 Maximilian Wilhelm
|
56639cfd8e
nftables: Generate set of iBGP peers
|
1 year ago |
|
Maximilian Wilhelm
|
8416ee42b4
nftables: Check for system role too when calculating monitoring config
|
1 year ago |
|
Maximilian Wilhelm
|
5998da7d83
nftables: Allow specifying node role specific monitoring services
|
1 year ago |
|
Maximilian Wilhelm
|
07349ed721
nftables: Derive/compute monitoring access rules from node information
|
1 year ago |
|
Maximilian Wilhelm
|
8f98e910df
netfilter: VIFs can exist on top of bridges, too.
|
1 year ago |
|
Maximilian Wilhelm
|
58bd7a6443
Netfilter: No uRPF on interface with a default gateway
|
1 year ago |
|
Maximilian Wilhelm
|
b61e0f8b37
nftables: Reflect recent OSPF SDN change
|
1 year ago |
|
Maximilian Wilhelm
|
d03d94daa2
nftables: Protect management networks
|
1 year ago |
|
Maximilian Wilhelm
|
0cb59e8bfa
nftables: Refine check if Wireguard tunnels exist.
|
2 years ago |
|
Maximilian Wilhelm
|
a2a6ed05d6
nftables: Open server side Wireguard ports automagically.
|
2 years ago |
|
Maximilian Wilhelm
|
827bcbcba5
ffho_netfilter: Unify return types of generate_urpf_policy()
|
2 years ago |
|
Maximilian Wilhelm
|
9dd3598121
ffho_netfilter: Move _active_urpf() to private block
|
2 years ago |
|
Maximilian Wilhelm
|
04a882fb54
nftables: Allow respondd replies to yanic
|
3 years ago |
|
Maximilian Wilhelm
|
c221f2d6e7
nftables: respondd needs to be allowed on all B.A.T.M.A.N. adv. nodes
|
3 years ago |
|
Maximilian Wilhelm
|
6f0f5b35ff
nftables: Disable uRPF for non-routers entirely.
|
3 years ago |
|
Maximilian Wilhelm
|
1b948c057a
Allow forcing uRPF (de)activation via Netbox tags
|
3 years ago |
|
Maximilian Wilhelm
|
5850353c41
nftables: Fix service rule source annotation.
|
3 years ago |
|
Maximilian Wilhelm
|
876ef52736
nftables: Allow OSPF only on interfaces which should form an adjacency
|
3 years ago |
|
Maximilian Wilhelm
|
b18f7eaec9
nftables: Annotate rules with their origin
|
3 years ago |
|
Maximilian Wilhelm
|
efda5a5c04
nftables: Clean up generator code + template
|
3 years ago |
|
Maximilian Wilhelm
|
e1724dda70
nftables: Only generate VXLAN roles when required
|
3 years ago |
|
Maximilian Wilhelm
|
ada909efa6
nftables: Fix bug in NAT rule generation, D'oh.
|
3 years ago |
|
Maximilian Wilhelm
|
c3e585fafd
nftables: Update uRPF interface classification code
|
3 years ago |
|
Maximilian Wilhelm
|
9f302065c1
nftables: Allow DHCP requests according to firewall policy
|
3 years ago |
|
Maximilian Wilhelm
|
a88732a11d
nftables: Do not sort ports as they are pre-arranged by NACL
|
3 years ago |
|
Maximilian Wilhelm
|
c17fadd54f
nftabes: Generate rules for uRPF
|
3 years ago |
|
Maximilian Wilhelm
|
585642a35f
nftables: First shot at NAT support
|
3 years ago |
|
Maximilian Wilhelm
|
a6db6d7f8f
nftables: First shot at generating forwarding rules.
|
3 years ago |
|
Maximilian Wilhelm
|
8225c84172
nftables: Fix service rule comment generation
|
3 years ago |
|
Maximilian Wilhelm
|
eb75d9cf9d
nftables: Enhance support for Netbox service ACLs
|
3 years ago |
