Timotej Lazar
|
ce7c1bd49e
|
fabric: consolidate interface templates
Mostly to avoid special‐casing bond interfaces, and to support BGP
connections over virtual interfaces.
|
2024-02-27 13:35:29 +01:00 |
|
Timotej Lazar
|
65c16dbc63
|
Drop BGP update-delay option
Dropped from Cumulus manual and advised by seniors.
|
2024-02-27 13:35:29 +01:00 |
|
Timotej Lazar
|
7fe1dac008
|
firewall: use slurp instead of generic command to get host key
|
2024-02-27 13:35:29 +01:00 |
|
Timotej Lazar
|
91afaec9c2
|
firewall: allow connections from master with NATted IP
|
2024-02-06 09:19:49 +01:00 |
|
Timotej Lazar
|
f54b23f49a
|
firewall: disable forwarding for mgmt interfaces in if-pre-up
Should be more robust and more importantly works when interfaces are
not renamed by mdev as is the situation now.
|
2024-01-30 13:11:35 +01:00 |
|
Timotej Lazar
|
25289dd82f
|
firewall: fix interface renaming
The mdev rules for renaming interfaces at boot seem to not work with
latest Alpine. So rename with ifupdown instead.
|
2024-01-30 13:11:35 +01:00 |
|
Timotej Lazar
|
544aa0a088
|
firewall: create empty ipsets for known networks
So we don’t crash and burn before config is set up.
|
2024-01-30 12:37:14 +01:00 |
|
Timotej Lazar
|
aeb124e346
|
Add inside and outside roles for VLANs
Will probably rename inside/outside and office/server to int/ext.
|
2024-01-30 12:35:33 +01:00 |
|
Timotej Lazar
|
0d24f9fdc7
|
firewall: log policy update messages to syslog
|
2023-12-18 12:55:50 +01:00 |
|
Timotej Lazar
|
c2d0e88996
|
firewall: set IPv6 address for wireguard interface
And advertise it.
|
2023-12-18 12:55:50 +01:00 |
|
Timotej Lazar
|
158e8740b8
|
Initial commit, squashed
|
2023-12-18 12:55:47 +01:00 |
|