CREATIVE_tg1/github-copilot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e5dc08987dc06f0450011c8972ff2d10be34d87f
github-copilot/.github/skills/openwrt-network-hardening/SKILL.md
T
ВяткинАртём e5dc08987d feat: Add new agents and skills for Docker, TestLink, and OpenWrt 
- Introduced "Docker Build & Test Engineer" agent for building and testing Docker images.
- Added "TestLink Autotest Engineer" agent for generating and verifying autotests from TestLink cases.
- Created "Branch Review Engineer" agent for reviewing branch diffs and proposing improvements.
- Developed "OpenWrt VPN & Network Engineer" agent for designing and implementing OpenWrt networking with VPN.
- Established a structured directory for agents, skills, prompts, instructions, and hooks under `.github/`.
- Implemented detailed skills for branch review processes, including reading code, analyzing improvements, and applying changes.
- Added skills for OpenWrt network discovery, VPN routing, and hardening.
- Created README files for better documentation and navigation of the repository structure.
2026-04-08 09:47:18 +03:00

60 lines
1.3 KiB
Markdown
Raw Blame History

---
name: openwrt-network-hardening
description: "Harden and verify OpenWrt VPN deployment with fail-closed routing, DNS leak prevention, and operational checks for split tunneling/GeoIP/ASN rules. Use when: openwrt hardening, vpn leak prevention, kill switch openwrt, verify split tunnel, validate geoip/asn policy."
argument-hint: "Applied or planned OpenWrt VPN configuration"
---
# OpenWrt Network Hardening
Finalize reliability, security, and day-2 operations after VPN routing setup.
## Procedure
### Step 1 - Fail-Closed and Leak Controls
Define controls:
- kill-switch or fail-closed path for protected traffic
- DNS leak prevention between WAN and tunnel
- default-deny posture for sensitive tunnel-marked flows
### Step 2 - Service Robustness
Set:
- service dependency ordering
- restart policies
- health-check commands
- basic rollback strategy
### Step 3 - Monitoring and Troubleshooting
Provide checks for:
- tunnel up/down state
- route-policy correctness
- packet counters for expected rule hits
- endpoint reachability and latency
### Step 4 - Operational Runbook
Document:
- what to verify after reboot
- what to verify after package upgrades
- how to rotate endpoints or credentials safely
## Output Format
```md
## Hardening and Verification
### Controls Applied
- ...
### Health Checks
- ...
### Runbook
- ...
### Rollback
- ...
```
Reference in New Issue View Git Blame Copy Permalink