fickit: don't include routing things into frontend
This commit is contained in:
parent
f32e46c699
commit
56faf7b8db
|
@ -1,4 +1,3 @@
|
|||
net.ipv4.ip_forward = 1
|
||||
net.ipv6.conf.all.disable_ipv6 = 1
|
||||
|
||||
# Increase system file descriptor limit
|
||||
|
|
|
@ -53,7 +53,7 @@ onboot:
|
|||
# - name: eth3
|
||||
- name: frontal-ip-setup # with bonding
|
||||
image: linuxkit/ip:v0.6
|
||||
command: ["/bin/sh", "-c", "ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 172.23.42.254/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 1; ip link set internet up;" ]
|
||||
command: ["/bin/sh", "-c", "ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 1; ip link set internet up;" ]
|
||||
net: /run/netns/nginx
|
||||
runtime:
|
||||
interfaces:
|
||||
|
@ -467,15 +467,6 @@ files:
|
|||
mode: "0440"
|
||||
- path: etc/iptables/rules-frontal.v4
|
||||
contents: |
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
[0:0] -A PREROUTING -p tcp -m tcp -i br0 ! -d 172.23.42.254/32 --dport 53 -j DNAT --to-destination 172.23.42.254
|
||||
[0:0] -A PREROUTING -p udp -m udp -i br0 ! -d 172.23.42.254/32 --dport 53 -j DNAT --to-destination 172.23.42.254
|
||||
[0:0] -A POSTROUTING -o internet -j MASQUERADE
|
||||
COMMIT
|
||||
*filter
|
||||
:INPUT DROP [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
|
|
Loading…
Reference in New Issue
Block a user