Block RFC1918 and APIPA destination via eth0
This commit is contained in:
Ansible Admin
parent
a388307c6d
commit
8c1c6ffeb3
@ -13,6 +13,11 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted",
|
|||||||
# sleep 5
|
# sleep 5
|
||||||
#done
|
#done
|
||||||
|
|
||||||
|
# Block RFC1918 and APIPA destination via WAN
|
||||||
|
/sbin/iptables -P OUTPUT ACCEPT
|
||||||
|
for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do
|
||||||
|
/sbin/iptables -A OUTPUT -o eth0 -d $i -j DROP
|
||||||
|
done
|
||||||
|
|
||||||
# Activate IP forwarding
|
# Activate IP forwarding
|
||||||
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
|
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
|
||||||
@ -33,7 +38,7 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted",
|
|||||||
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||||
|
|
||||||
# Allow MAC address spoofing
|
# Allow MAC address spoofing
|
||||||
#/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
|
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
|
||||||
|
|
||||||
# Set gateway for table 200
|
# Set gateway for table 200
|
||||||
#/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy
|
#/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy
|
||||||
|
|||||||
@ -9,7 +9,7 @@
|
|||||||
user: root
|
user: root
|
||||||
gather_facts: False
|
gather_facts: False
|
||||||
vars:
|
vars:
|
||||||
snversion: master_v1.9.0
|
snversion: master_v1.9.1
|
||||||
batmanversion: v2015.2
|
batmanversion: v2015.2
|
||||||
common_required_packages:
|
common_required_packages:
|
||||||
- git
|
- git
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user