Maximilian Wilhelm
|
de87b5e0ef
nftables: Allow prometheus scraping
|
1 year ago |
Maximilian Wilhelm
|
d03d94daa2
nftables: Protect management networks
|
1 year ago |
Maximilian Wilhelm
|
b515b6a04b
nftables: Use iifname rather than iif.
|
2 years ago |
Maximilian Wilhelm
|
6f0f5b35ff
nftables: Disable uRPF for non-routers entirely.
|
3 years ago |
Maximilian Wilhelm
|
3407aa7492
nftables: Fix AF issue
|
3 years ago |
Maximilian Wilhelm
|
876ef52736
nftables: Allow OSPF only on interfaces which should form an adjacency
|
3 years ago |
Maximilian Wilhelm
|
97ed0e5bd8
nftables: Clean up
|
3 years ago |
Maximilian Wilhelm
|
efda5a5c04
nftables: Clean up generator code + template
|
3 years ago |
Maximilian Wilhelm
|
4acb9f1940
nftables: Allow mld-listener-reduction, too
|
3 years ago |
Maximilian Wilhelm
|
e1724dda70
nftables: Only generate VXLAN roles when required
|
3 years ago |
Maximilian Wilhelm
|
ea5aef8de8
nftables: Unify counters
|
3 years ago |
Maximilian Wilhelm
|
e2a4779460
nftables: Allow link-local IPv6 in uRPF check
|
3 years ago |
Maximilian Wilhelm
|
6e67dd76be
nftables: Allow IPv6 MLD
|
3 years ago |
Maximilian Wilhelm
|
e73f0b9e7f
nftables: Do proper uRPF checks in input chain, too.
|
3 years ago |
Maximilian Wilhelm
|
996e84a89c
nftables: Move uRPF checks into seperate chain
|
3 years ago |
Maximilian Wilhelm
|
a4dcdec312
nftables: Allow respondd requests to B.A.T.M.A.N. adv. gateways
|
3 years ago |
Maximilian Wilhelm
|
e7bf3f3bbc
nftables: Drop all broadcast packets before logging
|
3 years ago |
Maximilian Wilhelm
|
9f302065c1
nftables: Allow DHCP requests according to firewall policy
|
3 years ago |
Maximilian Wilhelm
|
c558c2fa6f
nftables: Allow VXLAN on interfaces requiring it.
|
3 years ago |
Maximilian Wilhelm
|
c17fadd54f
nftabes: Generate rules for uRPF
|
3 years ago |
Maximilian Wilhelm
|
ea33ab41c8
nftables: Ignore packets for UDP port 0
|
3 years ago |
Maximilian Wilhelm
|
585642a35f
nftables: First shot at NAT support
|
3 years ago |
Maximilian Wilhelm
|
a6db6d7f8f
nftables: First shot at generating forwarding rules.
|
3 years ago |
Maximilian Wilhelm
|
96c3bd6188
nftables: Allow Icinga2 querier IPs
|
3 years ago |
Maximilian Wilhelm
|
b90762e79c
nftables: Allow LibreNMS to query nodes
|
3 years ago |
Maximilian Wilhelm
|
c944aae535
nftables: Use sets for iBGP peer IPs
|
3 years ago |
Maximilian Wilhelm
|
843507256e
nftables: Allow OSPFv3 from link-local addresses, too.
|
3 years ago |
Maximilian Wilhelm
|
4a8c83671c
nftables: Ignore echo protocol queries - looking at you FireTV
|
3 years ago |
Maximilian Wilhelm
|
de1e261dc4
nftables: Default to empty service list if no services are configured
|
3 years ago |
Maximilian Wilhelm
|
b7dc318b30
Add 1st shot for nftables state
|
3 years ago |