++net notes

Signed-off-by: Nico Schottelius <nico@nico-notebook.schottelius.org>
This commit is contained in:
Nico Schottelius 2019-12-07 00:49:57 +01:00
parent ad87982cf0
commit 9f03f58d62
2 changed files with 23 additions and 0 deletions

View file

@ -5,3 +5,9 @@ This directory contains unfinishe hacks / inspirations
*** might have scaling issues? *** might have scaling issues?
** firewall rules on each VM host ** firewall rules on each VM host
- mac filtering: - mac filtering:
* To add / block
** TODO arp poisoning
** TODO ndp "poisoning"
** TODO ipv4 dhcp server
*** drop dhcpv4 requests
*** drop dhcpv4 answers

View file

@ -69,9 +69,26 @@ table ip6 filter {
chain vmXXXX { chain vmXXXX {
ether saddr != 00:0f:54:0c:11:04 drop; ether saddr != 00:0f:54:0c:11:04 drop;
ip6 saddr != 2001:db8:1:000f::540c:11ff:fe04 drop;
jump drop_from_vm_without_ipam
}
chain net_2a0ae5c05something {
}
chain drop_from_vm_without_ipam {
} }
chain vmYYYY { chain vmYYYY {
ether saddr != 00:0f:54:0c:11:05 drop; ether saddr != 00:0f:54:0c:11:05 drop;
jump drop_from_vm_with_ipam
}
# Drop stuff from every VM
chain drop_from_vm_with_ipam {
icmpv6 type {nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect } drop
} }
} }