rc/friwall
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
65 commits 1 branch 0 tags 160 KiB
Commit graph

20 commits

Author SHA1 Message Date
Timotej Lazar d123db4e64 Consolidate NAT and VPN settings into IP sets 
I have tried every possible permutation and I think this is the one.

NetBox-managed IP prefixes are pushed with ansible to firewall master.
The managed prefixes are added to custom IP sets defined in the app,
but only NAT addresses and VPN groups can be configured for them.

This way all NAT and VPN policy is (again) configured in the app. Also
both NetBox-managed and user-defined networks are treated the same.

Also improve^Wtweak config generation. Also templates.
 2024-04-30 20:57:46 +02:00
Timotej Lazar ff2246df8c vpn: configure IPv6 addresses for WG clients 2023-12-08 17:12:37 +01:00
Timotej Lazar 32b182856d Set blueprint paths in main app 
Make blueprints more self-contained for no apparent reason.
 2023-12-04 09:46:37 +01:00
Timotej Lazar d704202e6e Parametrize wg.conf template 2023-09-15 14:24:22 +02:00
Timotej Lazar e5f86e72c2 Get OIDC end_session_endpoint from server metadata 2023-09-14 10:09:45 +02:00
Timotej Lazar 02059e5043 Copy OIDC settings to app.config on init 
So we avoid locking the settings file at runtime.
 2023-09-13 13:21:23 +02:00
Timotej Lazar 719bcf7c55 Improve LDAP lookup of user groups 2023-09-07 15:02:08 +02:00
Timotej Lazar 9dc0fbb4fe Switch to OIDC authentication 2023-09-07 11:46:57 +02:00
Timotej Lazar 5add39a8a7 Add form for editing ipsets 2023-07-24 16:43:57 +02:00
Timotej Lazar a5df435931 Consolidate error handling 
Do or do not; there is no try. With some exceptions.
 2023-07-12 14:19:18 +02:00
Timotej Lazar dd607dbddd Add a nicer response for TimeoutError 2023-07-07 10:15:02 +02:00
Timotej Lazar 6b72316076 Add node status page 2023-07-07 10:13:55 +02:00
Timotej Lazar 5262c64244 Add form for editing NAT addresses 2023-07-07 08:20:35 +02:00
Timotej Lazar 5e65755ec0 Add error reporting over email and improve logging 2023-07-03 16:01:14 +02:00
Timotej Lazar e84cb26dc7 Fix up Flask settings 
DEBUG is apparently strongly discouraged. Use --debug instead.
 2023-05-29 13:37:16 +02:00
Timotej Lazar 765d4a3ce7 Add support for managing forwarding rules 2023-05-29 12:24:21 +02:00
Timotej Lazar 22cec64bef Simplify database locking 
Use a single lock for everything to ensure we don’t go inconsistent.
One exception is the firewall nodes table which is only accessed when
pushing updated config.
 2023-05-19 09:30:28 +02:00
Timotej Lazar 3cf207047e Remove unimplemented DNAT settings 
For now.
 2023-01-26 16:28:32 +01:00
Timotej Lazar 0ded9d3823 Initialize settings 2023-01-26 16:11:32 +01:00
Timotej Lazar 113992f95b Make a squash 2023-01-26 10:51:51 +01:00