diff options
author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2019-09-28 23:11:46 +0200 |
---|---|---|
committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2019-09-28 23:11:46 +0200 |
commit | 58e999356d69f9bf76a389aa69cb8c7295ad75f9 (patch) | |
tree | cbd0050ec3217d05c0307020ad4de32febc1f56f /roles | |
parent | 1738af3a5dd29c89e27e33a890389b5ac4b71843 (diff) |
ffww
Diffstat (limited to 'roles')
-rw-r--r-- | roles/configure_iptables/templates/ip6tables.rules | 4 | ||||
-rw-r--r-- | roles/configure_iptables/templates/iptables.rules | 8 | ||||
-rwxr-xr-x | roles/configure_static_routes/files/ffmyk-iproute.sh | 1 | ||||
-rw-r--r-- | roles/install_babeld/templates/babeld.conf.j2 | 2 | ||||
-rw-r--r-- | roles/install_fastd/handlers/main.yml | 5 | ||||
-rw-r--r-- | roles/install_mesh-announce/tasks/main.yml | 11 |
6 files changed, 22 insertions, 9 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index d194ae6..ab40344 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -49,8 +49,8 @@ COMMIT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd --A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10021 -j DROP --A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT +-A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10023 -j DROP +-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT # respondd -A INPUT -i bat+ -p udp -m udp --dport 1001 -j ACCEPT # wireguard_mesh diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index 3f0c6a1..8e3e3c8 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -40,6 +40,7 @@ COMMIT # SSH-Server -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # iperf3 +-A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT -A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT {% if 'fastd' in group_names %} @@ -53,8 +54,9 @@ COMMIT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd --A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10021 -j DROP --A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT +-A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP +-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP +-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT {% endif %} # MOSH -A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT @@ -80,6 +82,8 @@ COMMIT -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT -A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -d 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -s 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu COMMIT *nat diff --git a/roles/configure_static_routes/files/ffmyk-iproute.sh b/roles/configure_static_routes/files/ffmyk-iproute.sh index 831d30d..f5a69fa 100755 --- a/roles/configure_static_routes/files/ffmyk-iproute.sh +++ b/roles/configure_static_routes/files/ffmyk-iproute.sh @@ -4,6 +4,7 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10 ip -6 rule add from all fwmark 0x1 table ffmyk priority 10 #Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk +ip -4 rule add to 10.30.0.0/18 table ffmyk priority 10 ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10 ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10 ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10 diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2 index 3ef7e53..88ba346 100644 --- a/roles/install_babeld/templates/babeld.conf.j2 +++ b/roles/install_babeld/templates/babeld.conf.j2 @@ -41,6 +41,7 @@ reflect-kernel-metric true # Filtering rules. {% if 'uplink' in group_names %} +in ip 10.30.0.0/18 allow in ip 10.222.0.0/16 allow in ip 2a03:2260:1016::/48 allow in ip 2003:46:e028::/48 allow # finzelberg @@ -59,6 +60,7 @@ redistribute if {{ peer.name }} metric 128 {% endif %} # Only redistribute addresses from a given prefix, to avoid redistributing # all local addresses +redistribute ip 10.30.0.0/18 allow redistribute ip 10.222.0.0/16 allow redistribute ip 2a03:2260:1016::/48 allow redistribute ip 64:ff9b::/96 allow diff --git a/roles/install_fastd/handlers/main.yml b/roles/install_fastd/handlers/main.yml index 01cff4d..68b2174 100644 --- a/roles/install_fastd/handlers/main.yml +++ b/roles/install_fastd/handlers/main.yml @@ -33,3 +33,8 @@ systemd: name: fastd@ffsim.service state: restarted + +- name: restart fastdww + systemd: + name: fastd@ffww.service + state: restarted diff --git a/roles/install_mesh-announce/tasks/main.yml b/roles/install_mesh-announce/tasks/main.yml index ea81a45..50c5175 100644 --- a/roles/install_mesh-announce/tasks/main.yml +++ b/roles/install_mesh-announce/tasks/main.yml @@ -1,16 +1,17 @@ --- -- name: clone mesh-announce repo - git: - repo: https://github.com/FreifunkMYK/mesh-announce.git - dest: /opt/mesh-announce - - name: install mesh-announce dependencies pacman: name: + - git - lsb-release - ethtool state: present +- name: clone mesh-announce repo + git: + repo: https://github.com/FreifunkMYK/mesh-announce.git + dest: /opt/mesh-announce + - name: create respondd service template: src: respondd.service.j2 |