antoine.perederii
/
IUT
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e2bb871125'
${ noResults }
IUT/vdn/networks.bak/firewall-buster/scripts/baseConfigSociete

159 lines
2.6 KiB
Raw Blame History

#!/usr/bin/env bash
set -eu
DESC="Configuration de base de societe (hostname, hosts, interfaces)."
setFirewall() {
vdn-ssh root@societe '
cat << EOF > /etc/network/fw-start
#!/bin/sh
set -x
# Vide les tables
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# fixe les politiques par défaut
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# spécifique à VDN (Début)
iptables -A INPUT -i eth3 -j ACCEPT
iptables -A OUTPUT -o eth3 -j ACCEPT
# spécifique à VDN (Fin)
# Autorise l''interface loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Log
iptables -A INPUT -j LOG --log-prefix "fw INPUT "
EOF
chmod 755 /etc/network/fw-start
cat << EOF > /etc/network/fw-stop
#!/bin/sh
# Vide les tables
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# fixe les politiques par défaut
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
EOF
chmod 755 /etc/network/fw-stop
/etc/network/fw-stop
sed -i -re "s/#(net.ipv4.ip_forward=1)/\1/g" /etc/sysctl.conf
sysctl -p
'
# enable ipv4.ip_forward
#vdn-ssh root@societe "echo 0 > /proc/sys/net/ipv4/ip_forward"
}
run() {
. $VDN_PATH/bin/functions-scripts.sh
setErrorHandler
echoStart
name="societe"
startAndWaitSsh $name
setIpv6WorkAround $name
setHostname $name
setFirewall
cat << EOF | setHosts $name
127.0.0.1 localhost
$($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP) lambda
$($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP) nomade
$($VDN_PATH/bin/vdn-infos societe PUBLIC_IP) societe
192.168.30.2 bigboss
192.168.30.16 tiny
192.168.1.2 web
EOF
# Fixe la route par défaut
cat << EOF | setFile $name /etc/network/if-up.d/default-interface
#!/bin/sh
[ "\$IFACE" = "eth0" ] && {
. /etc/vdn/config
/sbin/ifconfig eth0 \$PUBLIC_IP
/sbin/route add default dev eth0
} || :
EOF
vdn-ssh root@$name chmod 755 /etc/network/if-up.d/default-interface
cat << EOF | setInterfaces $name
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address $($VDN_PATH/bin/vdn-infos $name PUBLIC_IP)
netmask 255.0.0.0
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
auto eth2
iface eth2 inet static
address 192.168.30.1
netmask 255.255.255.0
EOF
vdn-ssh root@$name "systemctl restart networking"
vdn-ssh root@$name "systemctl enable proftpd; systemctl start proftpd"
unsetErrorHandler
echoDone
}
Reference in new issue View Git Blame Copy Permalink