++net notes
Signed-off-by: Nico Schottelius <nico@nico-notebook.schottelius.org>
This commit is contained in:
parent
ad87982cf0
commit
9f03f58d62
2 changed files with 23 additions and 0 deletions
|
@ -5,3 +5,9 @@ This directory contains unfinishe hacks / inspirations
|
|||
*** might have scaling issues?
|
||||
** firewall rules on each VM host
|
||||
- mac filtering:
|
||||
* To add / block
|
||||
** TODO arp poisoning
|
||||
** TODO ndp "poisoning"
|
||||
** TODO ipv4 dhcp server
|
||||
*** drop dhcpv4 requests
|
||||
*** drop dhcpv4 answers
|
||||
|
|
|
@ -69,9 +69,26 @@ table ip6 filter {
|
|||
|
||||
chain vmXXXX {
|
||||
ether saddr != 00:0f:54:0c:11:04 drop;
|
||||
ip6 saddr != 2001:db8:1:000f::540c:11ff:fe04 drop;
|
||||
jump drop_from_vm_without_ipam
|
||||
}
|
||||
|
||||
chain net_2a0ae5c05something {
|
||||
|
||||
|
||||
}
|
||||
|
||||
chain drop_from_vm_without_ipam {
|
||||
|
||||
}
|
||||
|
||||
chain vmYYYY {
|
||||
ether saddr != 00:0f:54:0c:11:05 drop;
|
||||
jump drop_from_vm_with_ipam
|
||||
}
|
||||
|
||||
# Drop stuff from every VM
|
||||
chain drop_from_vm_with_ipam {
|
||||
icmpv6 type {nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect } drop
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue