Initial commit: homelab configuration and documentation

2025-11-29 19:03:14 +00:00
commit 0769ca6888
72 changed files with 7806 additions and 0 deletions
--- a/scripts/vlan_firewall.sh
+++ b/scripts/vlan_firewall.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# vlan_firewall.sh - Configure firewall rules for VLAN isolation
+# This script sets up basic firewall rules for TP-Link router or iptables-based systems
+
+set -euo pipefail
+
+echo "Configuring VLAN firewall rules..."
+
+# VLAN 10: Management (192.168.10.0/24)
+# VLAN 20: Services (192.168.20.0/24)
+# VLAN 1: Default LAN (192.168.1.0/24)
+
+# Allow management VLAN to access all networks
+sudo iptables -A FORWARD -s 192.168.10.0/24 -j ACCEPT
+
+# Allow services VLAN to access default LAN on specific ports only
+# Port 53 (DNS), 80 (HTTP), 443 (HTTPS), 9000 (Portainer), 8080 (Traefik)
+sudo iptables -A FORWARD -s 192.168.20.0/24 -d 192.168.1.0/24 -p tcp -m multiport --dports 53,80,443,9000,8080 -j ACCEPT
+sudo iptables -A FORWARD -s 192.168.20.0/24 -d 192.168.1.0/24 -p udp --dport 53 -j ACCEPT
+
+# Block all other traffic from services VLAN to default LAN
+sudo iptables -A FORWARD -s 192.168.20.0/24 -d 192.168.1.0/24 -j DROP
+
+# Allow default LAN to access services VLAN
+sudo iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.20.0/24 -j ACCEPT
+
+# Allow established connections
+sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+echo "Saving iptables rules..."
+sudo iptables-save | sudo tee /etc/iptables/rules.v4
+
+echo "VLAN firewall rules configured."
+echo "Note: For TP-Link router, configure ACLs via web UI using similar logic."