Don't throw away v6 route when IP forwarding

In environments where we relay on RAs for IPv6 (e.g Safespring) we need to forcely allow RAs even if IP forwarding is enabled by some service(s). E.g docker: 2dc4de00de/templates/dockerhost/systemd_dropin_nftables_ns.conf.erb (L46)
2023-03-15 13:08:24 +01:00 · 2023-03-15 13:08:24 +01:00 · 0f1c5ec93f
parent abe0d28854
commit 0f1c5ec93f
1 changed files with 23 additions and 0 deletions
--- a/iaas-setup.sh
+++ b/iaas-setup.sh
@ -75,6 +75,29 @@ if grep -q '^# en_US.UTF-8 UTF-8$' $locale_gen_file; then
    locale-gen
 fi

+if [ "$(lsb_release -is)" == "Debian" ]; then
+    interfaces_file='/etc/network/interfaces.d/50-cloud-init'
+
+    if [ -f "${interfaces_file}" ]; then
+        interface_string='iface ens3 inet6 dhcp'
+        accept_ra_string='    accept_ra 2'
+
+        if ! grep -qPz "${interface_string}\n${accept_ra_string}" ${interfaces_file} ; then
+
+            # By default net.ipv6.conf.ens3.accept_ra is set to 1 which
+            # makes the kernel throw a way the IPv6 route when
+            # net.ipv6.conf.all.forwarding is set to 1 by our service for
+            # Docker.
+             echo "Configuring interfaces to always accept Router Advertisements even with IP Forwarding enabled"
+            sed -i -r  "s/(${interface_string})/\1\n${accept_ra_string}/" ${interfaces_file}
+        else
+            echo "WARN: Configuration already applied or no match for \"${interface_string}\" in ${interfaces_file}"
+        fi
+    else
+        echo "WARN: ${interfaces_file} not found. File renamed in this image?"
+    fi
+fi
+
 DEBIAN_FRONTEND="noninteractive" apt-get -y update
 DEBIAN_FRONTEND="noninteractive" apt-get -o Dpkg::Options::="--force-confnew" --fix-broken --assume-yes dist-upgrade
 reboot