rc/network
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
network/roles/firewall/templates
History
Timotej Lazar 6840838978 firewall: ensure wireguard egress traffic uses the anycast source IP 
Before we relied on the IP being first in the interfaces file, which
is less than optimal. Now we use nftables to ensure the correct source
IP is set only for the (fwmarked) wireguard traffic.

Also remove iface hints from interfaces configuration as they are not
needed with ifupdown-ng.
2025-07-18 18:35:36 +02:00
..
conntrackd.conf.j2 Initial commit, squashed 2023-12-18 12:55:47 +01:00
fabric.intf.j2 Initial commit, squashed 2023-12-18 12:55:47 +01:00
frr.conf.j2 firewall: don’t import or advertise subnets for inside networks 2025-03-26 12:32:54 +01:00
interfaces.j2 firewall: ensure wireguard egress traffic uses the anycast source IP 2025-07-18 18:35:36 +02:00
interfaces.nft.j2 Initial commit, squashed 2023-12-18 12:55:47 +01:00
mactab.j2 fabric: consolidate interface templates 2024-02-27 13:35:29 +01:00
mgmt.intf.j2 firewall: get mgmt gateway from custom field on prefix 2025-03-26 19:20:03 +01:00
networks.nft.j2 Query prefixes once for all hosts 2024-04-28 12:14:05 +02:00
nftables.nft.j2 firewall: ensure wireguard egress traffic uses the anycast source IP 2025-07-18 18:35:36 +02:00
sysctl.conf.j2 firewall: increase max connections 2025-04-16 22:24:01 +02:00
wg.intf.j2 firewall: ensure wireguard egress traffic uses the anycast source IP 2025-07-18 18:35:36 +02:00