diff options
| author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-01-26 15:55:51 +0100 |
|---|---|---|
| committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-01-26 15:55:51 +0100 |
| commit | acf495d4bae93af17ca5116a25fbe21323e116fe (patch) | |
| tree | 41ae84fe8999dab2f2ab7d8ca8d1d4dda1246d43 | |
| parent | e202073040d7722edb90494ffc094fbbf7d27354 (diff) | |
add unreachable rule for uplinks
| -rw-r--r-- | roles/install_wireguard_backbone/templates/up.sh.j2 | 7 | ||||
| -rw-r--r-- | roles/install_wireguard_backbone/templates/up2.sh.j2 | 7 |
2 files changed, 10 insertions, 4 deletions
diff --git a/roles/install_wireguard_backbone/templates/up.sh.j2 b/roles/install_wireguard_backbone/templates/up.sh.j2 index 5af1a81..22ff46b 100644 --- a/roles/install_wireguard_backbone/templates/up.sh.j2 +++ b/roles/install_wireguard_backbone/templates/up.sh.j2 @@ -4,5 +4,8 @@ wg setconf bb{{ hostvars[item]['wireguard_bb_name'] }} /etc/wireguard/wgbb{{ hos ip addr add {{ wireguard_bb_ipv6 }} dev bb{{ hostvars[item]['wireguard_bb_name'] }} ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ hostvars[item]['wireguard_bb_ipv4'] }}/32 dev bb{{ hostvars[item]['wireguard_bb_name'] }} ip link set up dev bb{{ hostvars[item]['wireguard_bb_name'] }} -ip -4 rule add iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 -ip -6 rule add iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 +ip -4 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 +ip -6 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 +ip -4 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} type unreachable priority 200 +ip -6 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} type unreachable priority 200 + diff --git a/roles/install_wireguard_backbone/templates/up2.sh.j2 b/roles/install_wireguard_backbone/templates/up2.sh.j2 index dae70a4..8b8d083 100644 --- a/roles/install_wireguard_backbone/templates/up2.sh.j2 +++ b/roles/install_wireguard_backbone/templates/up2.sh.j2 @@ -4,5 +4,8 @@ wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf ip addr add {{ wireguard_bb_ipv6 }} dev bb{{ item.name }} ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.ipv4 }}/32 dev bb{{ item.name }} ip link set up dev bb{{ item.name }} -ip -4 rule add iif bb{{ item.name }} table ffmyk priority 10 -ip -6 rule add iif bb{{ item.name }} table ffmyk priority 10 +ip -4 rule add from all iif bb{{ item.name }} table ffmyk priority 10 +ip -6 rule add from all iif bb{{ item.name }} table ffmyk priority 10 +ip -4 rule add from all iif bb{{ item.name }} type unreachable priority 200 +ip -6 rule add from all iif bb{{ item.name }} type unreachable priority 200 + |