Commit Graph

292 Commits

Author SHA1 Message Date
toby fcaa400452 removing ceph rgw 8080 for now since it's not in use 2018-11-26 19:17:31 +01:00
toby 188f689bbf testing useing bastion as NTP, moving it to a internal only service 2018-11-26 18:49:04 +01:00
toby 2ff6566d2e firewall house-keeping 2018-11-26 18:39:18 +01:00
toby 0a3575db3c fixing ipv6 prefix announcement for bastion boxes, no change for anything but bastion installs 2018-11-20 00:11:40 +01:00
toby c65529f6ad adding support for bastions public lo ipv4 2018-11-19 18:35:11 +01:00
toby e5b6e96c2e adding bastion2 to firewalls for potential failover 2018-11-19 00:32:12 +01:00
toby b2b902672b raising dpdtimeout to be 5x the delay, it's much more agressive than defaults but at least its the same multiplier than default 2018-11-18 23:18:29 +01:00
toby b4fb94c60b ah what the hell. I keep the swanctl config around for now even when not used. we do eventually wanna switch 2018-11-18 22:59:14 +01:00
toby 9d11caf8f9 changed my mind about closeaction, we should maybe have that, but trying to use hold instead 2018-11-18 22:14:26 +01:00
toby 86d5c80bbb ipsec changes: IKEv2, and more ipsec changes to hopefully inclrease stability 2018-11-18 22:06:53 +01:00
toby e3fba4ecad prepping to flip back bastion to a loopback ip. setting firewall rule accordingly 2018-11-18 02:22:04 +01:00
toby 9028be6de6 fixing live migration iptables rules 2018-11-17 02:06:37 +01:00
toby a0d2d87355 adding ceph rgw rules to firewall 2018-11-16 18:26:57 +01:00
toby 052aeec779 we obviously wanna remove our private ASNs on IPv6 as well 2018-11-15 21:05:45 +01:00
toby 26f34e482f adding smarthost to the firewall 2018-11-13 20:41:41 +01:00
toby 346f3516d4 more/better bastion support 2018-11-13 17:22:42 +01:00
toby 045736616f fixng small console error so that systemd actually thinks firewall started successfully 2018-11-12 21:08:25 +01:00
toby cd7566f253 god damn control file syntax and pickiness 2018-11-07 22:10:26 +01:00
toby 1316620232 god damn control file syntax and pickiness 2018-11-07 19:11:06 +01:00
toby 39e447d633 adjustments for frr 6.0 2018-11-07 17:16:12 +01:00
toby 039b56b15d fixing issue showing IPs 2018-11-07 17:07:47 +01:00
toby b5caf073ba fixing DNS querry for bastion public IP 2018-11-06 21:14:44 +01:00
toby 01d5a92771 doh... typo... 2018-11-06 19:30:03 +01:00
toby f7738182af fixing sed escape bug 2018-11-06 18:42:11 +01:00
toby d6566cff38 enabling debugging 2018-11-06 18:30:27 +01:00
toby 1855169a42 adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there 2018-11-04 21:13:13 +01:00
toby 0868dd4df3 adding some early work for bastion support 2018-11-04 21:02:07 +01:00
toby 7aabd41def simplifying and adding flexibility to the NOTRACK rules 2018-11-04 19:19:09 +00:00
toby 249e13bac6 adding mgmt IPs on the console output 2018-11-03 20:27:10 +01:00
toby 56d95d9bb8 build trigger 2018-11-03 19:55:06 +01:00
toby 14610d67a4 build trigger 2018-11-03 19:49:22 +01:00
toby 188c679218 fixing another bug for ipmi/mgmtgw interfaces 2018-11-03 00:02:42 +01:00
toby 51cef1a3e5 fixing minor bug on ipmigw/mgmtgw interface 2018-11-02 23:54:39 +01:00
toby 6c16ceb2c9 fixing typo 2018-11-01 21:12:23 +01:00
toby c25c9f4e03 ipsec: swanctl work: binding to only lo and feth interfaces. this should potentially avoid some issues 2018-11-01 16:11:59 +01:00
toby e7cdde0418 quick fix to allow build after adams repo release info change 2018-11-01 09:15:02 +01:00
toby 2bfed0b53e leaving strongswan untouched since it would otherwise break a upgrade process 2018-10-31 23:22:31 +01:00
toby 03a8db740f for now keeping the ikev1, the upgrade to v2 needs to be planned 2018-10-31 23:15:54 +01:00
toby d3161082de ipsec: setting source IP to loopback 2018-10-31 23:06:30 +01:00
toby a6e4647a9c adding more support for ipmigw/mgmtgw interfaces 2018-10-31 21:02:57 +01:00
toby 65b2ecb368 making sure systemd-timesyncd is enabled as well 2018-10-31 20:40:10 +01:00
toby 8b3d04f16e need the .wit extension otherwise sed won't work ... doh 2018-10-29 20:15:58 +01:00
toby 633b0a7521 removing hardcoded ike version and also fixing file path for swanctl-conf file 2018-10-28 22:04:16 +01:00
toby 3f2238a090 adding swanctl draft config. not yet used but wanna eventually switch to it 2018-10-28 20:45:20 +01:00
toby 467548f6e8 ipsec: adding new key-proposal that we wanna move towards to. once rolled out, we'd like to deprecate the old weak ones 2018-10-26 21:46:49 +02:00
toby 056ca4c6ea fixing bug in udev rule writing for mgmt/gw interfaces 2018-10-26 20:45:18 +02:00
toby 1dc2ca3525 fixing bug in udev rule writing for mgmt/gw interfaces 2018-10-26 20:24:47 +02:00
toby 87ee7e115e first draft for bastion support, needs to be tested 2018-10-26 19:50:55 +02:00
toby 67c3928413 updateing updating/unifiying build with other repos 2018-10-26 00:36:25 +02:00
toby 11a6b51343 pushing the unsigned deb to the new v2 cloud 2018-10-26 00:17:45 +02:00