mitch/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial

Browse Source
This commit is contained in:
wvr
2026-02-10 12:01:33 -06:00
commit e17ac425df
5 changed files with 95 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
proxmox/etc/kernel/cmdline Normal file
View File

@@ -0,0 +1 @@
root=ZFS=rpool/ROOT/pve-1 quiet intel_iommu=on boot=zfs

28
proxmox/etc/network/interfaces Normal file
View File

@@ -0,0 +1,28 @@
auto lo
iface lo inet loopback
# LAN
iface nic0 inet manual
# WAN
iface nic1 inet manual
# opnsense LAN
auto vmbr0
iface vmbr0 inet static
address 192.168.100.51/24
gateway 192.168.100.1
bridge-ports nic0
bridge-stp off
bridge-fd 0
bridge-mcsnoop 0
# opnsense WAN
auto vmbr1
iface vmbr1 inet dhcp
bridge-ports nic1
bridge-stp off
bridge-fd 0
bridge-mcsnoop 0
source /etc/network/interfaces.d/*

6
proxmox/etc/systemd/network/90-nic0.link Normal file
View File

@@ -0,0 +1,6 @@
[Match]
MACAddress=58:47:ca:72:ef:21
[Link]
Name=nic0

6
proxmox/etc/systemd/network/91-nic1.link Normal file
View File

@@ -0,0 +1,6 @@
[Match]
MACAddress=58:47:ca:72:ef:22
[Link]
Name=nic1

54
proxmox/scripts-old-wip/iptables-skeleton.sh Normal file
View File

@@ -0,0 +1,54 @@
#!/bin/sh
#
# mitchs iptables skeleton config
# -------------------------------------------
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
# variables
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUBNET=192.168.100
PIHOLE=$SUBNET.200
# =/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=
# flush
iptables -F
# deny all default
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
# dns to pihole
iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p tcp --dport 53 -m state --state NEW
iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p udp --dport 53 -m state --state NEW
# permit local ssh
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state NEW
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state NEW
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state ESTABLISHED
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state ESTABLISHED
# permit outgoing http,https,ftp as well for updates and things
iptables -A OUTPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -p tcp --dport 21 -m state --state NEW,ESTABLISHED
# permit loopback
iptables -A OUTPUT -j ACCEPT -o lo
# permit established
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# save
if command -v systemctl >/dev/null 2>&1 ; then
# redhat
if [ -f /etc/sysconfig/iptables ] ; then
iptables-save -f /etc/sysconfig/iptables
# arch
elif [ -f /etc/iptables/iptables.rules ] ; then
iptables-save -f /etc/iptables/iptables.rules
fi
# alpine
elif command -v rc-service >/dev/null 2>&1 ; then
/etc/init.d/iptables save
fi