merge

Merge branch 'master' into ipv6
base enable ipv6
2 changed files with 40 additions and 3 deletions
--- a/base.yml
+++ b/base.yml
@ -138,8 +138,10 @@ services:
      default:
      dns_net:
        ipv4_address: 10.2.1.3
        ipv6_address: "fd0c:6164:c111:ecee::3"
    dns:
      - 10.2.1.2
      - "fd0c:6164:c111:ecee::2"
    depends_on:
      - traefik
      - pihole
@ -161,8 +163,10 @@ services:
      default:
      dns_net:
        ipv4_address: 10.2.1.4
        ipv6_address: "fd0c:6164:c111:ecee::4"
    dns:
      - 10.2.1.2
      - "fd0c:6164:c111:ecee::2"
    depends_on:
      - traefik
      - pihole
@ -211,10 +215,11 @@ services:
      - "traefik.http.services.pihole-service.loadbalancer.server.port=80"
   environment:
     - ServerIP=10.2.0.3
-     - PIHOLE_DNS_=10.2.0.2#5054
+     - PIHOLE_DNS_=10.2.0.2#5054;fdce:7a9e:13ce:d817::2#5054
     - ServerIPv6=fdce:7a9e:13ce:d817::3
     #- DNS1='10.2.0.2#5054' # docs say port 5054, was 54; use network_mode: host to see which port is used
     #- DNS2=''
-     - IPv6='false'
+     - IPv6=true
     - DNSMASQ_LISTENING=all
   #  TZ: 'America/New York'
   # Volumes store your data between container upgrades
@ -227,8 +232,10 @@ services:
     default:
     pihole_net:
       ipv4_address: 10.2.0.3
       ipv6_address: "fdce:7a9e:13ce:d817::3"
     dns_net:
       ipv4_address: 10.2.1.2
       ipv6_address: "fd0c:6164:c111:ecee::2"
   restart: unless-stopped
  dnscrypt-proxy:
@ -242,17 +249,34 @@ services:
    networks:
      pihole_net:
        ipv4_address: 10.2.0.2
        ipv6_address: "fdce:7a9e:13ce:d817::2"
    restart: unless-stopped
 networks:
  default:
    driver: bridge
    driver_opts:
      com.docker.network.enable_ipv6: "true"
    ipam:
      config:
        - subnet: "fd39:4459:ffa9:a36f::/64"
  pihole_net:
    driver: bridge
    driver_opts:
      com.docker.network.enable_ipv6: "true"
    ipam:
      config:
        - subnet: 10.2.0.0/29
        - subnet: "fdce:7a9e:13ce:d817::/64"
  dns_net:
    driver: bridge
    driver_opts:
      com.docker.network.enable_ipv6: "true"
    ipam:
      config:
        - subnet: 10.2.1.0/24
        - subnet: "fd0c:6164:c111:ecee::/64"
--- a/scripts/subinstallers/iptables.sh
+++ b/scripts/subinstallers/iptables.sh
@ -50,8 +50,12 @@ sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 if [ ! -z "${SSH_CLIENT}" ]; then
    SSH_SRC=$(echo $SSH_CLIENT | awk '{print $1}')
    SSH_PRT=$(echo $SSH_CLIENT | awk '{print $3}')
    if [[ $SSH_SRC =~ .*:.* ]]; then
        sudo ip6tables -A INPUT -p tcp -s $SSH_SRC --dport $SSH_PRT -j ACCEPT
    else
        sudo iptables -A INPUT -p tcp -s $SSH_SRC --dport $SSH_PRT -j ACCEPT
    fi
 fi
 # docker rules
 sudo iptables -N MISTBORN_DOCKER_INPUT
@ -91,6 +95,15 @@ echo "Setting ip6tables rules"
 sudo ip6tables -P INPUT ACCEPT
 sudo ip6tables -I INPUT -i lo -j ACCEPT
 sudo ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 # Allow as per RFC 4890
 sudo ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 1   -j ACCEPT
 sudo ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 2   -j ACCEPT
 sudo ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 3   -j ACCEPT
 sudo ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 4   -j ACCEPT
 sudo ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 133 -j ACCEPT
 sudo ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 134 -j ACCEPT
 sudo ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 135 -j ACCEPT
 sudo ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 136 -j ACCEPT
 sudo ip6tables -A INPUT -j MISTBORN_LOG_DROP
 sudo ip6tables -P INPUT DROP
Author	SHA1	Message	Date
Steven Foerster	f5fe5960ad	merge	4 years ago
Steven Foerster	9510909183	Merge branch 'master' into ipv6	4 years ago
Steven Foerster	17403c09b5	base enable ipv6	4 years ago
Steven Foerster	0a4660dc25	Merge branch 'feyo-master-patch-68594' into 'ipv6' Add required IPv6 ICMP types to iptables See merge request cyber5k/mistborn!86	5 years ago
Steven Foerster	06fc099187	Merge branch 'feyo-master-patch-93045' into 'ipv6' Fix IPTables config over IPv6 SSH connections See merge request cyber5k/mistborn!85	5 years ago
Philipp	61b6ee2717	Add required IPv6 ICMP types to iptables	5 years ago
Philipp	b74964572e	Fix IPTables config over IPv6 SSH connections	5 years ago