rm ww net

master
Niklas Yann Wettengel 3 years ago
parent 1705b3ed49
commit 0fdb16e7b0

@ -38,7 +38,6 @@ COMMIT
# SSH-Server # SSH-Server
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# iperf3 # iperf3
-A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT
-A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT -A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT
{% if 'fastd' in group_names %} {% if 'fastd' in group_names %}
@ -54,7 +53,6 @@ COMMIT
# ntp # ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT -A INPUT -p udp -m udp --dport 123 -j ACCEPT
# fastd / wg # fastd / wg
-A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP
-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP -A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP
-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT -A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
# wireguard_mesh # wireguard_mesh
@ -86,8 +84,6 @@ COMMIT
-A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
-A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -d 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -s 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT COMMIT
*nat *nat

@ -4,7 +4,6 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10
ip -6 rule add from all fwmark 0x1 table ffmyk priority 10 ip -6 rule add from all fwmark 0x1 table ffmyk priority 10
#Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk #Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
ip -4 rule add to 10.30.0.0/18 table ffmyk priority 10
ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10 ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10
ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10 ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10
ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10 ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10

@ -38,7 +38,6 @@ reflect-kernel-metric true
# Filtering rules. # Filtering rules.
{% if 'uplink' in group_names %} {% if 'uplink' in group_names %}
in ip 10.30.0.0/18 allow
in ip 10.222.0.0/16 allow in ip 10.222.0.0/16 allow
in ip 2a03:2260:1016::/48 allow in ip 2a03:2260:1016::/48 allow
in ip 2003:46:e028::/48 allow # finzelberg in ip 2003:46:e028::/48 allow # finzelberg
@ -56,7 +55,6 @@ redistribute if {{ peer.name }} metric 128
{% endif %} {% endif %}
# Only redistribute addresses from a given prefix, to avoid redistributing # Only redistribute addresses from a given prefix, to avoid redistributing
# all local addresses # all local addresses
redistribute ip 10.30.0.0/18 allow
redistribute ip 10.222.0.0/16 allow redistribute ip 10.222.0.0/16 allow
redistribute ip 2a03:2260:1016::/48 allow redistribute ip 2a03:2260:1016::/48 allow
redistribute ip 64:ff9b::/96 allow redistribute ip 64:ff9b::/96 allow

@ -21,7 +21,7 @@ options {
{% endfor %} {% endfor %}
}; };
allow-recursion { 127.0.0.1; 10.222.0.0/16; 10.30.0.0/18; 2001:470:cd45:ff00::/56; 2a03:2260:1016::/48; fe80::/64; }; allow-recursion { 127.0.0.1; 10.222.0.0/16; 2001:470:cd45:ff00::/56; 2a03:2260:1016::/48; fe80::/64; };
allow-transfer { none; }; allow-transfer { none; };
version none; version none;

Loading…
Cancel
Save