syonad/two_with_bash
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

move config

Browse source
This commit is contained in:
GnomeZworc 2025-05-16 14:02:04 +02:00
commit feee5aca8a
Signed by: nicolas.boufideline
GPG key ID: 4406BBBF8845D632
2 changed files with 34 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
agent.sh
View file

@ -6,6 +6,8 @@
# green create # green create
. ./lib/prime/volumes.sh . ./lib/prime/volumes.sh
. ./lib/prime/init.sh
. ./lib/prime/vm.sh
DRY_RUN="1" DRY_RUN="1"
SIMULATION="1" SIMULATION="1"
@ -28,8 +30,7 @@ function main {
delete_volume "$@" delete_volume "$@"
;; ;;
"Config") "Config")
metadata_service config_kvm
systemctl daemon-reload
;; ;;
*) *)
echo "action : ${fonction} not known !" echo "action : ${fonction} not known !"
@ -38,6 +39,7 @@ function main {
echo " -> StopVm" echo " -> StopVm"
echo " -> CreateVolume" echo " -> CreateVolume"
echo " -> DeleteVolume" echo " -> DeleteVolume"
echo " -> Config"
;; ;;
esac esac
} }

30
lib/prime/init.sh Normal file
View file

@ -0,0 +1,30 @@
#!/bin/bash
. ./lib/metadata.sh
function config_kvm {
sysctl -w net.ipv4.ip_forward=1
iptables -A OUTPUT -p icmp --icmp-type time-exceeded -j DROP
# Créer une nouvelle chaîne nommée "ACCEPT_BOGON"
iptables -N ACCEPT_BOGON
# Y mettre toutes les règles liées aux IPs bogon
iptables -A ACCEPT_BOGON -s 10.0.0.0/8 -j ACCEPT
iptables -A ACCEPT_BOGON -s 192.168.0.0/16 -j ACCEPT
iptables -A ACCEPT_BOGON -s 192.168.15.0/24 -j DROP
iptables -A ACCEPT_BOGON -s 172.16.0.0/12 -j ACCEPT
iptables -A ACCEPT_BOGON -s 127.0.0.0/8 -j ACCEPT
iptables -A ACCEPT_BOGON -s 169.254.0.0/16 -j ACCEPT
iptables -A ACCEPT_BOGON -s 0.0.0.0/8 -j ACCEPT
iptables -A ACCEPT_BOGON -s 240.0.0.0/4 -j ACCEPT
iptables -A ACCEPT_BOGON -s 224.0.0.0/4 -j ACCEPT
iptables -A ACCEPT_BOGON -j DROP
# Puis dans la chaîne INPUT, tu appelles cette chaîne :
iptables -A INPUT -j ACCEPT_BOGON
metadata_service
systemctl daemon-reload
}