ipv6ify mgmt
This commit is contained in:
parent
568fa2102d
commit
e969a9b105
|
@ -147,6 +147,47 @@ hosts-inet:
|
||||||
bgp: 172.22.99.250
|
bgp: 172.22.99.250
|
||||||
|
|
||||||
hosts-inet6:
|
hosts-inet6:
|
||||||
|
mgmt:
|
||||||
|
server1: fd23:42:c3d2:580::1
|
||||||
|
server2: fd23:42:c3d2:580::2
|
||||||
|
switch-b1: fd23:42:c3d2:580::10
|
||||||
|
switch-b2: fd23:42:c3d2:580::11
|
||||||
|
switch-c1: fd23:42:c3d2:580::12
|
||||||
|
switch-d1: fd23:42:c3d2:580::13
|
||||||
|
ap1: fd23:42:c3d2:580::4:1
|
||||||
|
ap2: fd23:42:c3d2:580::4:2
|
||||||
|
ap3: fd23:42:c3d2:580::4:3
|
||||||
|
ap4: fd23:42:c3d2:580::4:4
|
||||||
|
ap5: fd23:42:c3d2:580::4:5
|
||||||
|
ap6: fd23:42:c3d2:580::4:6
|
||||||
|
ap7: fd23:42:c3d2:580::4:7
|
||||||
|
ap8: fd23:42:c3d2:580::4:8
|
||||||
|
ap9: fd23:42:c3d2:580::4:9
|
||||||
|
ap10: fd23:42:c3d2:580::4:a
|
||||||
|
ap11: fd23:42:c3d2:580::4:b
|
||||||
|
ap12: fd23:42:c3d2:580::4:c
|
||||||
|
ap13: fd23:42:c3d2:580::4:d
|
||||||
|
ap14: fd23:42:c3d2:580::4:e
|
||||||
|
ap15: fd23:42:c3d2:580::4:f
|
||||||
|
ap16: fd23:42:c3d2:580::4:10
|
||||||
|
ap17: fd23:42:c3d2:580::4:11
|
||||||
|
ap18: fd23:42:c3d2:580::4:12
|
||||||
|
ap19: fd23:42:c3d2:580::4:13
|
||||||
|
ap20: fd23:42:c3d2:580::4:14
|
||||||
|
ap21: fd23:42:c3d2:580::4:15
|
||||||
|
ap22: fd23:42:c3d2:580::4:16
|
||||||
|
ap23: fd23:42:c3d2:580::4:17
|
||||||
|
ap24: fd23:42:c3d2:580::4:18
|
||||||
|
ap25: fd23:42:c3d2:580::4:19
|
||||||
|
ap26: fd23:42:c3d2:580::4:1a
|
||||||
|
ap27: fd23:42:c3d2:580::4:1b
|
||||||
|
ap28: fd23:42:c3d2:580::4:1c
|
||||||
|
ap29: fd23:42:c3d2:580::4:1d
|
||||||
|
ap30: fd23:42:c3d2:580::4:1e
|
||||||
|
ap31: fd23:42:c3d2:580::4:1f
|
||||||
|
ap32: fd23:42:c3d2:580::4:20
|
||||||
|
mgmt-gw: fd23:42:c3d2:580:ffff:ffff:ffff:ffff
|
||||||
|
|
||||||
core:
|
core:
|
||||||
server1: fd23:42:c3d2:581::1
|
server1: fd23:42:c3d2:581::1
|
||||||
server2: fd23:42:c3d2:581::102
|
server2: fd23:42:c3d2:581::102
|
||||||
|
|
|
@ -22,6 +22,7 @@ subnets-inet:
|
||||||
mgmt: 10.0.0.0/24
|
mgmt: 10.0.0.0/24
|
||||||
|
|
||||||
subnets-inet6:
|
subnets-inet6:
|
||||||
|
mgmt: fd23:42:c3d2:580::/64
|
||||||
core: fd23:42:c3d2:581::/64
|
core: fd23:42:c3d2:581::/64
|
||||||
serv: fd23:42:c3d2:582::/64
|
serv: fd23:42:c3d2:582::/64
|
||||||
pub: fd23:42:c3d2:583::/64
|
pub: fd23:42:c3d2:583::/64
|
||||||
|
|
|
@ -2,12 +2,18 @@
|
||||||
|
|
||||||
if [ "$IFACE" = "{{ interface }}" ]; then
|
if [ "$IFACE" = "{{ interface }}" ]; then
|
||||||
iptables -F FORWARD
|
iptables -F FORWARD
|
||||||
|
ip6tables -F FORWARD
|
||||||
iptables -P FORWARD REJECT
|
iptables -P FORWARD REJECT
|
||||||
|
ip6tables -P FORWARD REJECT
|
||||||
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
||||||
|
ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
|
||||||
# DNS
|
# DNS
|
||||||
iptables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
iptables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
||||||
|
ip6tables -A FORWARD -i $IFACE -p udp --dport 53 -j ACCEPT
|
||||||
# NTP
|
# NTP
|
||||||
iptables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
|
iptables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
|
||||||
|
ip6tables -A FORWARD -i $IFACE -p udp --dport 123 -j ACCEPT
|
||||||
# collectd
|
# collectd
|
||||||
iptables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
|
iptables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
|
||||||
|
ip6tables -A FORWARD -i $IFACE -p udp --dport 25826 -j ACCEPT
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
iptables:
|
||||||
|
pkg.installed: []
|
||||||
|
|
||||||
/etc/network/if-pre-up.d/firewall:
|
/etc/network/if-pre-up.d/firewall:
|
||||||
file.managed:
|
file.managed:
|
||||||
- source: salt://upstream/mgmt-gw.sh
|
- source: salt://upstream/mgmt-gw.sh
|
||||||
|
|
Loading…
Reference in New Issue
Block a user