From 3cfbc61f4ece1a7b7ee1f38990eba347575699d4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 10 Feb 2021 11:15:39 -0500 Subject: [PATCH 1/3] only save at the end --- salt/firewall/init.sls | 6 ------ 1 file changed, 6 deletions(-) diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index 687774a58..6b3a43a6e 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -34,7 +34,6 @@ iptables_allow_established: - jump: ACCEPT - match: conntrack - ctstate: 'RELATED,ESTABLISHED' - - save: True # I like pings iptables_allow_pings: @@ -43,7 +42,6 @@ iptables_allow_pings: - chain: INPUT - jump: ACCEPT - proto: icmp - - save: True # Create the chain for logging iptables_LOGGING_chain: @@ -68,7 +66,6 @@ iptables_log_input_drops: - table: filter - chain: INPUT - jump: LOGGING - - save: True # Enable global DOCKER-USER block rule enable_docker_user_fw_policy: @@ -79,7 +76,6 @@ enable_docker_user_fw_policy: - in-interface: '!docker0' - out-interface: docker0 - position: 1 - - save: True enable_docker_user_established: iptables.insert: @@ -89,7 +85,6 @@ enable_docker_user_established: - in-interface: '!docker0' - out-interface: docker0 - position: 1 - - save: True - match: conntrack - ctstate: 'RELATED,ESTABLISHED' @@ -115,7 +110,6 @@ enable_docker_user_established: {% if action == 'insert' %} - position: 1 {% endif %} - - save: True {% endfor %} {% endfor %} From 9eb1e6a44872d74dcdd8eb0ccc3937e7507861c9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 10 Feb 2021 12:51:26 -0500 Subject: [PATCH 2/3] Prevent the tun interface from being disabled --- setup/install_scripts/99-so-checksum-offload-disable | 4 ++-- setup/so-functions | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/install_scripts/99-so-checksum-offload-disable b/setup/install_scripts/99-so-checksum-offload-disable index 917c0f72b..e12049301 100755 --- a/setup/install_scripts/99-so-checksum-offload-disable +++ b/setup/install_scripts/99-so-checksum-offload-disable @@ -1,8 +1,8 @@ #!/bin/bash -if [[ "$DEVICE_IFACE" != "$MNIC" && "$DEVICE_IFACE" != *"docker"* ]]; then +if [[ "$DEVICE_IFACE" != "$MNIC" && "$DEVICE_IFACE" != *"docker"* && "$DEVICE_IFACE" != *"tun"* && "DEVICE_IFACE" != *"wg"* ]]; then for i in rx tx sg tso ufo gso gro lro; do ethtool -K "$DEVICE_IFACE" "$i" off; done ip link set dev "$DEVICE_IFACE" arp off multicast off allmulticast off promisc on -fi \ No newline at end of file +fi diff --git a/setup/so-functions b/setup/so-functions index e7112163e..368d5632e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1184,7 +1184,7 @@ es_heapsize() { # Determine ES Heap Size if [ "$total_mem" -lt 8000 ] ; then ES_HEAP_SIZE="600m" - elif [ "$total_mem" -ge 100000 ]; then + elif [ "$total_mem" -ge 100000 ]; then1 # Set a max of 25GB for heap size # https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html ES_HEAP_SIZE="25000m" @@ -1213,7 +1213,7 @@ filter_unused_nics() { fi # Finally, set filtered_nics to any NICs we aren't using (and ignore interfaces that aren't of use) - filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g') + filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|tun|wg|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g') readarray -t filtered_nics <<< "$filtered_nics" nic_list=() From f8903c25541a42fe9ce0155bb895ea7ff86ef745 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 10 Feb 2021 12:58:02 -0500 Subject: [PATCH 3/3] Fix extra character --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 368d5632e..0843c1d1a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1184,7 +1184,7 @@ es_heapsize() { # Determine ES Heap Size if [ "$total_mem" -lt 8000 ] ; then ES_HEAP_SIZE="600m" - elif [ "$total_mem" -ge 100000 ]; then1 + elif [ "$total_mem" -ge 100000 ]; then # Set a max of 25GB for heap size # https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html ES_HEAP_SIZE="25000m"