sax-rgs-gw-core01: configure backbone
This commit is contained in:
Gregor Michels
parent
a837a2b916
commit
77454046b8
|
|
@ -20,6 +20,34 @@ config zone
|
||||||
option output ACCEPT
|
option output ACCEPT
|
||||||
option forward REJECT
|
option forward REJECT
|
||||||
|
|
||||||
|
config zone
|
||||||
|
option name backbone
|
||||||
|
list network wg3
|
||||||
|
option input REJECT
|
||||||
|
option output ACCEPT
|
||||||
|
option forward REJECT
|
||||||
|
|
||||||
|
config rule
|
||||||
|
option name From-BACKBONE-Allow-OSPF
|
||||||
|
option src backbone
|
||||||
|
option proto ospf
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
|
config rule
|
||||||
|
option name From-BACKBONE-Allow-Prometheus
|
||||||
|
option src backbone
|
||||||
|
option proto tcp
|
||||||
|
option dest_port 9100
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
|
config rule
|
||||||
|
option name From-BACKBONE-Into-MGMT-Allow-SNMP
|
||||||
|
option src backbone
|
||||||
|
option dest mgmt
|
||||||
|
option proto udp
|
||||||
|
option dest_port 161
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
config rule
|
config rule
|
||||||
option name From-Any-Allow-SSH
|
option name From-Any-Allow-SSH
|
||||||
option src *
|
option src *
|
||||||
|
|
@ -50,6 +78,14 @@ config rule
|
||||||
option dest_port 9100
|
option dest_port 9100
|
||||||
option target ACCEPT
|
option target ACCEPT
|
||||||
|
|
||||||
|
config rule
|
||||||
|
option name From-MGMT-Into-BACKBONE-Allow-Prometheus
|
||||||
|
option src mgmt
|
||||||
|
option dest backbone
|
||||||
|
option proto tcp
|
||||||
|
option dest_port 9100
|
||||||
|
option target ACCEPT
|
||||||
|
|
||||||
config rule
|
config rule
|
||||||
option name Into-MGMT-Allow-Prometheus-WebGUI-On-monitoring01
|
option name Into-MGMT-Allow-Prometheus-WebGUI-On-monitoring01
|
||||||
option src *
|
option src *
|
||||||
|
|
|
||||||
|
|
@ -79,19 +79,19 @@ config interface 'backoffice'
|
||||||
option ipaddr '10.86.8.1'
|
option ipaddr '10.86.8.1'
|
||||||
option netmask '255.255.255.0'
|
option netmask '255.255.255.0'
|
||||||
|
|
||||||
config interface 'wg0'
|
config interface 'wg3'
|
||||||
option proto 'wireguard'
|
option proto 'wireguard'
|
||||||
option private_key "{{ lookup('passwordstore', 'wg/wg0/gw-core01') }}"
|
option private_key "{{ lookup('passwordstore', 'wg/wg3/sax-rgs-gw-core01') }}"
|
||||||
option listen_port 51820
|
option listen_port 51823
|
||||||
option mtu 1350
|
option mtu 1350
|
||||||
list addresses '10.84.254.1/31'
|
list addresses '10.86.254.1/31'
|
||||||
option disabled '1'
|
option disabled '0'
|
||||||
|
|
||||||
config wireguard_wg0 'eap_adp_jump01'
|
config wireguard_wg3 'eap_adp_jump01'
|
||||||
option public_key "{{ lookup('passwordstore', 'wg/wg0/eae-adp-jump01.pub') }}"
|
option public_key "{{ lookup('passwordstore', 'wg/wg3/eae-adp-jump01.pub') }}"
|
||||||
option preshared_key "{{ lookup('passwordstore', 'wg/wg0/psk') }}"
|
option preshared_key "{{ lookup('passwordstore', 'wg/wg3/psk') }}"
|
||||||
option endpoint_host '162.55.53.85'
|
option endpoint_host '162.55.53.85'
|
||||||
option endpoint_port '51820'
|
option endpoint_port '51823'
|
||||||
option route_allowed_ips '0'
|
option route_allowed_ips '0'
|
||||||
option persistent_keepalive 15
|
option persistent_keepalive 15
|
||||||
list allowed_ips '0.0.0.0/0'
|
list allowed_ips '0.0.0.0/0'
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@ router ospf
|
||||||
!
|
!
|
||||||
log syslog
|
log syslog
|
||||||
!
|
!
|
||||||
interface wg0
|
interface wg3
|
||||||
ip ospf area 0
|
ip ospf area 0
|
||||||
ip ospf network point-to-point
|
ip ospf network point-to-point
|
||||||
!
|
!
|
||||||
|
|
|
||||||
Reference in New Issue