|
|
|
@ -741,7 +741,9 @@ policy {
|
|
|
|
|
}
|
|
|
|
|
action permit
|
|
|
|
|
set {
|
|
|
|
|
ipv6-next-hop {{ salt['pillar.get']('protocols:static:blackhole:IPv6') }}
|
|
|
|
|
ipv6-next-hop {
|
|
|
|
|
global {{ salt['pillar.get']('protocols:static:blackhole:IPv6') }}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
@ -838,6 +840,9 @@ service {
|
|
|
|
|
}
|
|
|
|
|
ssh {
|
|
|
|
|
listen-address {{ pillar['service']['ssh']['listen-address'] }}
|
|
|
|
|
ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
|
|
|
|
key-exchange curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
|
|
|
|
|
mac hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -889,6 +894,21 @@ system {
|
|
|
|
|
{% endfor %}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
options {
|
|
|
|
|
ctrl-alt-del-action ignore
|
|
|
|
|
reboot-on-panic true
|
|
|
|
|
beep-if-fully-booted
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sysctl {
|
|
|
|
|
all net.ipv4.conf.all.rp_filter {
|
|
|
|
|
value 2
|
|
|
|
|
}
|
|
|
|
|
all net.ipv4.conf.default.rp_filter {
|
|
|
|
|
value 2
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
syslog {
|
|
|
|
|
global {
|
|
|
|
|
facility all {
|
|
|
|
|