diff options
author | Ryan Kavanagh <rak@rak.ac> | 2023-01-03 12:17:53 -0500 |
---|---|---|
committer | Ryan Kavanagh <rak@rak.ac> | 2023-01-03 12:17:53 -0500 |
commit | f97420d43818388244988bb380dcc72c3b82a74d (patch) | |
tree | fed2c8cd14149e47dbd1ae586c3bb8062f22878c | |
parent | Savehooks (diff) |
new he tunnel
-rw-r--r-- | etc/systemd/network/25-he-ipv6.netdev | 2 | ||||
-rw-r--r-- | etc/systemd/network/25-he-ipv6.network | 6 | ||||
-rw-r--r-- | etc/systemd/system/he-ipv6-update.service | 23 |
3 files changed, 19 insertions, 12 deletions
diff --git a/etc/systemd/network/25-he-ipv6.netdev b/etc/systemd/network/25-he-ipv6.netdev index c2bf632..b2d2047 100644 --- a/etc/systemd/network/25-he-ipv6.netdev +++ b/etc/systemd/network/25-he-ipv6.netdev @@ -5,6 +5,6 @@ MTUBytes=1480 [Tunnel] Local=192.168.1.103 -Remote=216.66.22.2 +Remote=209.51.161.14 TTL=255 Independent=true diff --git a/etc/systemd/network/25-he-ipv6.network b/etc/systemd/network/25-he-ipv6.network index 6fb0356..6ce754f 100644 --- a/etc/systemd/network/25-he-ipv6.network +++ b/etc/systemd/network/25-he-ipv6.network @@ -2,8 +2,8 @@ Name=he-ipv6 [Network] -Gateway=2001:470:7:384::1 -Address=2001:470:7:384::103/64 -Address=2001:470:8:385::103/64 +Gateway=2001:470:1f06:1d3::1 +Address=2001:470:1f06:1d3::2/64 +Address=2001:470:89ac:3::1/64 DNS=2001:470:20::2 BindCarrier=wlp3s0 enp5s0 diff --git a/etc/systemd/system/he-ipv6-update.service b/etc/systemd/system/he-ipv6-update.service index 1f379de..e265b60 100644 --- a/etc/systemd/system/he-ipv6-update.service +++ b/etc/systemd/system/he-ipv6-update.service @@ -4,16 +4,23 @@ After=network-online.target [Service] Type=oneshot -ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=582358" -NoNewPrivileges=yes # Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=801807" +# Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +NoNewPrivileges=yes PermissionsStartOnly=true -PrivateDevices=yes # Prevent access to /dev -PrivateTmp=yes # Use dedicated /tmp +# Prevent access to /dev +PrivateDevices=yes +# Use dedicated /tmp +PrivateTmp=yes PrivateUsers=true -ProtectHome=yes # Hide user homes -ProtectKernelModules=yes # Prevent loading or reading kernel modules -ProtectKernelTunables=yes # Prevent altering kernel tunables -ProtectSystem=strict # strict or full, see docs +# Hide user homes +ProtectHome=yes +# Prevent loading or reading kernel modules +ProtectKernelModules=yes +# Prevent altering kernel tunables +ProtectKernelTunables=yes +# strict or full, see docs +ProtectSystem=strict [Install] WantedBy=network-online.target |