aboutsummaryrefslogtreecommitdiffstats
path: root/roles/root_env/tasks
diff options
context:
space:
mode:
authorAsbjørn Sloth Tønnesen <asbjorn@labitat.dk>2021-06-18 21:41:49 +0000
committerAsbjørn Sloth Tønnesen <asbjorn@labitat.dk>2021-06-18 22:40:15 +0000
commitff7bfb2fbfa64a4763294b067c984c4b05244821 (patch)
treed1969f91cee4f80391517981c67bab0c6fed8c0f /roles/root_env/tasks
parent512f7dc6837f140f5549e58d8a5ef8014fe0b52e (diff)
downloadlabitat-ansible-ff7bfb2fbfa64a4763294b067c984c4b05244821.tar.gz
labitat-ansible-ff7bfb2fbfa64a4763294b067c984c4b05244821.tar.xz
labitat-ansible-ff7bfb2fbfa64a4763294b067c984c4b05244821.zip
space_server: nftables: colo: use dynamic reverse path filter
This patch changes the reverse path filtering of the labicolo VLAN to take place in the prerouting hook, using the kernel routing table, and removes the need to maintain a static prefix list. Labicolo routes are exported to the kernel routing table by BIRD, hence it should be sufficient to only have prefix lists there. This change has been tested, and it's only possible to spoof fellow labicolo members address space (same as before).
Diffstat (limited to 'roles/root_env/tasks')
0 files changed, 0 insertions, 0 deletions