From f004a9aa83008afc5d7984d2c85fa4093e19b6c3 Mon Sep 17 00:00:00 2001 From: Harald Pichler Date: Fri, 2 Dec 2016 10:17:27 +0100 Subject: [PATCH] bugfix route ipv6 --- banana-edge-native/edge_install_script.sh | 4 +- banana-edge-native/etc/radvd.conf | 4 +- banana-edge-native/etc/sysctl.conf | 60 +++++++++++++++++++++++ banana-edge/edge_install_script.sh | 1 + banana-edge/etc/sysctl.conf | 60 +++++++++++++++++++++++ 5 files changed, 124 insertions(+), 5 deletions(-) create mode 100644 banana-edge-native/etc/sysctl.conf create mode 100644 banana-edge/etc/sysctl.conf diff --git a/banana-edge-native/edge_install_script.sh b/banana-edge-native/edge_install_script.sh index cfa322a..fc9a97d 100755 --- a/banana-edge-native/edge_install_script.sh +++ b/banana-edge-native/edge_install_script.sh @@ -43,10 +43,8 @@ radvd() echo "\nInstall RADVD..." apt-get install -y radvd cp etc/radvd.conf /etc/radvd.conf #git link - cd /etc/init.d + cp etc/sysctl.conf /etc/sysctl.conf service radvd start - cd $dir1 - cd $dir2 } read -p "Do you want to install Raspi-Edge-Native-Package (y/n)? " response diff --git a/banana-edge-native/etc/radvd.conf b/banana-edge-native/etc/radvd.conf index 24774cf..3bbe4e5 100644 --- a/banana-edge-native/etc/radvd.conf +++ b/banana-edge-native/etc/radvd.conf @@ -20,8 +20,8 @@ interface tun0 AdvDefaultLifetime 200; prefix aaaa::/64 { - AdvOnLink on; - AdvAutonomous on; + AdvOnLink off; + AdvAutonomous off; AdvPreferredLifetime 4294967295; AdvValidLifetime 4294967295; }; diff --git a/banana-edge-native/etc/sysctl.conf b/banana-edge-native/etc/sysctl.conf new file mode 100644 index 0000000..ac94670 --- /dev/null +++ b/banana-edge-native/etc/sysctl.conf @@ -0,0 +1,60 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# diff --git a/banana-edge/edge_install_script.sh b/banana-edge/edge_install_script.sh index 52e4643..1319717 100755 --- a/banana-edge/edge_install_script.sh +++ b/banana-edge/edge_install_script.sh @@ -39,6 +39,7 @@ radvd() echo "\nInstall RADVD..." apt-get install -y radvd cp etc/radvd.conf /etc/radvd.conf + cp etc/sysctl.conf /etc/sysctl.conf service radvd start } diff --git a/banana-edge/etc/sysctl.conf b/banana-edge/etc/sysctl.conf new file mode 100644 index 0000000..ac94670 --- /dev/null +++ b/banana-edge/etc/sysctl.conf @@ -0,0 +1,60 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +#