From feee5aca8a304a330aa51fe60c6ec09506f90269 Mon Sep 17 00:00:00 2001
From: GnomeZworc <nicolas.boufidjeline@g3e.fr>
Date: Fri, 16 May 2025 14:02:04 +0200
Subject: [PATCH] move config

---
 agent.sh          |  6 ++++--
 lib/prime/init.sh | 30 ++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 lib/prime/init.sh

diff --git a/agent.sh b/agent.sh
index 055d58c..e256975 100644
--- a/agent.sh
+++ b/agent.sh
@@ -6,6 +6,8 @@
 # green  create
 
 . ./lib/prime/volumes.sh
+. ./lib/prime/init.sh
+. ./lib/prime/vm.sh
 
 DRY_RUN="1"
 SIMULATION="1"
@@ -28,8 +30,7 @@ function main {
         delete_volume "$@"
         ;;
     "Config")
-        metadata_service
-        systemctl daemon-reload
+        config_kvm
         ;;
     *)
         echo "action : ${fonction} not known !"
@@ -38,6 +39,7 @@ function main {
         echo " -> StopVm"
         echo " -> CreateVolume"
         echo " -> DeleteVolume"
+        echo " -> Config"
         ;;
     esac
 }
diff --git a/lib/prime/init.sh b/lib/prime/init.sh
new file mode 100644
index 0000000..c224ff5
--- /dev/null
+++ b/lib/prime/init.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+. ./lib/metadata.sh
+
+function config_kvm {
+    sysctl -w net.ipv4.ip_forward=1
+    iptables -A OUTPUT -p icmp --icmp-type time-exceeded -j DROP
+
+    # Créer une nouvelle chaîne nommée "ACCEPT_BOGON"
+    iptables -N ACCEPT_BOGON
+
+    # Y mettre toutes les règles liées aux IPs bogon
+    iptables -A ACCEPT_BOGON -s 10.0.0.0/8 -j ACCEPT
+    iptables -A ACCEPT_BOGON -s 192.168.0.0/16 -j ACCEPT
+    iptables -A ACCEPT_BOGON -s 192.168.15.0/24 -j DROP
+    iptables -A ACCEPT_BOGON -s 172.16.0.0/12 -j ACCEPT
+    iptables -A ACCEPT_BOGON -s 127.0.0.0/8 -j ACCEPT
+    iptables -A ACCEPT_BOGON -s 169.254.0.0/16 -j ACCEPT
+    iptables -A ACCEPT_BOGON -s 0.0.0.0/8 -j ACCEPT
+    iptables -A ACCEPT_BOGON -s 240.0.0.0/4 -j ACCEPT
+    iptables -A ACCEPT_BOGON -s 224.0.0.0/4 -j ACCEPT
+    iptables -A ACCEPT_BOGON -j DROP
+
+    # Puis dans la chaîne INPUT, tu appelles cette chaîne :
+    iptables -A INPUT -j ACCEPT_BOGON
+
+
+    metadata_service
+    systemctl daemon-reload
+}
\ No newline at end of file