A ruby script to generate the boilerplate for a dual-stack VyOS zone based firewall.
Zones:
- PRIVATE: contains the LAN and WAN modem admin interface
- PUBLIC: The Internet - contains the PPPoE interface
When adding filesystems using json at initial creation, include: | |
"filesystems": [ | |
{ | |
"type": "lofs", | |
"source": "tank/Movies", | |
"target": "/Movies" | |
}, | |
{ | |
"type": "lofs", | |
"source": "tank/TV", |
#!/bin/bash | |
LC_ALL=en_US.UTF-8 | |
# configures/installs common CHIP features (including enabling disabled ones) | |
# run 'sudo chmod +x setup.sh && ./setup.sh' to run the installation | |
clear | |
res= | |
dtc= | |
rboot= | |
uname -a | |
cat << _EOF_ |
# Virtual Tunnel Interface | |
# 172.196.17.188 - 172.196.17.191 | |
set interfaces vti vti0 address 172.196.17.190/30 | |
set interfaces vti vti0 description 'Virtual tunnel interface for VPN tunnel' | |
# Phase 2 | |
set vpn ipsec esp-group ESP-Default compression 'disable' | |
set vpn ipsec esp-group ESP-Default lifetime '3600' | |
set vpn ipsec esp-group ESP-Default mode 'tunnel' | |
set vpn ipsec esp-group ESP-Default pfs 'dh-group16' |
FROM debian:squeeze | |
ENV DEBIAN_FRONTEND noninteractive | |
RUN apt-get update \ | |
&& apt-get install -y wget \ | |
&& wget -O - http://packages.vyos.net/vyos-pubkey.gpg | apt-key add - \ | |
&& echo "deb http://backports.debian.org/debian-backports squeeze-backports main" > /etc/apt/sources.list.d/bp.list \ | |
&& apt-get update \ | |
&& apt-get -t squeeze-backports install -y squashfs-tools \ |
This script will let you make backups of live VMs running on KVM, using libvirt.
The backup job will suspend the VM for the time it takes to copy the RAM to disk.
Credits: Luca Lazzeroni
I've made some minor adjustments.
This playbook has been removed as it is now very outdated. |