Doc/work_flow_tester
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

revisions of isolation-check
All checks were successful
Runner Isolation Check / isolation-test (push) Successful in 2m32s
Details

Browse Source
This commit is contained in:
Doc
2025-10-06 18:42:09 -04:00
parent 5389fa50b4
commit db7e5f769f
2 changed files with 37 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.gitea/workflows/isolate-the-network.sh
View File

@@ -49,15 +49,15 @@ done
# Dont bother allowing intra-subnet traffic for IPv6
# Deny IPv6 traffic to docker zone
RULE="rule family=\"ipv6\" source address=\"${ISOLATEDNETv6}\" drop"
$FWCMD $MKPERMANENT --zone=$DOCKERZONE --add-rich-rule="$RULE"
# Deny isolated ipv6 segment to LAN ipv6
for addr in $LAN6SUBNETS ; do
RULE="rule family=\"ipv4\" source address=\"${ISOLATEDPREFIX}${ISOLATEDSUFFIX}/${ISOLATEDSEGMENT}\" destination address=\"$addr\" drop"
$FWCMD $MKPERMANENT --zone=$HOMEZONE --add-rich-rule="$RULE"
done
# # Deny IPv6 traffic to docker zone
# RULE="rule family=\"ipv6\" source address=\"${ISOLATEDNETv6}\" drop"
# $FWCMD $MKPERMANENT --zone=$DOCKERZONE --add-rich-rule=\'$RULE\'
#
# # Deny isolated ipv6 segment to LAN ipv6
# for addr in $LAN6SUBNETS ; do
# RULE="rule family=\"ipv4\" source address=\"${ISOLATEDPREFIX}${ISOLATEDSUFFIX}/${ISOLATEDSEGMENT}\" destination address=\"$addr\" drop"
# $FWCMD $MKPERMANENT --zone=$HOMEZONE --add-rich-rule=\'$RULE\'
# done
# $FWCMD --reload