sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-28 18:02:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
e0dab4f20c
firehol/examples/vnetbuild-simple.conf
Phil Whineray 0cb697d218 Add IPv6 support to vnetbuild and update example
2015-07-29 20:13:44 +01:00

61 lines
2.2 KiB
Plaintext
Raw Blame History

#
# Simple vnetbuild config with one namespace representing the firewall,
# one representing the ISP and the whole internet behind it and a few
# more representing hosts on a LAN.
#
# Start namespace:
# sudo vnetbuild vnetbuild-simple.conf start
#
# Ping from a host on the LAN to an internet address (served by ISP)
# sudo ip netns exec host01 ping 192.0.2.1
# Ping from an internet address (served by ISP) to a host on the LAN:
# sudo ip netns exec isp ping -I 192.0.2.1 10.0.0.2
# IPv6 Ping from host on the LAN to firewall on link local
# sudo ip netns exec host01 ping6 fe80::2:1%veth0
# IPv6 Ping from host on the LAN to an internet address (served by ISP)
# sudo ip netns exec host01 ping6 2001:eeee::1
# Block all traffic through firewall by invoking firehol in the namespace:
# sudo ip netns exec firewall firehol panic
# Clear the firewall with firehol to re-enable the traffic:
# sudo ip netns exec firewall firehol stop
#
host firewall
dev ppp0 192.168.1.1/30 fe80::1:1/64 2001:bbbb::1/64
dev veth0 10.0.0.254/8 fe80::2:1/64
route default via 192.168.1.2
route default via fe80::1:2 dev ppp0
route 2001:aaaa::/64 via fe80::1111:1 dev veth0
exec echo 1 > /proc/sys/net/ipv4/ip_forward
exec echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
exec sed 's:/var/log/ulog/syslogemu.log:/var/log/ulog/firewall.log:' /etc/ulogd.conf > $NSTMP/ulogd.conf
exec /usr/sbin/ulogd -d -c $NSTMP/ulogd.conf
host isp
dev ppp0wan firewall/ppp0 192.168.1.2/30 192.0.2.1/24 198.51.100.1/24 203.0.113.1/24 2001:eeee::1/64 fe80::1:2/64
route default via 192.168.1.1
route default via fe80::1:1 dev ppp0wan
exec echo 1 > /proc/sys/net/ipv4/ip_forward
exec echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
host host01
dev veth0 10.0.0.1/8 fe80::1111:1/64 2001:aaaa::1/64
route default via 10.0.0.254
route default via fe80::2:1 dev veth0
host host02
dev veth0 10.0.0.2/8 fe80::1111:2/64 2001:aaaa::2/64
route default via 10.0.0.254
route default via fe80::2:1 dev veth0
host host03 fe80::3/64
dev veth0 10.0.0.2/8 fe80::1111:3/64 2001:aaaa::3/64
route default via 10.0.0.254
route default via fe80::2:1 dev veth0
switch lan
dev d01 firewall/veth0
dev d02 host01/veth0
dev d03 host02/veth0
dev d04 host03/veth0
Reference in New Issue View Git Blame Copy Permalink