++net notes
Signed-off-by: Nico Schottelius <nico@nico-notebook.schottelius.org>
This commit is contained in:
Nico Schottelius
parent
ad87982cf0
commit
9f03f58d62
2 changed files with 23 additions and 0 deletions
|
|
@ -5,3 +5,9 @@ This directory contains unfinishe hacks / inspirations
|
||||||
*** might have scaling issues?
|
*** might have scaling issues?
|
||||||
** firewall rules on each VM host
|
** firewall rules on each VM host
|
||||||
- mac filtering:
|
- mac filtering:
|
||||||
|
* To add / block
|
||||||
|
** TODO arp poisoning
|
||||||
|
** TODO ndp "poisoning"
|
||||||
|
** TODO ipv4 dhcp server
|
||||||
|
*** drop dhcpv4 requests
|
||||||
|
*** drop dhcpv4 answers
|
||||||
|
|
|
||||||
|
|
@ -69,9 +69,26 @@ table ip6 filter {
|
||||||
|
|
||||||
chain vmXXXX {
|
chain vmXXXX {
|
||||||
ether saddr != 00:0f:54:0c:11:04 drop;
|
ether saddr != 00:0f:54:0c:11:04 drop;
|
||||||
|
ip6 saddr != 2001:db8:1:000f::540c:11ff:fe04 drop;
|
||||||
|
jump drop_from_vm_without_ipam
|
||||||
|
}
|
||||||
|
|
||||||
|
chain net_2a0ae5c05something {
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
chain drop_from_vm_without_ipam {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
chain vmYYYY {
|
chain vmYYYY {
|
||||||
ether saddr != 00:0f:54:0c:11:05 drop;
|
ether saddr != 00:0f:54:0c:11:05 drop;
|
||||||
|
jump drop_from_vm_with_ipam
|
||||||
|
}
|
||||||
|
|
||||||
|
# Drop stuff from every VM
|
||||||
|
chain drop_from_vm_with_ipam {
|
||||||
|
icmpv6 type {nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect } drop
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
Reference in a new issue