Merge "Modify the network to ensure their more restrictive"

2018-10-04 14:52:51 +00:00 · 2018-10-04 14:52:51 +00:00 · 873ae46e82
parent 2795982ba3 4f0837931b
commit 873ae46e82
1 changed files with 4 additions and 2 deletions
--- a/tasks/nspawn_networking.yml
+++ b/tasks/nspawn_networking.yml
@ -102,9 +102,11 @@
          {%-       set _ = start_commands.append('-/sbin/ip link set dev ' + mv_interface + ' up') %}
          {%        if hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] is defined and (value.address is undefined) %}
          {%          set net_cidr = hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] %}
-          {%          set _ = start_commands.append('-/sbin/ip route add ' + net_cidr + ' dev ' + (value.routed_interface | default(nspawn_primary_interface)) + ' metric 100 proto kernel scope link table local') %}
+          {%          set _ = start_commands.append('-/sbin/ip route add ' ~ net_cidr ~ ' dev ' ~ (value.routed_interface | default(nspawn_primary_interface)) ~ ' metric 100 proto kernel scope link table local') %}
          {%        elif (value.address is defined) and ((interface_data['ipv4'] | default({'address': none}))['address'] != value.address) and ((value.host_only | default(false)) | bool) %}
-          {%          set _ = start_commands.append('-/sbin/ip address add ' + value.address + '/' + (value.netmask | default('32')) + ' dev ' + mv_interface + ' scope host') %}
+          {%          set net_cidr = (value.address ~ '/' ~ (value.netmask | default('32'))) %}
+          {%          set _ = start_commands.append('-/sbin/ip address add ' ~ net_cidr ~ ' dev ' ~ mv_interface ~ ' scope host noprefixroute') %}
+          {%          set _ = start_commands.append('-/sbin/ip route add ' ~ net_cidr ~ '/' ~ (value.netmask | default('32')) ~ ' dev ' ~ mv_interface ~ ' metric 100 proto kernel scope link table local') %}
          {%-       endif %}
          {%-     endif %}
          {%-   endif %}