summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
authorNiklas Yann Wettengel <niyawe@niyawe.de>2021-09-16 23:09:03 +0200
committerNiklas Yann Wettengel <niyawe@niyawe.de>2021-09-16 23:09:03 +0200
commit0fdb16e7b0758a835faf8cefe9ff112889379cc9 (patch)
treee9d535f1dc547c50b3f8807f69ab94a227fccc0d /roles
parent1705b3ed49160ba8356a811a694c1a707847469f (diff)
rm ww net
Diffstat (limited to 'roles')
-rw-r--r--roles/configure_iptables/templates/iptables.rules4
-rwxr-xr-xroles/configure_static_routes/files/ffmyk-iproute.sh1
-rw-r--r--roles/install_babeld/templates/babeld.conf.j22
-rw-r--r--roles/install_bind/templates/named.conf.j22
4 files changed, 1 insertions, 8 deletions
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index 6d7fce1..924320d 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -38,7 +38,6 @@ COMMIT
# SSH-Server
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# iperf3
--A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT
-A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT
{% if 'fastd' in group_names %}
@@ -54,7 +53,6 @@ COMMIT
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
# fastd / wg
--A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP
-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP
-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
# wireguard_mesh
@@ -86,8 +84,6 @@ COMMIT
-A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
-A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
--A FORWARD -d 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
--A FORWARD -s 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
*nat
diff --git a/roles/configure_static_routes/files/ffmyk-iproute.sh b/roles/configure_static_routes/files/ffmyk-iproute.sh
index f5a69fa..831d30d 100755
--- a/roles/configure_static_routes/files/ffmyk-iproute.sh
+++ b/roles/configure_static_routes/files/ffmyk-iproute.sh
@@ -4,7 +4,6 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10
ip -6 rule add from all fwmark 0x1 table ffmyk priority 10
#Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
-ip -4 rule add to 10.30.0.0/18 table ffmyk priority 10
ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10
ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10
ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10
diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2
index d714158..1fac52e 100644
--- a/roles/install_babeld/templates/babeld.conf.j2
+++ b/roles/install_babeld/templates/babeld.conf.j2
@@ -38,7 +38,6 @@ reflect-kernel-metric true
# Filtering rules.
{% if 'uplink' in group_names %}
-in ip 10.30.0.0/18 allow
in ip 10.222.0.0/16 allow
in ip 2a03:2260:1016::/48 allow
in ip 2003:46:e028::/48 allow # finzelberg
@@ -56,7 +55,6 @@ redistribute if {{ peer.name }} metric 128
{% endif %}
# Only redistribute addresses from a given prefix, to avoid redistributing
# all local addresses
-redistribute ip 10.30.0.0/18 allow
redistribute ip 10.222.0.0/16 allow
redistribute ip 2a03:2260:1016::/48 allow
redistribute ip 64:ff9b::/96 allow
diff --git a/roles/install_bind/templates/named.conf.j2 b/roles/install_bind/templates/named.conf.j2
index 4704eee..da7043e 100644
--- a/roles/install_bind/templates/named.conf.j2
+++ b/roles/install_bind/templates/named.conf.j2
@@ -21,7 +21,7 @@ options {
{% endfor %}
};
- allow-recursion { 127.0.0.1; 10.222.0.0/16; 10.30.0.0/18; 2001:470:cd45:ff00::/56; 2a03:2260:1016::/48; fe80::/64; };
+ allow-recursion { 127.0.0.1; 10.222.0.0/16; 2001:470:cd45:ff00::/56; 2a03:2260:1016::/48; fe80::/64; };
allow-transfer { none; };
version none;