dnsmasq: drop dhcp-proxy option

Instead add firewall rules to allow direct communication from client networks.
This commit is contained in:
Timotej Lazar 2024-11-09 20:06:58 +01:00
parent 46a9ff6fc0
commit 554bf1f711
3 changed files with 18 additions and 1 deletions

View file

@ -38,4 +38,10 @@
- 10-ranges.conf - 10-ranges.conf
notify: restart dnsmasq notify: restart dnsmasq
- name: Configure nftables
template:
dest: '/etc/nftables.d/dnsmasq.nft'
src: 'dnsmasq.nft.j2'
notify: reload nftables
# TODO netboot config # TODO netboot config

View file

@ -5,7 +5,6 @@ bind-interfaces
interface = {{ interfaces | map(attribute='name') | join(',') }} interface = {{ interfaces | map(attribute='name') | join(',') }}
dhcp-authoritative dhcp-authoritative
dhcp-proxy
dhcp-option = option:dns-server,{{ dns | join(',') }} dhcp-option = option:dns-server,{{ dns | join(',') }}
dhcp-option = option:ntp-server,{{ ntp | join(',') }} dhcp-option = option:ntp-server,{{ ntp | join(',') }}

View file

@ -0,0 +1,12 @@
table inet filter {
chain input {
# networks using this DHCP server
ip saddr {
{% for prefix in prefixes | selectattr('custom_fields.dhcp_server') | sort(attribute='vlan.name') %}
{% if prefix.custom_fields.dhcp_server.address | ipaddr('address') == primary_ip4 %}
{{ prefix.prefix }}, # {{ prefix.vlan.name }}
{% endif %}
{% endfor %}
} udp dport { 67 } ct state new accept
}
}