more/better bastion support
This commit is contained in:
toby
parent
045736616f
commit
346f3516d4
|
|
@ -93,9 +93,8 @@ case "$1" in
|
|||
|
||||
EOF
|
||||
|
||||
FRR_BASTION="${FRR_BASTION}ip prefix-list ANY permit 0.0.0.0\/0 le 32\n"
|
||||
FRR_BASTION="${FRR_BASTION}route-map BASTION permit 10\n"
|
||||
FRR_BASTION="${FRR_BASTION} match ip address prefix-list ANY\n"
|
||||
FRR_BASTION="${FRR_BASTION} match ip address prefix-list DEFAULT\n"
|
||||
FRR_BASTION="${FRR_BASTION} set src ${PUBLICLOIP}\n"
|
||||
FRR_BASTION="${FRR_BASTION}ip protocol bgp route-map BASTION\n"
|
||||
|
||||
|
|
@ -236,11 +235,14 @@ case "$1" in
|
|||
if [[ $ifname = mgmtgw1 ]] || [[ $ifname = ipmigw1 ]]; then ## only 1 mgmt interface supported for now
|
||||
|
||||
ipv4=$(dig_txt ipv4.$if.${HOSTNAME})
|
||||
ipv6=$(dig_txt ipv6.$if.${HOSTNAME})
|
||||
|
||||
cat <<-EOF >>$IFCONFIG
|
||||
auto ${ifname}
|
||||
iface ${ifname} inet static
|
||||
address ${ipv4/\\/}
|
||||
iface ${ifname} inet6 static
|
||||
address ${ipv6/\\/}
|
||||
|
||||
|
||||
EOF
|
||||
|
|
|
|||
|
|
@ -103,16 +103,16 @@ router bgp NODEASN
|
|||
!!! FRR_IPV4_CUSTOMERS_PFLIST
|
||||
|
||||
|
||||
!!! ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
|
||||
!!! ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32
|
||||
!!! ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32
|
||||
!!! ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32
|
||||
!!! ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32
|
||||
!!! ip prefix-list rfc1918 seq 20 permit 169.254.0.0/16 le 32
|
||||
!!! ip prefix-list rfc1918 seq 25 permit 172.16.0.0/12 le 32
|
||||
!!! ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32
|
||||
!!! ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32
|
||||
!!! ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32
|
||||
ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
|
||||
ip prefix-list ALL seq 5 permit 0.0.0.0/0 le 32
|
||||
ip prefix-list rfc1918 seq 5 permit 0.0.0.0/8 le 32
|
||||
ip prefix-list rfc1918 seq 10 permit 10.0.0.0/8 le 32
|
||||
ip prefix-list rfc1918 seq 15 permit 127.0.0.0/8 le 32
|
||||
ip prefix-list rfc1918 seq 20 permit 169.254.0.0/16 le 32
|
||||
ip prefix-list rfc1918 seq 25 permit 172.16.0.0/12 le 32
|
||||
ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32
|
||||
ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32
|
||||
ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32
|
||||
|
||||
|
||||
|
||||
|
|
@ -122,8 +122,8 @@ router bgp NODEASN
|
|||
|
||||
!!! FRR_IPV6_CUSTOMERS_PFLIST
|
||||
|
||||
!!! ipv6 prefix-list DEFAULT seq 5 permit ::/0
|
||||
!!! ipv6 prefix-list ALL seq 5 permit ::/0 le 128
|
||||
ipv6 prefix-list DEFAULT seq 5 permit ::/0
|
||||
ipv6 prefix-list ALL seq 5 permit ::/0 le 128
|
||||
!!! ipv6 prefix-list eBGPv6-RELAXED seq 5 deny 3ffe::/16 le 128
|
||||
!!! ipv6 prefix-list eBGPv6-RELAXED seq 10 deny 2001:db8::/32 le 128
|
||||
!!! ipv6 prefix-list eBGPv6-RELAXED seq 15 permit 2001::/32
|
||||
|
|
|
|||
Loading…
Reference in New Issue