diff --git a/debian/wit-network-config.postinst b/debian/wit-network-config.postinst index 2ad5aaa..4a9fccd 100755 --- a/debian/wit-network-config.postinst +++ b/debian/wit-network-config.postinst @@ -24,8 +24,8 @@ case "$1" in ### START gather all the info from the box and generate the variabels - export LOOPBACKv4=$(dig a +short ${HOSTNAME}) - export LOOPBACKv6=$(dig aaaa +short ${HOSTNAME}) + export LOOPBACKv4=$(dig a +short loopback.${HOSTNAME}) + export LOOPBACKv6=$(dig aaaa +short loopback.${HOSTNAME}) NODEASN=$(dig txt +short asn.${HOSTNAME}) NODEASN="${NODEASN%\"}" NODEASN="${NODEASN#\"}" diff --git a/debian/wit-network-config.preinst b/debian/wit-network-config.preinst index 595a29d..60bcbf9 100755 --- a/debian/wit-network-config.preinst +++ b/debian/wit-network-config.preinst @@ -16,8 +16,8 @@ set -e case "$1" in install|upgrade) - export LOOPBACKv4=$(dig a +short ${HOSTNAME}) - export LOOPBACKv6=$(dig aaaa +short ${HOSTNAME}) + export LOOPBACKv4=$(dig a +short loopback.${HOSTNAME}) + export LOOPBACKv6=$(dig aaaa +short loopback.${HOSTNAME}) NODEASN=$(dig txt +short asn.${HOSTNAME}) NODEASN="${NODEASN%\"}" NODEASN="${NODEASN#\"}" diff --git a/files/firewall b/files/firewall index c090f84..7e85449 100755 --- a/files/firewall +++ b/files/firewall @@ -21,6 +21,7 @@ case $1 in iptables -A INPUT -p esp -j ACCEPT # ipsec iptables -A INPUT -p udp --dport 500 --sport 500 -j ACCEPT # ipsec iptables -A INPUT -p udp --dport 4500 --sport 4500 -j ACCEPT # ipsec + iptables -A INPUT -s 170.199.217.0 -p tcp --dport 22 -j ACCEPT # ssh from bastion iptables -A INPUT -s 170.199.217.0 -p udp --sport 53 -j ACCEPT # dns iptables -A INPUT -s 170.199.210.99 -p tcp --sport 443 -j ACCEPT # mirrors.wit.com iptables -A INPUT -p icmp -j ACCEPT