forked from zentralwerk/network
nixos-module/container/bird: advertise upstream local subnet into ospf
This commit is contained in:
parent
3c44eeaab1
commit
53cd892531
|
@ -69,6 +69,26 @@ in
|
|||
protocol device {
|
||||
scan time 10;
|
||||
}
|
||||
${lib.optionalString isUpstream ''
|
||||
# Import address ranges of upstream interfaces so that
|
||||
# internal traffic to local public services take no detours
|
||||
# if the default router takes another upstream gateway.
|
||||
protocol direct {
|
||||
ipv4 {
|
||||
# No RFC6598
|
||||
import where net !~ 100.64.0.0/10
|
||||
# No RFC1918
|
||||
&& net !~ 10.0.0.0/8
|
||||
&& net !~ 172.16.0.0/12
|
||||
&& net !~ 192.168.0.0/16;
|
||||
};
|
||||
ipv6;
|
||||
interface ${lib.concatMapStringsSep ", " (iface:
|
||||
''"${iface}"''
|
||||
)(builtins.attrNames upstreamInterfaces)};
|
||||
check link yes;
|
||||
}
|
||||
''}
|
||||
|
||||
${lib.optionalString (builtins.match "anon.*" hostName != null) ''
|
||||
# BIRD routing table for Wireguard transport
|
||||
|
|
Loading…
Reference in New Issue