fickit: add DNS server
This commit is contained in:
parent
5516dfc3f5
commit
5e9e45da03
|
@ -197,16 +197,11 @@ services:
|
||||||
pid: new
|
pid: new
|
||||||
ipc: new
|
ipc: new
|
||||||
uts: new
|
uts: new
|
||||||
# - name: dns-server
|
- name: dns-server
|
||||||
# image: sapcc/unbound
|
image: nemunaire/unbound
|
||||||
# binds:
|
binds:
|
||||||
# - /etc/unbound/unbound.conf:/etc/unbound/unbound.conf:ro
|
- /etc/unbound/unbound.d:/etc/unbound/unbound.d:ro
|
||||||
# capabilities:
|
net: /run/netns/nginx
|
||||||
# - CAP_NET_BIND_SERVICE
|
|
||||||
# net: /run/netns/nginx
|
|
||||||
# pid: new
|
|
||||||
# ipc: new
|
|
||||||
# uts: new
|
|
||||||
|
|
||||||
|
|
||||||
files:
|
files:
|
||||||
|
@ -410,6 +405,16 @@ files:
|
||||||
# wait for ipv4 address
|
# wait for ipv4 address
|
||||||
waitip 4
|
waitip 4
|
||||||
mode: "0440"
|
mode: "0440"
|
||||||
|
- path: etc/unbound/unbound.d/access-control.conf
|
||||||
|
contents: |
|
||||||
|
access-control: 172.23.0.0/16 allow
|
||||||
|
mode: "0440"
|
||||||
|
- path: etc/unbound/unbound.d/local-zone.conf
|
||||||
|
contents: |
|
||||||
|
local-zone: "srs.epita.fr" typetransparent
|
||||||
|
local-data: "fic.srs.epita.fr A 172.23.42.1"
|
||||||
|
local-data-ptr: "172.23.42.1 fic.srs.epita.fr"
|
||||||
|
mode: "0440"
|
||||||
- path: etc/iptables/rules.v6
|
- path: etc/iptables/rules.v6
|
||||||
contents: |
|
contents: |
|
||||||
*filter
|
*filter
|
||||||
|
@ -456,7 +461,9 @@ files:
|
||||||
[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
|
[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
[0:0] -A INPUT -p icmp --icmp-type 8 -j ACCEPT
|
[0:0] -A INPUT -p icmp --icmp-type 8 -j ACCEPT
|
||||||
[0:0] -A INPUT -p icmp --icmp-type 0 -j ACCEPT
|
[0:0] -A INPUT -p icmp --icmp-type 0 -j ACCEPT
|
||||||
|
[0:0] -A INPUT -i bond-frontal -p udp -m udp --dport domain -j ACCEPT
|
||||||
[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
[0:0] -A INPUT -i bond-frontal -p tcp -m conntrack --ctstate NEW -m tcp --dport domain -j ACCEPT
|
||||||
[0:0] -A INPUT -i bond-frontal -p tcp -m conntrack --ctstate NEW -m tcp --dport http -j ACCEPT
|
[0:0] -A INPUT -i bond-frontal -p tcp -m conntrack --ctstate NEW -m tcp --dport http -j ACCEPT
|
||||||
[0:0] -A INPUT -i bond-frontal -p tcp -m conntrack --ctstate NEW -m tcp --dport https -j ACCEPT
|
[0:0] -A INPUT -i bond-frontal -p tcp -m conntrack --ctstate NEW -m tcp --dport https -j ACCEPT
|
||||||
[0:0] -A INPUT -j LOG
|
[0:0] -A INPUT -j LOG
|
||||||
|
@ -464,6 +471,7 @@ files:
|
||||||
[0:0] -A OUTPUT -o lo -j ACCEPT
|
[0:0] -A OUTPUT -o lo -j ACCEPT
|
||||||
[0:0] -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT
|
[0:0] -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT
|
||||||
[0:0] -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
|
[0:0] -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
|
||||||
|
[0:0] -A OUTPUT -o bond-frontal -p udp -m udp --sport domain -j ACCEPT
|
||||||
[0:0] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
[0:0] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
[0:0] -A OUTPUT -o vethin-nginx -d 172.17.1.3 -p tcp -m conntrack --ctstate NEW -m tcp --dport 8080 -j ACCEPT
|
[0:0] -A OUTPUT -o vethin-nginx -d 172.17.1.3 -p tcp -m conntrack --ctstate NEW -m tcp --dport 8080 -j ACCEPT
|
||||||
[0:0] -A OUTPUT -o internet -j ACCEPT
|
[0:0] -A OUTPUT -o internet -j ACCEPT
|
||||||
|
|
Loading…
Reference in New Issue
Block a user