From 76b0c8d73f6a11342bd7a640704829ded99a29c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20M=C3=A4user?= Date: Sat, 21 Jul 2018 02:02:32 +0200 Subject: [PATCH] Renamed exit-ipv4 to exit-ip, added TCP-MSS Clamping for V4 and V6 --- roles/{exit-ipv4 => exit-ip}/defaults/main.yml | 0 roles/{exit-ipv4 => exit-ip}/handlers/main.yml | 3 +++ roles/{exit-ipv4 => exit-ip}/tasks/main.yml | 4 ++++ roles/{exit-ipv4 => exit-ip}/templates/rules.v4.j2 | 0 roles/exit-ip/templates/rules.v6.j2 | 7 +++++++ site.yml | 2 +- 6 files changed, 15 insertions(+), 1 deletion(-) rename roles/{exit-ipv4 => exit-ip}/defaults/main.yml (100%) rename roles/{exit-ipv4 => exit-ip}/handlers/main.yml (50%) rename roles/{exit-ipv4 => exit-ip}/tasks/main.yml (82%) rename roles/{exit-ipv4 => exit-ip}/templates/rules.v4.j2 (100%) create mode 100644 roles/exit-ip/templates/rules.v6.j2 diff --git a/roles/exit-ipv4/defaults/main.yml b/roles/exit-ip/defaults/main.yml similarity index 100% rename from roles/exit-ipv4/defaults/main.yml rename to roles/exit-ip/defaults/main.yml diff --git a/roles/exit-ipv4/handlers/main.yml b/roles/exit-ip/handlers/main.yml similarity index 50% rename from roles/exit-ipv4/handlers/main.yml rename to roles/exit-ip/handlers/main.yml index 26235cd..489635a 100644 --- a/roles/exit-ipv4/handlers/main.yml +++ b/roles/exit-ip/handlers/main.yml @@ -2,3 +2,6 @@ - name: Reload iptables shell: iptables-restore < /etc/iptables/rules.v4 + +- name: Reload ip6tables + shell: ip6tables-restore < /etc/iptables/rules.v6 diff --git a/roles/exit-ipv4/tasks/main.yml b/roles/exit-ip/tasks/main.yml similarity index 82% rename from roles/exit-ipv4/tasks/main.yml rename to roles/exit-ip/tasks/main.yml index 9a3105e..8ef5daa 100644 --- a/roles/exit-ipv4/tasks/main.yml +++ b/roles/exit-ip/tasks/main.yml @@ -18,3 +18,7 @@ - name: Configure iptables template: src=rules.v4.j2 dest=/etc/iptables/rules.v4 notify: Reload iptables + +- name: Configure ip6tables + template: src=rules.v6.j2 dest=/etc/iptables/rules.v6 + notify: Reload ip6tables diff --git a/roles/exit-ipv4/templates/rules.v4.j2 b/roles/exit-ip/templates/rules.v4.j2 similarity index 100% rename from roles/exit-ipv4/templates/rules.v4.j2 rename to roles/exit-ip/templates/rules.v4.j2 diff --git a/roles/exit-ip/templates/rules.v6.j2 b/roles/exit-ip/templates/rules.v6.j2 new file mode 100644 index 0000000..837d8db --- /dev/null +++ b/roles/exit-ip/templates/rules.v6.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +:OUTPUT ACCEPT [0:0] +COMMIT diff --git a/site.yml b/site.yml index faeddee..bc86a12 100644 --- a/site.yml +++ b/site.yml @@ -17,7 +17,7 @@ - bird - fastd - mesh-interfaces - - exit-ipv4 + - exit-ip - dns - radvd - dhcpd