 Timotej Lazar
|
6dcae194d7
|
firewall: accept VPN connections from inside also
People tend to leave WireGuard tunnels active and we don’t want things
to become unreachable when moving to one of the inside networks.
|
2024-04-08 15:03:29 +02:00 |
|
|
Timotej Lazar
|
1ffdea8e43
|
firewall: fix duplicate space in template
|
2024-04-05 12:00:55 +02:00 |
|
|
Timotej Lazar
|
7ef4023424
|
firewall: add known IP ranges in network ipset definitions
This data should only change in NetBox, so no point deploying it from
firewall master. Sometimes the first approach is the best approach.
|
2024-03-19 09:46:26 +01:00 |
|
|
Timotej Lazar
|
ce7c1bd49e
|
fabric: consolidate interface templates
Mostly to avoid special‐casing bond interfaces, and to support BGP
connections over virtual interfaces.
|
2024-02-27 13:35:29 +01:00 |
|
|
Timotej Lazar
|
65c16dbc63
|
Drop BGP update-delay option
Dropped from Cumulus manual and advised by seniors.
|
2024-02-27 13:35:29 +01:00 |
|
|
Timotej Lazar
|
91afaec9c2
|
firewall: allow connections from master with NATted IP
|
2024-02-06 09:19:49 +01:00 |
|
|
Timotej Lazar
|
f54b23f49a
|
firewall: disable forwarding for mgmt interfaces in if-pre-up
Should be more robust and more importantly works when interfaces are
not renamed by mdev as is the situation now.
|
2024-01-30 13:11:35 +01:00 |
|
|
Timotej Lazar
|
544aa0a088
|
firewall: create empty ipsets for known networks
So we don’t crash and burn before config is set up.
|
2024-01-30 12:37:14 +01:00 |
|
|
Timotej Lazar
|
aeb124e346
|
Add inside and outside roles for VLANs
Will probably rename inside/outside and office/server to int/ext.
|
2024-01-30 12:35:33 +01:00 |
|
|
Timotej Lazar
|
c2d0e88996
|
firewall: set IPv6 address for wireguard interface
And advertise it.
|
2023-12-18 12:55:50 +01:00 |
|
|
Timotej Lazar
|
158e8740b8
|
Initial commit, squashed
|
2023-12-18 12:55:47 +01:00 |
|