diff --git a/debian/changelog b/debian/changelog index 058dc10..2c41000 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -wit-hypervisor-config (1.2) unstable; urgency=low +wit-hypervisor-config (1.3) unstable; urgency=low * Initial release. diff --git a/debian/wit-hypervisor-config.postinst b/debian/wit-hypervisor-config.postinst index dbd7eff..5b9eb6e 100755 --- a/debian/wit-hypervisor-config.postinst +++ b/debian/wit-hypervisor-config.postinst @@ -32,6 +32,7 @@ case "$1" in export MGMT_MAC=$(ip -br link show dev $(ip -4 -br addr | grep 10.0. | awk '{ print $1 }') | awk '{ print $3 }') + [ ${HOSTNAME:0:4} = vtep ] && export HOSTTYPE=hypervisor [ ${HOSTNAME:0:1} = h ] && export HOSTTYPE=hypervisor [ ${HOSTNAME:0:1} = d ] && export HOSTTYPE=datanode diff --git a/files/firewall b/files/firewall index b1e689d..8fc9785 100755 --- a/files/firewall +++ b/files/firewall @@ -18,9 +18,9 @@ case $1 in iptables -P INPUT ACCEPT iptables -F INPUT #unencrypted traffic - iptables -A INPUT -s 10.1.0.0/16 -p esp -j ACCEPT - iptables -A INPUT -s 10.1.0.0/16 -p udp --dport 500 --sport 500 -j ACCEPT - iptables -A INPUT -s 10.1.0.0/16 -p udp --dport 4500 --sport 4500 -j ACCEPT + iptables -A INPUT -s 10.1.0.0/16 -p esp -j ACCEPT # ipsec + iptables -A INPUT -s 10.1.0.0/16 -p udp --dport 500 --sport 500 -j ACCEPT # ipsec + iptables -A INPUT -s 10.1.0.0/16 -p udp --dport 4500 --sport 4500 -j ACCEPT # ipsec iptables -A INPUT -p icmp -j ACCEPT #traffic we wanna see from the VPN iptables -A INPUT -m policy --pol ipsec --dir in -s 10.1.0.0/16 -p udp --dport 4789 -m policy --pol ipsec --dir in -j ACCEPT # vxlan traffic