fixing ipv6 mgmt firewall rules (again) and setting mgmt1 interface to be dhcp as well (not just auto)

2018-09-10 21:03:57 +02:00 · 2018-09-10 21:03:57 +02:00 · dc6a02d0d4
parent 4d3026d7c4
commit dc6a02d0d4
2 changed files with 3 additions and 3 deletions
--- a/debian/wit-network-config.postinst
+++ b/debian/wit-network-config.postinst
@ -79,12 +79,12 @@ case "$1" in

 	cat <<-"EOF" >/etc/network/interfaces.d/mgmt1
 		auto mgmt1
-		iface mgmt1 inet6 auto
 		iface mgmt1 inet dhcp
 		    pre-up /bin/ip link add mgmt type vrf table mgmt
 		    pre-up /bin/ip link set up dev mgmt
 		    pre-up /bin/ip link set master mgmt dev mgmt1
 		    post-down /bin/ip link del dev mgmt
+		iface mgmt1 inet6 dhcp
 	EOF

 	cat <<-"EOF" >/etc/network/interfaces.d/feth
--- a/files/firewall
+++ b/files/firewall
@ -59,8 +59,8 @@ case $1 in

        ip6tables -t raw -A PREROUTING ! -i mgmt1 -j NOTRACK
        ip6tables -t raw -A OUTPUT     ! -o mgmt  -j NOTRACK
-        ip6tables -A INPUT -i mgmt1  -m state --state ESTABLISHED,RELATED      -j ACCEPT
-        ip6tables -A INPUT -i mgmt1                -p tcp --dport  22          -j ACCEPT
+        ip6tables -A INPUT -i mgmt   -m state --state ESTABLISHED,RELATED      -j ACCEPT
+        ip6tables -A INPUT -i mgmt                 -p tcp --dport  22          -j ACCEPT

     ##### temp rules till we get VRF in place in the factory, just flip the 3 rules below
      if ip link show dev mgmt >/dev/null 2>&1; then