From f97420d43818388244988bb380dcc72c3b82a74d Mon Sep 17 00:00:00 2001 From: Ryan Kavanagh Date: Tue, 3 Jan 2023 12:17:53 -0500 Subject: new he tunnel --- etc/systemd/network/25-he-ipv6.netdev | 2 +- etc/systemd/network/25-he-ipv6.network | 6 +++--- etc/systemd/system/he-ipv6-update.service | 23 +++++++++++++++-------- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/etc/systemd/network/25-he-ipv6.netdev b/etc/systemd/network/25-he-ipv6.netdev index c2bf632..b2d2047 100644 --- a/etc/systemd/network/25-he-ipv6.netdev +++ b/etc/systemd/network/25-he-ipv6.netdev @@ -5,6 +5,6 @@ MTUBytes=1480 [Tunnel] Local=192.168.1.103 -Remote=216.66.22.2 +Remote=209.51.161.14 TTL=255 Independent=true diff --git a/etc/systemd/network/25-he-ipv6.network b/etc/systemd/network/25-he-ipv6.network index 6fb0356..6ce754f 100644 --- a/etc/systemd/network/25-he-ipv6.network +++ b/etc/systemd/network/25-he-ipv6.network @@ -2,8 +2,8 @@ Name=he-ipv6 [Network] -Gateway=2001:470:7:384::1 -Address=2001:470:7:384::103/64 -Address=2001:470:8:385::103/64 +Gateway=2001:470:1f06:1d3::1 +Address=2001:470:1f06:1d3::2/64 +Address=2001:470:89ac:3::1/64 DNS=2001:470:20::2 BindCarrier=wlp3s0 enp5s0 diff --git a/etc/systemd/system/he-ipv6-update.service b/etc/systemd/system/he-ipv6-update.service index 1f379de..e265b60 100644 --- a/etc/systemd/system/he-ipv6-update.service +++ b/etc/systemd/system/he-ipv6-update.service @@ -4,16 +4,23 @@ After=network-online.target [Service] Type=oneshot -ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=582358" -NoNewPrivileges=yes # Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +ExecStart=curl --silent "https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=801807" +# Prevent acquiring new privileges. Warning: breaks execution of SUID binaries +NoNewPrivileges=yes PermissionsStartOnly=true -PrivateDevices=yes # Prevent access to /dev -PrivateTmp=yes # Use dedicated /tmp +# Prevent access to /dev +PrivateDevices=yes +# Use dedicated /tmp +PrivateTmp=yes PrivateUsers=true -ProtectHome=yes # Hide user homes -ProtectKernelModules=yes # Prevent loading or reading kernel modules -ProtectKernelTunables=yes # Prevent altering kernel tunables -ProtectSystem=strict # strict or full, see docs +# Hide user homes +ProtectHome=yes +# Prevent loading or reading kernel modules +ProtectKernelModules=yes +# Prevent altering kernel tunables +ProtectKernelTunables=yes +# strict or full, see docs +ProtectSystem=strict [Install] WantedBy=network-online.target -- cgit v1.2.3