|
|
6dcae194d7
|
firewall: accept VPN connections from inside also
People tend to leave WireGuard tunnels active and we don’t want things
to become unreachable when moving to one of the inside networks.
|
2024-04-08 15:03:29 +02:00 |
|
|
|
1ffdea8e43
|
firewall: fix duplicate space in template
|
2024-04-05 12:00:55 +02:00 |
|
|
|
7ef4023424
|
firewall: add known IP ranges in network ipset definitions
This data should only change in NetBox, so no point deploying it from
firewall master. Sometimes the first approach is the best approach.
|
2024-03-19 09:46:26 +01:00 |
|
|
|
ce7c1bd49e
|
fabric: consolidate interface templates
Mostly to avoid special‐casing bond interfaces, and to support BGP
connections over virtual interfaces.
|
2024-02-27 13:35:29 +01:00 |
|
|
|
65c16dbc63
|
Drop BGP update-delay option
Dropped from Cumulus manual and advised by seniors.
|
2024-02-27 13:35:29 +01:00 |
|
|
|
7fe1dac008
|
firewall: use slurp instead of generic command to get host key
|
2024-02-27 13:35:29 +01:00 |
|
|
|
91afaec9c2
|
firewall: allow connections from master with NATted IP
|
2024-02-06 09:19:49 +01:00 |
|
|
|
f54b23f49a
|
firewall: disable forwarding for mgmt interfaces in if-pre-up
Should be more robust and more importantly works when interfaces are
not renamed by mdev as is the situation now.
|
2024-01-30 13:11:35 +01:00 |
|
|
|
25289dd82f
|
firewall: fix interface renaming
The mdev rules for renaming interfaces at boot seem to not work with
latest Alpine. So rename with ifupdown instead.
|
2024-01-30 13:11:35 +01:00 |
|
|
|
544aa0a088
|
firewall: create empty ipsets for known networks
So we don’t crash and burn before config is set up.
|
2024-01-30 12:37:14 +01:00 |
|
|
|
aeb124e346
|
Add inside and outside roles for VLANs
Will probably rename inside/outside and office/server to int/ext.
|
2024-01-30 12:35:33 +01:00 |
|
|
|
0d24f9fdc7
|
firewall: log policy update messages to syslog
|
2023-12-18 12:55:50 +01:00 |
|
|
|
c2d0e88996
|
firewall: set IPv6 address for wireguard interface
And advertise it.
|
2023-12-18 12:55:50 +01:00 |
|
|
|
158e8740b8
|
Initial commit, squashed
|
2023-12-18 12:55:47 +01:00 |
|
