first commit in a while
This commit is contained in:
parent
ae29e8c584
commit
b7b534f0bb
5 changed files with 70 additions and 2 deletions
16
ethernet_restreint/clean_no_restrent.sh
Executable file
16
ethernet_restreint/clean_no_restrent.sh
Executable file
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
echo "clean firewall"
|
||||||
|
echo "0" | tee /proc/sys/net/ipv4/ip_forward
|
||||||
|
sv stop nftables
|
||||||
|
sv start nftables
|
||||||
|
|
||||||
|
echo "clean veth0 and br0"
|
||||||
|
ip link del veth0
|
||||||
|
ip link del br0
|
||||||
|
ip link del dummy0
|
||||||
|
|
||||||
|
echo "clean the rest of the bridges."
|
||||||
|
ip link del br1
|
||||||
|
ip link del br2
|
||||||
|
|
|
@ -24,6 +24,7 @@ ip address delete 10.0.2.100/24 dev tap0
|
||||||
ip address add 10.0.2.100/24 dev br0
|
ip address add 10.0.2.100/24 dev br0
|
||||||
ip link set dev br0 up
|
ip link set dev br0 up
|
||||||
ip route add default via 10.0.2.0 dev br0
|
ip route add default via 10.0.2.0 dev br0
|
||||||
|
ip route add 10.10.0.0/24 via 10.0.2.31
|
||||||
|
|
||||||
bridge="br1"
|
bridge="br1"
|
||||||
add_bridge
|
add_bridge
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
#echo $$ > /tmp/pid
|
#echo $$ > /tmp/pid
|
||||||
#unshare --user --map-root-user --net --mount
|
#exec unshare --user --map-root-user --net --mount
|
||||||
#slirp4netns
|
#slirp4netns
|
||||||
|
|
||||||
rootlesskit --net=slirp4netns --copy-up=/etc bash
|
rootlesskit --net=slirp4netns --copy-up=/etc bash
|
||||||
|
|
51
ethernet_restreint/no_restreint.sh
Executable file
51
ethernet_restreint/no_restreint.sh
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
|
||||||
|
if which doas &> /dev/null
|
||||||
|
then
|
||||||
|
rooter=$(which doas)
|
||||||
|
elif which sudo &> /dev/null
|
||||||
|
then
|
||||||
|
rooter=$(which sudo)
|
||||||
|
elif [ "$(id -u)" == "0" ]
|
||||||
|
then
|
||||||
|
rooter=""
|
||||||
|
else
|
||||||
|
echo "Error, no enough rights" >&2
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "change firewall rules"
|
||||||
|
# step zero, active ipv4_forward, and changes rule nftables to authorise forward, and and masquerade wlan0.
|
||||||
|
echo "1" | $rooter tee /proc/sys/net/ipv4/ip_forward
|
||||||
|
$rooter nft flush ruleset
|
||||||
|
echo "e"
|
||||||
|
$rooter nft "table inet my_nat {
|
||||||
|
chain postrouting {
|
||||||
|
type nat hook postrouting priority srcnat; policy accept;
|
||||||
|
oifname "wlan0" masquerade
|
||||||
|
}
|
||||||
|
}"
|
||||||
|
|
||||||
|
echo "create dummy interface veth0"
|
||||||
|
# step one, create a dummy veth interface
|
||||||
|
$rooter ip link add veth0 type dummy
|
||||||
|
$rooter ip a add 10.0.2.2/24 dev veth0
|
||||||
|
$rooter ip link set dev veth0 up
|
||||||
|
|
||||||
|
echo "link br0 with veth0"
|
||||||
|
# step two, create the bridge br0 interface, and link it with veth0
|
||||||
|
$rooter ip link add br0 type bridge
|
||||||
|
$rooter ip link set dev veth0 master br0
|
||||||
|
$rooter ip link set dev br0 up
|
||||||
|
$rooter ip a del 10.0.2.2/24 dev veth0
|
||||||
|
$rooter ip a add 10.0.2.2/24 dev br0
|
||||||
|
$rooter ip route add 10.0.2.0/24 via 10.0.2.31 dev br0
|
||||||
|
$rooter ip route add 10.10.0.0/16 via 10.0.2.31 dev br0
|
||||||
|
|
||||||
|
echo "create two other interfaces."
|
||||||
|
# step three, create others bridges interface
|
||||||
|
$rooter ip link add br1 type bridge
|
||||||
|
$rooter ip link set dev br1 up
|
||||||
|
$rooter ip link add br2 type bridge
|
||||||
|
$rooter ip link set dev br2 up
|
|
@ -227,7 +227,7 @@ set_net() {
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
network="${network} \
|
network="${network} \
|
||||||
-netdev bridge,id=${1#*:} \
|
-netdev bridge,id=${1#*:},br=${1#*:} \
|
||||||
-device virtio-net,netdev=${1#*:},mac=${mac}"
|
-device virtio-net,netdev=${1#*:},mac=${mac}"
|
||||||
;;
|
;;
|
||||||
"none")
|
"none")
|
||||||
|
|
Loading…
Reference in a new issue