From 49b1e4d0279ca7fc1829a1cc1cdc0669e509a2a6 Mon Sep 17 00:00:00 2001
From: Lew <lew@redgrid.net>
Date: Fri, 3 Jan 2025 12:16:28 +1100
Subject: [PATCH] add cronie and reboot persist

---
 vpc-v2.cfndsl.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/vpc-v2.cfndsl.rb b/vpc-v2.cfndsl.rb
index 4f8bc2c..1505e85 100644
--- a/vpc-v2.cfndsl.rb
+++ b/vpc-v2.cfndsl.rb
@@ -449,14 +449,20 @@
         INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/2014-11-05/meta-data/instance-id -s)
         aws ec2 modify-network-interface-attribute --network-interface-id ${NetworkInterface#{az}} --no-source-dest-check --region ${AWS::Region}
         /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchTemplate#{az} --region ${AWS::Region}
-        dnf -y install iptables iptables-utils iptables-services amazon-ssm-agent
+        dnf -y install iptables iptables-utils iptables-services amazon-ssm-agent cronie
         systemctl enable amazon-ssm-agent
         systemctl start amazon-ssm-agent 
         sysctl -w net.ipv4.ip_forward=1
+        sysctl -w net.ipv4.conf.ens5.rp_filter=0
+        echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
+        echo net.ipv4.conf.ens5.rp_filter = 0 >> /etc/sysctl.conf
         iptables -t nat -A POSTROUTING -s ${CIDR} -o ens5 -j MASQUERADE
         iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
         iptables-save > /etc/sysconfig/iptables
+        echo "@reboot root aws ec2 modify-network-interface-attribute --network-interface-id ${NetworkInterface#{az}} --no-source-dest-check --region ${AWS::Region}" >> /etc/crontab
+        systemctl enable crond --now
         systemctl enable iptables --now
+          
       USERDATA
     else  
       nat_userdata = <<~USERDATA