rm ww net

4 years ago · 0fdb16e7b0
parent 1705b3ed49
commit 0fdb16e7b0
4 changed files with 1 additions and 8 deletions
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@ -38,7 +38,6 @@ COMMIT
 # SSH-Server
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 # iperf3
 -A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT
 -A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT
 {% if 'fastd' in group_names %}
@ -54,7 +53,6 @@ COMMIT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd / wg
 -A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP
 -A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP
 -A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
 # wireguard_mesh
@ -86,8 +84,6 @@ COMMIT
 -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
 -A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 -A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 -A FORWARD -d 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 -A FORWARD -s 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 COMMIT
 *nat
--- a/roles/configure_static_routes/files/ffmyk-iproute.sh
+++ b/roles/configure_static_routes/files/ffmyk-iproute.sh
@ -4,7 +4,6 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10
 ip -6 rule add from all fwmark 0x1 table ffmyk priority 10
 #Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
 ip -4 rule add to 10.30.0.0/18 table ffmyk priority 10
 ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10
 ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10
 ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10
--- a/roles/install_babeld/templates/babeld.conf.j2
+++ b/roles/install_babeld/templates/babeld.conf.j2
@ -38,7 +38,6 @@ reflect-kernel-metric true
 # Filtering rules.
 {% if 'uplink' in group_names %}
 in ip 10.30.0.0/18 allow
 in ip 10.222.0.0/16 allow
 in ip 2a03:2260:1016::/48 allow
 in ip 2003:46:e028::/48 allow # finzelberg
@ -56,7 +55,6 @@ redistribute if {{ peer.name }} metric 128
 {% endif %}
 # Only redistribute addresses from a given prefix, to avoid redistributing
 # all local addresses
 redistribute ip 10.30.0.0/18 allow
 redistribute ip 10.222.0.0/16 allow
 redistribute ip 2a03:2260:1016::/48 allow
 redistribute ip 64:ff9b::/96 allow
--- a/roles/install_bind/templates/named.conf.j2
+++ b/roles/install_bind/templates/named.conf.j2
@ -21,7 +21,7 @@ options {
 {% endfor %}
    };
-    allow-recursion { 127.0.0.1; 10.222.0.0/16; 10.30.0.0/18; 2001:470:cd45:ff00::/56; 2a03:2260:1016::/48; fe80::/64; };
+    allow-recursion { 127.0.0.1; 10.222.0.0/16; 2001:470:cd45:ff00::/56; 2a03:2260:1016::/48; fe80::/64; };
    allow-transfer { none; };
    version none;