ffww

author: Niklas Yann Wettengel <niyawe@niyawe.de> 2019-09-28 23:11:46 +0200
committer: Niklas Yann Wettengel <niyawe@niyawe.de> 2019-09-28 23:11:46 +0200
commit: 58e999356d69f9bf76a389aa69cb8c7295ad75f9 (patch)
tree: cbd0050ec3217d05c0307020ad4de32febc1f56f
parent: 1738af3a5dd29c89e27e33a890389b5ac4b71843 (diff)
7 files changed, 24 insertions, 10 deletions
diff --git a/inventory.ini b/inventory.ini
index 5cb4f69..8a9f617 100644
--- a/inventory.ini
+++ b/inventory.ini
@@ -7,8 +7,9 @@
 ff-niyawe1
 ff-niyawe2
 ff-niyawe3
+ff-niyawe4
 ff-adlerweb1
-#ff-kraftimion1
+ff-kraftimion1
 ff-loppermann1
 fastd-aw2
 fastd-ko2
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index d194ae6..ab40344 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -49,8 +49,8 @@ COMMIT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd
--A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10021 -j DROP
--A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT
+-A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10023 -j DROP
+-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
 # respondd
 -A INPUT -i bat+ -p udp -m udp --dport 1001 -j ACCEPT
 # wireguard_mesh
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index 3f0c6a1..8e3e3c8 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -40,6 +40,7 @@ COMMIT
 # SSH-Server
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 # iperf3
+-A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT
 -A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT
 
 {% if 'fastd' in group_names %}
@@ -53,8 +54,9 @@ COMMIT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd
--A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10021 -j DROP
--A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT
+-A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP
+-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP
+-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
 {% endif %}
 # MOSH
 -A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
@@ -80,6 +82,8 @@ COMMIT
 -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
 -A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 -A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+-A FORWARD -d 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+-A FORWARD -s 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
 COMMIT
 *nat
diff --git a/roles/configure_static_routes/files/ffmyk-iproute.sh b/roles/configure_static_routes/files/ffmyk-iproute.sh
index 831d30d..f5a69fa 100755
--- a/roles/configure_static_routes/files/ffmyk-iproute.sh
+++ b/roles/configure_static_routes/files/ffmyk-iproute.sh
@@ -4,6 +4,7 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10
 ip -6 rule add from all fwmark 0x1 table ffmyk priority 10
 
 #Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
+ip -4 rule add to 10.30.0.0/18 table ffmyk priority 10
 ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10
 ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10
 ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10
diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2
index 3ef7e53..88ba346 100644
--- a/roles/install_babeld/templates/babeld.conf.j2
+++ b/roles/install_babeld/templates/babeld.conf.j2
@@ -41,6 +41,7 @@ reflect-kernel-metric true
 
 # Filtering rules.
 {% if 'uplink' in group_names %}
+in ip 10.30.0.0/18 allow
 in ip 10.222.0.0/16 allow
 in ip 2a03:2260:1016::/48 allow
 in ip 2003:46:e028::/48 allow # finzelberg
@@ -59,6 +60,7 @@ redistribute if {{ peer.name }} metric 128
 {% endif %}
 # Only redistribute addresses from a given prefix, to avoid redistributing
 # all local addresses
+redistribute ip 10.30.0.0/18 allow
 redistribute ip 10.222.0.0/16 allow
 redistribute ip 2a03:2260:1016::/48 allow
 redistribute ip 64:ff9b::/96 allow
diff --git a/roles/install_fastd/handlers/main.yml b/roles/install_fastd/handlers/main.yml
index 01cff4d..68b2174 100644
--- a/roles/install_fastd/handlers/main.yml
+++ b/roles/install_fastd/handlers/main.yml
@@ -33,3 +33,8 @@
   systemd:
       name: fastd@ffsim.service
       state: restarted
+
+- name: restart fastdww
+  systemd:
+      name: fastd@ffww.service
+      state: restarted
diff --git a/roles/install_mesh-announce/tasks/main.yml b/roles/install_mesh-announce/tasks/main.yml
index ea81a45..50c5175 100644
--- a/roles/install_mesh-announce/tasks/main.yml
+++ b/roles/install_mesh-announce/tasks/main.yml
@@ -1,16 +1,17 @@
 ---
-- name: clone mesh-announce repo
-  git:
-      repo: https://github.com/FreifunkMYK/mesh-announce.git
-      dest: /opt/mesh-announce
-
 - name: install mesh-announce dependencies
   pacman:
       name:
+          - git
           - lsb-release
           - ethtool
       state: present
 
+- name: clone mesh-announce repo
+  git:
+      repo: https://github.com/FreifunkMYK/mesh-announce.git
+      dest: /opt/mesh-announce
+
 - name: create respondd service
   template:
       src: respondd.service.j2
author	Niklas Yann Wettengel <niyawe@niyawe.de>	2019-09-28 23:11:46 +0200
committer	Niklas Yann Wettengel <niyawe@niyawe.de>	2019-09-28 23:11:46 +0200
commit	58e999356d69f9bf76a389aa69cb8c7295ad75f9 (patch)
tree	cbd0050ec3217d05c0307020ad4de32febc1f56f
parent	1738af3a5dd29c89e27e33a890389b5ac4b71843 (diff)