From acf495d4bae93af17ca5116a25fbe21323e116fe Mon Sep 17 00:00:00 2001 From: Niklas Yann Wettengel Date: Fri, 26 Jan 2018 15:55:51 +0100 Subject: add unreachable rule for uplinks --- roles/install_wireguard_backbone/templates/up.sh.j2 | 7 +++++-- roles/install_wireguard_backbone/templates/up2.sh.j2 | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'roles') diff --git a/roles/install_wireguard_backbone/templates/up.sh.j2 b/roles/install_wireguard_backbone/templates/up.sh.j2 index 5af1a81..22ff46b 100644 --- a/roles/install_wireguard_backbone/templates/up.sh.j2 +++ b/roles/install_wireguard_backbone/templates/up.sh.j2 @@ -4,5 +4,8 @@ wg setconf bb{{ hostvars[item]['wireguard_bb_name'] }} /etc/wireguard/wgbb{{ hos ip addr add {{ wireguard_bb_ipv6 }} dev bb{{ hostvars[item]['wireguard_bb_name'] }} ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ hostvars[item]['wireguard_bb_ipv4'] }}/32 dev bb{{ hostvars[item]['wireguard_bb_name'] }} ip link set up dev bb{{ hostvars[item]['wireguard_bb_name'] }} -ip -4 rule add iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 -ip -6 rule add iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 +ip -4 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 +ip -6 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 +ip -4 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} type unreachable priority 200 +ip -6 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} type unreachable priority 200 + diff --git a/roles/install_wireguard_backbone/templates/up2.sh.j2 b/roles/install_wireguard_backbone/templates/up2.sh.j2 index dae70a4..8b8d083 100644 --- a/roles/install_wireguard_backbone/templates/up2.sh.j2 +++ b/roles/install_wireguard_backbone/templates/up2.sh.j2 @@ -4,5 +4,8 @@ wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf ip addr add {{ wireguard_bb_ipv6 }} dev bb{{ item.name }} ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.ipv4 }}/32 dev bb{{ item.name }} ip link set up dev bb{{ item.name }} -ip -4 rule add iif bb{{ item.name }} table ffmyk priority 10 -ip -6 rule add iif bb{{ item.name }} table ffmyk priority 10 +ip -4 rule add from all iif bb{{ item.name }} table ffmyk priority 10 +ip -6 rule add from all iif bb{{ item.name }} table ffmyk priority 10 +ip -4 rule add from all iif bb{{ item.name }} type unreachable priority 200 +ip -6 rule add from all iif bb{{ item.name }} type unreachable priority 200 + -- cgit v1.2.3-54-g00ecf