From cb3dc22df728272ad05de3684eb8dc672654a05e Mon Sep 17 00:00:00 2001
From: heqnx <root@heqnx.com>
Date: Fri, 27 Jun 2025 14:36:04 +0300
Subject: added conditional dnsmasq setup for vmbr1 and ufw filter rules; fixed
 a couple of issues by removing /etc/pve/priv, no need for modifying it

---
 templates/vmbr1.conf.j2 | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 templates/vmbr1.conf.j2

(limited to 'templates')

diff --git a/templates/vmbr1.conf.j2 b/templates/vmbr1.conf.j2
new file mode 100644
index 0000000..7e00a2d
--- /dev/null
+++ b/templates/vmbr1.conf.j2
@@ -0,0 +1,29 @@
+# Serve DHCP only on vmbr1
+interface=vmbr1
+bind-interfaces
+
+# Disable DNS functionality entirely
+port=0
+
+# DHCP range with 12h lease time
+dhcp-range={{ nat_subnet_prefix }}.100,{{ nat_subnet_prefix }}.200,12h
+
+# Gateway and external DNS for clients
+dhcp-option=3,{{ nat_subnet_prefix }}.1     # Gateway
+dhcp-option=6,1.1.1.1,1.0.0.1               # DNS servers
+
+# Block dnsmasq from loading unrelated configs
+no-hosts
+no-resolv
+
+# Disable ping checks and extra interfaces
+no-ping
+no-dhcp-interface=
+
+# Drop privileges
+user=dnsmasq
+group=dnsmasq
+
+# Logging
+log-queries
+log-dhcp
-- 
cgit v1.2.3