From b8368a446f8cdbfd976be24f302d0ee6a4278dbf Mon Sep 17 00:00:00 2001 From: root Date: Mon, 6 Aug 2018 18:45:35 +0000 Subject: [PATCH] just a coupe more comments and adding vteps to auto-detect --- debian/changelog | 2 +- debian/wit-hypervisor-config.postinst | 1 + files/firewall | 6 +++--- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index 058dc10..2c41000 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -wit-hypervisor-config (1.2) unstable; urgency=low +wit-hypervisor-config (1.3) unstable; urgency=low * Initial release. diff --git a/debian/wit-hypervisor-config.postinst b/debian/wit-hypervisor-config.postinst index dbd7eff..5b9eb6e 100755 --- a/debian/wit-hypervisor-config.postinst +++ b/debian/wit-hypervisor-config.postinst @@ -32,6 +32,7 @@ case "$1" in export MGMT_MAC=$(ip -br link show dev $(ip -4 -br addr | grep 10.0. | awk '{ print $1 }') | awk '{ print $3 }') + [ ${HOSTNAME:0:4} = vtep ] && export HOSTTYPE=hypervisor [ ${HOSTNAME:0:1} = h ] && export HOSTTYPE=hypervisor [ ${HOSTNAME:0:1} = d ] && export HOSTTYPE=datanode diff --git a/files/firewall b/files/firewall index b1e689d..8fc9785 100755 --- a/files/firewall +++ b/files/firewall @@ -18,9 +18,9 @@ case $1 in iptables -P INPUT ACCEPT iptables -F INPUT #unencrypted traffic - iptables -A INPUT -s 10.1.0.0/16 -p esp -j ACCEPT - iptables -A INPUT -s 10.1.0.0/16 -p udp --dport 500 --sport 500 -j ACCEPT - iptables -A INPUT -s 10.1.0.0/16 -p udp --dport 4500 --sport 4500 -j ACCEPT + iptables -A INPUT -s 10.1.0.0/16 -p esp -j ACCEPT # ipsec + iptables -A INPUT -s 10.1.0.0/16 -p udp --dport 500 --sport 500 -j ACCEPT # ipsec + iptables -A INPUT -s 10.1.0.0/16 -p udp --dport 4500 --sport 4500 -j ACCEPT # ipsec iptables -A INPUT -p icmp -j ACCEPT #traffic we wanna see from the VPN iptables -A INPUT -m policy --pol ipsec --dir in -s 10.1.0.0/16 -p udp --dport 4789 -m policy --pol ipsec --dir in -j ACCEPT # vxlan traffic