i eth0 -j DNAT --to-destination ${tinc_peer_address} {{ end }}{{ end }} # Enable IPv4 kernel routing/forwarding for this network iptables -A FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j ACCEPT {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -A FORWARD -o eth0 -d {{.}} -j ACCEPT {{ end }}{{ end }} # Prevent spoofing attacks iptables -A FORWARD -i \$INTERFACE ! -s ${network_address}/${global_prefix:-16} -j DROP {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -A FORWARD -i \$INTERFACE -s {{.}} -j DROP {{ end }}{{ end }} ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0}