forked from zentralwerk/network
nixos-module/container/bird: advertise upstream local subnet into ospf
This commit is contained in:
parent
3c44eeaab1
commit
53cd892531
|
@ -69,6 +69,26 @@ in
|
||||||
protocol device {
|
protocol device {
|
||||||
scan time 10;
|
scan time 10;
|
||||||
}
|
}
|
||||||
|
${lib.optionalString isUpstream ''
|
||||||
|
# Import address ranges of upstream interfaces so that
|
||||||
|
# internal traffic to local public services take no detours
|
||||||
|
# if the default router takes another upstream gateway.
|
||||||
|
protocol direct {
|
||||||
|
ipv4 {
|
||||||
|
# No RFC6598
|
||||||
|
import where net !~ 100.64.0.0/10
|
||||||
|
# No RFC1918
|
||||||
|
&& net !~ 10.0.0.0/8
|
||||||
|
&& net !~ 172.16.0.0/12
|
||||||
|
&& net !~ 192.168.0.0/16;
|
||||||
|
};
|
||||||
|
ipv6;
|
||||||
|
interface ${lib.concatMapStringsSep ", " (iface:
|
||||||
|
''"${iface}"''
|
||||||
|
)(builtins.attrNames upstreamInterfaces)};
|
||||||
|
check link yes;
|
||||||
|
}
|
||||||
|
''}
|
||||||
|
|
||||||
${lib.optionalString (builtins.match "anon.*" hostName != null) ''
|
${lib.optionalString (builtins.match "anon.*" hostName != null) ''
|
||||||
# BIRD routing table for Wireguard transport
|
# BIRD routing table for Wireguard transport
|
||||||
|
|
Loading…
Reference in New Issue
Block a user