Commit graph

9 commits

Author SHA1 Message Date
Timotej Lazar 7fe1dac008 firewall: use slurp instead of generic command to get host key 2024-02-27 13:35:29 +01:00
Timotej Lazar 91afaec9c2 firewall: allow connections from master with NATted IP 2024-02-06 09:19:49 +01:00
Timotej Lazar f54b23f49a firewall: disable forwarding for mgmt interfaces in if-pre-up
Should be more robust and more importantly works when interfaces are
not renamed by mdev as is the situation now.
2024-01-30 13:11:35 +01:00
Timotej Lazar 25289dd82f firewall: fix interface renaming
The mdev rules for renaming interfaces at boot seem to not work with
latest Alpine. So rename with ifupdown instead.
2024-01-30 13:11:35 +01:00
Timotej Lazar 544aa0a088 firewall: create empty ipsets for known networks
So we don’t crash and burn before config is set up.
2024-01-30 12:37:14 +01:00
Timotej Lazar aeb124e346 Add inside and outside roles for VLANs
Will probably rename inside/outside and office/server to int/ext.
2024-01-30 12:35:33 +01:00
Timotej Lazar 0d24f9fdc7 firewall: log policy update messages to syslog 2023-12-18 12:55:50 +01:00
Timotej Lazar c2d0e88996 firewall: set IPv6 address for wireguard interface
And advertise it.
2023-12-18 12:55:50 +01:00
Timotej Lazar 158e8740b8 Initial commit, squashed 2023-12-18 12:55:47 +01:00