forked from zentralwerk/network
nixos-module/container/bird: use protocol direct to learn iface routes
This commit is contained in:
parent
ead4199b3f
commit
e61da5cd17
|
|
@ -44,19 +44,7 @@ in
|
||||||
''
|
''
|
||||||
else ''
|
else ''
|
||||||
export all;
|
export all;
|
||||||
import filter {
|
|
||||||
${lib.concatMapStrings (net:
|
|
||||||
lib.optionalString (
|
|
||||||
config.site.net.${net}.subnet4 or null != null
|
|
||||||
) ''
|
|
||||||
if net ~ [ ${config.site.net.${net}.subnet4} ] then {
|
|
||||||
# Learn route of local network ${net}
|
|
||||||
accept;
|
|
||||||
}
|
|
||||||
'') (builtins.attrNames hostConf.interfaces)}
|
|
||||||
''}
|
''}
|
||||||
reject;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
protocol kernel K6 {
|
protocol kernel K6 {
|
||||||
|
|
@ -71,41 +59,33 @@ in
|
||||||
''
|
''
|
||||||
else ''
|
else ''
|
||||||
export all;
|
export all;
|
||||||
import filter {
|
|
||||||
${lib.concatMapStrings (net: ''
|
|
||||||
if net ~ [ ${lib.concatStringsSep " " (builtins.attrValues config.site.net.${net}.subnets6)} ] then {
|
|
||||||
# Learn route of local network ${net}
|
|
||||||
accept;
|
|
||||||
}
|
|
||||||
'') (builtins.attrNames hostConf.interfaces)}
|
|
||||||
reject;
|
|
||||||
};
|
|
||||||
''}
|
''}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
protocol device {
|
protocol device {
|
||||||
scan time 10;
|
scan time 10;
|
||||||
}
|
}
|
||||||
${lib.optionalString isUpstream ''
|
|
||||||
# Import address ranges of upstream interfaces so that
|
# Import address ranges of upstream interfaces so that
|
||||||
# internal traffic to local public services take no detours
|
# internal traffic to local public services take no detours
|
||||||
# if the default router takes another upstream gateway.
|
# if the default router takes another upstream gateway.
|
||||||
protocol direct {
|
protocol direct {
|
||||||
ipv4 {
|
ipv4 {
|
||||||
# No RFC6598
|
${if isUpstream
|
||||||
import where net !~ 100.64.0.0/10
|
then ''
|
||||||
# No RFC1918
|
# No RFC1918, RFC6598
|
||||||
&& net !~ 10.0.0.0/8
|
import where net !~ [ 100.64.0.0/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ];
|
||||||
&& net !~ 172.16.0.0/12
|
'' else ''
|
||||||
&& net !~ 192.168.0.0/16;
|
import all;
|
||||||
|
''}
|
||||||
|
};
|
||||||
|
ipv6 {
|
||||||
|
import all;
|
||||||
};
|
};
|
||||||
ipv6;
|
|
||||||
interface ${lib.concatMapStringsSep ", " (iface:
|
interface ${lib.concatMapStringsSep ", " (iface:
|
||||||
''"${iface}"''
|
''"${iface}"''
|
||||||
)(builtins.attrNames upstreamInterfaces)};
|
)(builtins.attrNames hostConf.interfaces)};
|
||||||
check link yes;
|
check link yes;
|
||||||
}
|
}
|
||||||
''}
|
|
||||||
|
|
||||||
${lib.optionalString (
|
${lib.optionalString (
|
||||||
builtins.match "anon.*" hostName != null ||
|
builtins.match "anon.*" hostName != null ||
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user