First sketch of the sysconf file
This commit is contained in:
Gunnar Wolf
parent
4c057e3ab7
commit
8d7a5b1f11
13
rules.v4
13
rules.v4
|
|
@ -1,13 +0,0 @@
|
|||
# Generated by iptables-save v1.6.0 on Wed Mar 22 14:31:11 2017
|
||||
*filter
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
-A INPUT -s 127.0.0.0/8 -m comment --comment "RFC3330 loopback" -j ACCEPT
|
||||
-A INPUT -s 10.0.0.0/8 -m comment --comment "RFC1918 reserved" -j ACCEPT
|
||||
-A INPUT -s 172.16.0.0/12 -m comment --comment "RFC1918 reserved" -j ACCEPT
|
||||
-A INPUT -s 192.168.0.0/16 -m comment --comment "RFC1918 reserved" -j ACCEPT
|
||||
-A INPUT -s 169.254.0.0/16 -m comment --comment "RFC3927 link-local" -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment SSH -j REJECT --reject-with icmp-port-unreachable
|
||||
COMMIT
|
||||
# Completed on Wed Mar 22 14:31:11 2017
|
||||
11
rules.v6
11
rules.v6
|
|
@ -1,11 +0,0 @@
|
|||
# Generated by ip6tables-save v1.6.0 on Wed Mar 22 14:31:11 2017
|
||||
*filter
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
-A INPUT -s ::1/128 -m comment --comment "RFC3513 loopback" -j ACCEPT
|
||||
-A INPUT -s fc00::/7 -m comment --comment "RFC4193 reserved" -j ACCEPT
|
||||
-A INPUT -s fe80::/10 -m comment --comment "RFC4291 link-local" -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment SSH -j REJECT --reject-with icmp6-port-unreachable
|
||||
COMMIT
|
||||
# Completed on Wed Mar 22 14:31:11 2017
|
||||
|
|
@ -4,6 +4,7 @@ Description=Set up system configuration
|
|||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/sbin/set-sysconf
|
||||
ExecStart=/bin/systemctl --no-reload disable %n
|
||||
|
||||
[Install]
|
||||
RequiredBy=basic.target
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
# This file will be automatically evaluated and installed _only_ at
|
||||
# the first boot of this image.
|
||||
#
|
||||
# To force it to be evaluated later, you can run (as root):
|
||||
#
|
||||
# /usr/sbin/set-sysconf
|
||||
#
|
||||
# Comments (all portions of a line following a '#' character) are
|
||||
# ignored. This file is read line by line (ordering is ignored). Valid
|
||||
# configuration lines are of the form 'key=value'. Whitespace around
|
||||
# 'key' and 'value' is ignored.
|
||||
#
|
||||
# We follow the convention to indent with one space comments, and
|
||||
# leave no space to indicate the line is an example that could be
|
||||
# uncommented.
|
||||
|
||||
# root_pw - Set a password for the root user (by default, it allows
|
||||
# for a passwordless login)
|
||||
#rootpw=FooBar
|
||||
Loading…
Reference in New Issue