sax-rgs-gw-core01: configure backbone
This commit is contained in:
parent
a837a2b916
commit
77454046b8
|
@ -20,6 +20,34 @@ config zone
|
|||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config zone
|
||||
option name backbone
|
||||
list network wg3
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
|
||||
config rule
|
||||
option name From-BACKBONE-Allow-OSPF
|
||||
option src backbone
|
||||
option proto ospf
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name From-BACKBONE-Allow-Prometheus
|
||||
option src backbone
|
||||
option proto tcp
|
||||
option dest_port 9100
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name From-BACKBONE-Into-MGMT-Allow-SNMP
|
||||
option src backbone
|
||||
option dest mgmt
|
||||
option proto udp
|
||||
option dest_port 161
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name From-Any-Allow-SSH
|
||||
option src *
|
||||
|
@ -50,6 +78,14 @@ config rule
|
|||
option dest_port 9100
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name From-MGMT-Into-BACKBONE-Allow-Prometheus
|
||||
option src mgmt
|
||||
option dest backbone
|
||||
option proto tcp
|
||||
option dest_port 9100
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Into-MGMT-Allow-Prometheus-WebGUI-On-monitoring01
|
||||
option src *
|
||||
|
|
|
@ -79,19 +79,19 @@ config interface 'backoffice'
|
|||
option ipaddr '10.86.8.1'
|
||||
option netmask '255.255.255.0'
|
||||
|
||||
config interface 'wg0'
|
||||
config interface 'wg3'
|
||||
option proto 'wireguard'
|
||||
option private_key "{{ lookup('passwordstore', 'wg/wg0/gw-core01') }}"
|
||||
option listen_port 51820
|
||||
option private_key "{{ lookup('passwordstore', 'wg/wg3/sax-rgs-gw-core01') }}"
|
||||
option listen_port 51823
|
||||
option mtu 1350
|
||||
list addresses '10.84.254.1/31'
|
||||
option disabled '1'
|
||||
list addresses '10.86.254.1/31'
|
||||
option disabled '0'
|
||||
|
||||
config wireguard_wg0 'eap_adp_jump01'
|
||||
option public_key "{{ lookup('passwordstore', 'wg/wg0/eae-adp-jump01.pub') }}"
|
||||
option preshared_key "{{ lookup('passwordstore', 'wg/wg0/psk') }}"
|
||||
config wireguard_wg3 'eap_adp_jump01'
|
||||
option public_key "{{ lookup('passwordstore', 'wg/wg3/eae-adp-jump01.pub') }}"
|
||||
option preshared_key "{{ lookup('passwordstore', 'wg/wg3/psk') }}"
|
||||
option endpoint_host '162.55.53.85'
|
||||
option endpoint_port '51820'
|
||||
option endpoint_port '51823'
|
||||
option route_allowed_ips '0'
|
||||
option persistent_keepalive 15
|
||||
list allowed_ips '0.0.0.0/0'
|
||||
|
|
|
@ -5,7 +5,7 @@ router ospf
|
|||
!
|
||||
log syslog
|
||||
!
|
||||
interface wg0
|
||||
interface wg3
|
||||
ip ospf area 0
|
||||
ip ospf network point-to-point
|
||||
!
|
||||
|
|
Loading…
Reference in New Issue