ffww

inventory.ini

@@ -7,8 +7,9 @@
 ff-niyawe1
 ff-niyawe2
 ff-niyawe3
+ff-niyawe4
 ff-adlerweb1
-#ff-kraftimion1
+ff-kraftimion1
 ff-loppermann1
 fastd-aw2
 fastd-ko2

roles/configure_iptables/templates/ip6tables.rules

@@ -49,8 +49,8 @@ COMMIT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd
--A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10021 -j DROP
--A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT
+-A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10023 -j DROP
+-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
 # respondd
 -A INPUT -i bat+ -p udp -m udp --dport 1001 -j ACCEPT
 # wireguard_mesh

roles/configure_iptables/templates/iptables.rules

@@ -40,6 +40,7 @@ COMMIT
 # SSH-Server
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 # iperf3
+-A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT
 -A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT
 
 {% if 'fastd' in group_names %}
@@ -53,8 +54,9 @@ COMMIT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd
--A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10021 -j DROP
--A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT
+-A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP
+-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP
+-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
 {% endif %}
 # MOSH
 -A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
@@ -80,6 +82,8 @@ COMMIT
 -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
 -A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 -A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+-A FORWARD -d 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+-A FORWARD -s 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
 COMMIT
 *nat

roles/configure_static_routes/files/ffmyk-iproute.sh

@@ -4,6 +4,7 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10
 ip -6 rule add from all fwmark 0x1 table ffmyk priority 10
 
 #Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
+ip -4 rule add to 10.30.0.0/18 table ffmyk priority 10
 ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10
 ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10
 ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10

roles/install_babeld/templates/babeld.conf.j2

@@ -41,6 +41,7 @@ reflect-kernel-metric true
 
 # Filtering rules.
 {% if 'uplink' in group_names %}
+in ip 10.30.0.0/18 allow
 in ip 10.222.0.0/16 allow
 in ip 2a03:2260:1016::/48 allow
 in ip 2003:46:e028::/48 allow # finzelberg
@@ -59,6 +60,7 @@ redistribute if {{ peer.name }} metric 128
 {% endif %}
 # Only redistribute addresses from a given prefix, to avoid redistributing
 # all local addresses
+redistribute ip 10.30.0.0/18 allow
 redistribute ip 10.222.0.0/16 allow
 redistribute ip 2a03:2260:1016::/48 allow
 redistribute ip 64:ff9b::/96 allow

roles/install_fastd/handlers/main.yml

@@ -33,3 +33,8 @@
   systemd:
       name: fastd@ffsim.service
       state: restarted
+
+- name: restart fastdww
+  systemd:
+      name: fastd@ffww.service
+      state: restarted

roles/install_mesh-announce/tasks/main.yml

@@ -1,16 +1,17 @@
 ---
-- name: clone mesh-announce repo
-  git:
-      repo: https://github.com/FreifunkMYK/mesh-announce.git
-      dest: /opt/mesh-announce
-
 - name: install mesh-announce dependencies
   pacman:
       name:
+          - git
           - lsb-release
           - ethtool
       state: present
 
+- name: clone mesh-announce repo
+  git:
+      repo: https://github.com/FreifunkMYK/mesh-announce.git
+      dest: /opt/mesh-announce
+
 - name: create respondd service
   template:
       src: respondd.service.j2