freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
ansible-ffibk/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2
Tobias Hachmer e4e8c0998f
Introduce p2p vpn link between all ffmwu servers via WireGuard for routing purpose. 
* add jinja2 extension 'jinja2.ext.do' to ansible.cfg
 * add host kichererbse.freifunk-mwu.de
 * add new server_type 'mesh-service' and new host group 'ffmwu-mesh-services'
 * use new loopback and anycast networks
 * add role wireguard
 * add role wireguard as dependency for roles network-routing + service-bird
 * add playbook 'mesh-services'
2019-03-19 15:23:12 +01:00

91 lines
4.1 KiB
Django/Jinja
Raw Blame History

#!/bin/sh
#
# {{ ansible_managed }}
#
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
{% if server_type == 'gateway' or server_type == 'monitoring' %}
{% for mesh in meshes %}
ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
{% endfor %}
{% endif %}
{% for network in my_wireguard_networks %}
ip -4 rule add from all iif wg-{{ network.remote[:11] }} lookup mwu priority 7
ip -6 rule add from all iif wg-{{ network.remote[:11] }} lookup mwu priority 7
ip -4 rule add from all oif wg-{{ network.remote[:11] }} lookup mwu priority 7
ip -6 rule add from all oif wg-{{ network.remote[:11] }} lookup mwu priority 7
{% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule add from {{ prefix.ipv4 }} lookup mwu priority 7
ip -4 rule add to {{ prefix.ipv4 }} lookup mwu priority 7
ip -6 rule add from {{ prefix.ipv6 }} lookup mwu priority 7
ip -6 rule add to {{ prefix.ipv6 }} lookup mwu priority 7
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule add from {{ prefix.ipv6 }} lookup mwu priority 7
ip -6 rule add to {{ prefix.ipv6 }} lookup mwu priority 7
{% endfor %}
{% if server_type == 'gateway' %}
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
{% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule add from {{ prefix.ipv4 }} lookup icvpn priority 23
ip -4 rule add to {{ prefix.ipv4 }} lookup icvpn priority 23
ip -6 rule add from {{ prefix.ipv6 }} lookup icvpn priority 23
ip -6 rule add to {{ prefix.ipv6 }} lookup icvpn priority 23
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule add from {{ prefix.ipv6 }} lookup icvpn priority 23
ip -6 rule add to {{ prefix.ipv6 }} lookup icvpn priority 23
{% endfor %}
ip -4 rule add from all oif icvpn lookup icvpn priority 23
ip -6 rule add from all oif icvpn lookup icvpn priority 23
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41
{% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule add from {{ prefix.ipv4 }} lookup internet priority 41
ip -6 rule add from {{ prefix.ipv6 }} lookup internet priority 41
ip -6 rule add to {{ prefix.ipv6 }} lookup internet priority 41
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule add from {{ prefix.ipv6 }} lookup internet priority 41
ip -6 rule add to {{ prefix.ipv6 }} lookup internet priority 41
{% endfor %}
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
# Priority 61 - at this point this is the end of policy routing for freifunk related routes
{% for mesh in meshes %}
ip -4 rule add from all iif {{ mesh.id }}br type unreachable priority 61
ip -6 rule add from all iif {{ mesh.id }}br type unreachable priority 61
{% endfor %}
ip -4 rule add from all iif icvpn type unreachable priority 61
ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
{% for server_id, server_value in ffrl_exit_server.items() %}
ip -4 rule add from all iif {{ server_id }} type unreachable priority 61
ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
{% endfor %}
ip -6 rule add from all iif icvpn type unreachable priority 61
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
{% for prefix in public_prefixes %}
ip -6 rule add from {{ prefix.ipv6 }} type unreachable priority 61
ip -6 rule add to {{ prefix.ipv6 }} type unreachable priority 61
{% endfor %}
# Priority 107 - lookup policies for the gateway host self originating traffic
ip -4 rule add from all lookup mwu priority 107
ip -4 rule add from all lookup icvpn priority 107
ip -6 rule add from all lookup mwu priority 107
ip -6 rule add from all lookup icvpn priority 107
{% endif %}
exit 0
Reference in a new issue View git blame Copy permalink