alemaire/image-specs
1
0
Fork 0
mirror of https://gitlab.com/alemaire/image-specs.git synced 2025-01-11 02:03:30 +00:00
Code Issues Projects Releases Wiki Activity

First sketch of the sysconf file

Browse Source
This commit is contained in:
Gunnar Wolf 2019-07-19 10:05:26 -03:00
parent 4c057e3ab7
commit 8d7a5b1f11
4 changed files with 20 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
rules.v4
View File

@ -1,13 +0,0 @@
# Generated by iptables-save v1.6.0 on Wed Mar 22 14:31:11 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 127.0.0.0/8 -m comment --comment "RFC3330 loopback" -j ACCEPT
-A INPUT -s 10.0.0.0/8 -m comment --comment "RFC1918 reserved" -j ACCEPT
-A INPUT -s 172.16.0.0/12 -m comment --comment "RFC1918 reserved" -j ACCEPT
-A INPUT -s 192.168.0.0/16 -m comment --comment "RFC1918 reserved" -j ACCEPT
-A INPUT -s 169.254.0.0/16 -m comment --comment "RFC3927 link-local" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment SSH -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Mar 22 14:31:11 2017

11
rules.v6
View File

@ -1,11 +0,0 @@
# Generated by ip6tables-save v1.6.0 on Wed Mar 22 14:31:11 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s ::1/128 -m comment --comment "RFC3513 loopback" -j ACCEPT
-A INPUT -s fc00::/7 -m comment --comment "RFC4193 reserved" -j ACCEPT
-A INPUT -s fe80::/10 -m comment --comment "RFC4291 link-local" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment SSH -j REJECT --reject-with icmp6-port-unreachable
COMMIT
# Completed on Wed Mar 22 14:31:11 2017

1
set-sysconf.service
View File

@ -4,6 +4,7 @@ Description=Set up system configuration
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/usr/sbin/set-sysconf ExecStart=/usr/sbin/set-sysconf
ExecStart=/bin/systemctl --no-reload disable %n
[Install] [Install]
RequiredBy=basic.target RequiredBy=basic.target

19
sysconf.txt Normal file
View File

@ -0,0 +1,19 @@
# This file will be automatically evaluated and installed _only_ at
# the first boot of this image.
#
# To force it to be evaluated later, you can run (as root):
#
# /usr/sbin/set-sysconf
#
# Comments (all portions of a line following a '#' character) are
# ignored. This file is read line by line (ordering is ignored). Valid
# configuration lines are of the form 'key=value'. Whitespace around
# 'key' and 'value' is ignored.
#
# We follow the convention to indent with one space comments, and
# leave no space to indicate the line is an example that could be
# uncommented.
# root_pw - Set a password for the root user (by default, it allows
# for a passwordless login)
#rootpw=FooBar