diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index 6d7fce1..924320d 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -38,7 +38,6 @@ COMMIT # SSH-Server -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # iperf3 --A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT -A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT {% if 'fastd' in group_names %} @@ -54,7 +53,6 @@ COMMIT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd / wg --A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP -A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP -A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT # wireguard_mesh @@ -86,8 +84,6 @@ COMMIT -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT -A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu --A FORWARD -d 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu --A FORWARD -s 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu COMMIT *nat diff --git a/roles/configure_static_routes/files/ffmyk-iproute.sh b/roles/configure_static_routes/files/ffmyk-iproute.sh index f5a69fa..831d30d 100755 --- a/roles/configure_static_routes/files/ffmyk-iproute.sh +++ b/roles/configure_static_routes/files/ffmyk-iproute.sh @@ -4,7 +4,6 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10 ip -6 rule add from all fwmark 0x1 table ffmyk priority 10 #Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk -ip -4 rule add to 10.30.0.0/18 table ffmyk priority 10 ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10 ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10 ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10 diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2 index d714158..1fac52e 100644 --- a/roles/install_babeld/templates/babeld.conf.j2 +++ b/roles/install_babeld/templates/babeld.conf.j2 @@ -38,7 +38,6 @@ reflect-kernel-metric true # Filtering rules. {% if 'uplink' in group_names %} -in ip 10.30.0.0/18 allow in ip 10.222.0.0/16 allow in ip 2a03:2260:1016::/48 allow in ip 2003:46:e028::/48 allow # finzelberg @@ -56,7 +55,6 @@ redistribute if {{ peer.name }} metric 128 {% endif %} # Only redistribute addresses from a given prefix, to avoid redistributing # all local addresses -redistribute ip 10.30.0.0/18 allow redistribute ip 10.222.0.0/16 allow redistribute ip 2a03:2260:1016::/48 allow redistribute ip 64:ff9b::/96 allow diff --git a/roles/install_bind/templates/named.conf.j2 b/roles/install_bind/templates/named.conf.j2 index 4704eee..da7043e 100644 --- a/roles/install_bind/templates/named.conf.j2 +++ b/roles/install_bind/templates/named.conf.j2 @@ -21,7 +21,7 @@ options { {% endfor %} }; - allow-recursion { 127.0.0.1; 10.222.0.0/16; 10.30.0.0/18; 2001:470:cd45:ff00::/56; 2a03:2260:1016::/48; fe80::/64; }; + allow-recursion { 127.0.0.1; 10.222.0.0/16; 2001:470:cd45:ff00::/56; 2a03:2260:1016::/48; fe80::/64; }; allow-transfer { none; }; version none;