master
Niklas Yann Wettengel 5 years ago
parent 1738af3a5d
commit 58e999356d

@ -7,8 +7,9 @@
ff-niyawe1 ff-niyawe1
ff-niyawe2 ff-niyawe2
ff-niyawe3 ff-niyawe3
ff-niyawe4
ff-adlerweb1 ff-adlerweb1
#ff-kraftimion1 ff-kraftimion1
ff-loppermann1 ff-loppermann1
fastd-aw2 fastd-aw2
fastd-ko2 fastd-ko2

@ -49,8 +49,8 @@ COMMIT
# ntp # ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT -A INPUT -p udp -m udp --dport 123 -j ACCEPT
# fastd # fastd
-A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10021 -j DROP -A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10023 -j DROP
-A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT -A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
# respondd # respondd
-A INPUT -i bat+ -p udp -m udp --dport 1001 -j ACCEPT -A INPUT -i bat+ -p udp -m udp --dport 1001 -j ACCEPT
# wireguard_mesh # wireguard_mesh

@ -40,6 +40,7 @@ COMMIT
# SSH-Server # SSH-Server
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# iperf3 # iperf3
-A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT
-A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT -A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT
{% if 'fastd' in group_names %} {% if 'fastd' in group_names %}
@ -53,8 +54,9 @@ COMMIT
# ntp # ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT -A INPUT -p udp -m udp --dport 123 -j ACCEPT
# fastd # fastd
-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10021 -j DROP -A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP
-A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT -A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP
-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
{% endif %} {% endif %}
# MOSH # MOSH
-A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT -A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
@ -80,6 +82,8 @@ COMMIT
-A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
-A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -d 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -s 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT COMMIT
*nat *nat

@ -4,6 +4,7 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10
ip -6 rule add from all fwmark 0x1 table ffmyk priority 10 ip -6 rule add from all fwmark 0x1 table ffmyk priority 10
#Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk #Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
ip -4 rule add to 10.30.0.0/18 table ffmyk priority 10
ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10 ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10
ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10 ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10
ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10 ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10

@ -41,6 +41,7 @@ reflect-kernel-metric true
# Filtering rules. # Filtering rules.
{% if 'uplink' in group_names %} {% if 'uplink' in group_names %}
in ip 10.30.0.0/18 allow
in ip 10.222.0.0/16 allow in ip 10.222.0.0/16 allow
in ip 2a03:2260:1016::/48 allow in ip 2a03:2260:1016::/48 allow
in ip 2003:46:e028::/48 allow # finzelberg in ip 2003:46:e028::/48 allow # finzelberg
@ -59,6 +60,7 @@ redistribute if {{ peer.name }} metric 128
{% endif %} {% endif %}
# Only redistribute addresses from a given prefix, to avoid redistributing # Only redistribute addresses from a given prefix, to avoid redistributing
# all local addresses # all local addresses
redistribute ip 10.30.0.0/18 allow
redistribute ip 10.222.0.0/16 allow redistribute ip 10.222.0.0/16 allow
redistribute ip 2a03:2260:1016::/48 allow redistribute ip 2a03:2260:1016::/48 allow
redistribute ip 64:ff9b::/96 allow redistribute ip 64:ff9b::/96 allow

@ -33,3 +33,8 @@
systemd: systemd:
name: fastd@ffsim.service name: fastd@ffsim.service
state: restarted state: restarted
- name: restart fastdww
systemd:
name: fastd@ffww.service
state: restarted

@ -1,16 +1,17 @@
--- ---
- name: clone mesh-announce repo
git:
repo: https://github.com/FreifunkMYK/mesh-announce.git
dest: /opt/mesh-announce
- name: install mesh-announce dependencies - name: install mesh-announce dependencies
pacman: pacman:
name: name:
- git
- lsb-release - lsb-release
- ethtool - ethtool
state: present state: present
- name: clone mesh-announce repo
git:
repo: https://github.com/FreifunkMYK/mesh-announce.git
dest: /opt/mesh-announce
- name: create respondd service - name: create respondd service
template: template:
src: respondd.service.j2 src: respondd.service.j2

Loading…
Cancel
Save