toby
|
fcaa400452
|
removing ceph rgw 8080 for now since it's not in use
|
2018-11-26 19:17:31 +01:00 |
toby
|
188f689bbf
|
testing useing bastion as NTP, moving it to a internal only service
|
2018-11-26 18:49:04 +01:00 |
toby
|
2ff6566d2e
|
firewall house-keeping
|
2018-11-26 18:39:18 +01:00 |
toby
|
0a3575db3c
|
fixing ipv6 prefix announcement for bastion boxes, no change for anything but bastion installs
|
2018-11-20 00:11:40 +01:00 |
toby
|
c65529f6ad
|
adding support for bastions public lo ipv4
|
2018-11-19 18:35:11 +01:00 |
toby
|
e5b6e96c2e
|
adding bastion2 to firewalls for potential failover
|
2018-11-19 00:32:12 +01:00 |
toby
|
b2b902672b
|
raising dpdtimeout to be 5x the delay, it's much more agressive than defaults but at least its the same multiplier than default
|
2018-11-18 23:18:29 +01:00 |
toby
|
b4fb94c60b
|
ah what the hell. I keep the swanctl config around for now even when not used. we do eventually wanna switch
|
2018-11-18 22:59:14 +01:00 |
toby
|
9d11caf8f9
|
changed my mind about closeaction, we should maybe have that, but trying to use hold instead
|
2018-11-18 22:14:26 +01:00 |
toby
|
86d5c80bbb
|
ipsec changes: IKEv2, and more ipsec changes to hopefully inclrease stability
|
2018-11-18 22:06:53 +01:00 |
toby
|
e3fba4ecad
|
prepping to flip back bastion to a loopback ip. setting firewall rule accordingly
|
2018-11-18 02:22:04 +01:00 |
toby
|
9028be6de6
|
fixing live migration iptables rules
|
2018-11-17 02:06:37 +01:00 |
toby
|
a0d2d87355
|
adding ceph rgw rules to firewall
|
2018-11-16 18:26:57 +01:00 |
toby
|
052aeec779
|
we obviously wanna remove our private ASNs on IPv6 as well
|
2018-11-15 21:05:45 +01:00 |
toby
|
26f34e482f
|
adding smarthost to the firewall
|
2018-11-13 20:41:41 +01:00 |
toby
|
346f3516d4
|
more/better bastion support
|
2018-11-13 17:22:42 +01:00 |
toby
|
045736616f
|
fixng small console error so that systemd actually thinks firewall started successfully
|
2018-11-12 21:08:25 +01:00 |
toby
|
cd7566f253
|
god damn control file syntax and pickiness
|
2018-11-07 22:10:26 +01:00 |
toby
|
1316620232
|
god damn control file syntax and pickiness
|
2018-11-07 19:11:06 +01:00 |
toby
|
39e447d633
|
adjustments for frr 6.0
|
2018-11-07 17:16:12 +01:00 |
toby
|
039b56b15d
|
fixing issue showing IPs
|
2018-11-07 17:07:47 +01:00 |
toby
|
b5caf073ba
|
fixing DNS querry for bastion public IP
|
2018-11-06 21:14:44 +01:00 |
toby
|
01d5a92771
|
doh... typo...
|
2018-11-06 19:30:03 +01:00 |
toby
|
f7738182af
|
fixing sed escape bug
|
2018-11-06 18:42:11 +01:00 |
toby
|
d6566cff38
|
enabling debugging
|
2018-11-06 18:30:27 +01:00 |
toby
|
1855169a42
|
adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there
|
2018-11-04 21:13:13 +01:00 |
toby
|
0868dd4df3
|
adding some early work for bastion support
|
2018-11-04 21:02:07 +01:00 |
toby
|
7aabd41def
|
simplifying and adding flexibility to the NOTRACK rules
|
2018-11-04 19:19:09 +00:00 |
toby
|
249e13bac6
|
adding mgmt IPs on the console output
|
2018-11-03 20:27:10 +01:00 |
toby
|
56d95d9bb8
|
build trigger
|
2018-11-03 19:55:06 +01:00 |
toby
|
14610d67a4
|
build trigger
|
2018-11-03 19:49:22 +01:00 |
toby
|
188c679218
|
fixing another bug for ipmi/mgmtgw interfaces
|
2018-11-03 00:02:42 +01:00 |
toby
|
51cef1a3e5
|
fixing minor bug on ipmigw/mgmtgw interface
|
2018-11-02 23:54:39 +01:00 |
toby
|
6c16ceb2c9
|
fixing typo
|
2018-11-01 21:12:23 +01:00 |
toby
|
c25c9f4e03
|
ipsec: swanctl work: binding to only lo and feth interfaces. this should potentially avoid some issues
|
2018-11-01 16:11:59 +01:00 |
toby
|
e7cdde0418
|
quick fix to allow build after adams repo release info change
|
2018-11-01 09:15:02 +01:00 |
toby
|
2bfed0b53e
|
leaving strongswan untouched since it would otherwise break a upgrade process
|
2018-10-31 23:22:31 +01:00 |
toby
|
03a8db740f
|
for now keeping the ikev1, the upgrade to v2 needs to be planned
|
2018-10-31 23:15:54 +01:00 |
toby
|
d3161082de
|
ipsec: setting source IP to loopback
|
2018-10-31 23:06:30 +01:00 |
toby
|
a6e4647a9c
|
adding more support for ipmigw/mgmtgw interfaces
|
2018-10-31 21:02:57 +01:00 |
toby
|
65b2ecb368
|
making sure systemd-timesyncd is enabled as well
|
2018-10-31 20:40:10 +01:00 |
toby
|
8b3d04f16e
|
need the .wit extension otherwise sed won't work ... doh
|
2018-10-29 20:15:58 +01:00 |
toby
|
633b0a7521
|
removing hardcoded ike version and also fixing file path for swanctl-conf file
|
2018-10-28 22:04:16 +01:00 |
toby
|
3f2238a090
|
adding swanctl draft config. not yet used but wanna eventually switch to it
|
2018-10-28 20:45:20 +01:00 |
toby
|
467548f6e8
|
ipsec: adding new key-proposal that we wanna move towards to. once rolled out, we'd like to deprecate the old weak ones
|
2018-10-26 21:46:49 +02:00 |
toby
|
056ca4c6ea
|
fixing bug in udev rule writing for mgmt/gw interfaces
|
2018-10-26 20:45:18 +02:00 |
toby
|
1dc2ca3525
|
fixing bug in udev rule writing for mgmt/gw interfaces
|
2018-10-26 20:24:47 +02:00 |
toby
|
87ee7e115e
|
first draft for bastion support, needs to be tested
|
2018-10-26 19:50:55 +02:00 |
toby
|
67c3928413
|
updateing updating/unifiying build with other repos
|
2018-10-26 00:36:25 +02:00 |
toby
|
11a6b51343
|
pushing the unsigned deb to the new v2 cloud
|
2018-10-26 00:17:45 +02:00 |