aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/files/nftables
diff options
context:
space:
mode:
authorAsbjørn Sloth Tønnesen <asbjorn@labitat.dk>2021-06-18 21:41:49 +0000
committerEmil Renner Berthing <esmil@labitat.dk>2021-06-19 11:08:04 +0200
commit23a84a3cfeac299ef34e422cdcd9ea3499376a90 (patch)
tree7c1fee6d3af84e36b27699e814ace5471334fbf3 /roles/space_server/files/nftables
parentf72c04ecb33b1319b611da9df8296c597092c376 (diff)
downloadlabitat-ansible-23a84a3cfeac299ef34e422cdcd9ea3499376a90.tar.gz
labitat-ansible-23a84a3cfeac299ef34e422cdcd9ea3499376a90.tar.xz
labitat-ansible-23a84a3cfeac299ef34e422cdcd9ea3499376a90.zip
space_server: nftables: colo: use dynamic reverse path filter
This patch changes the reverse path filtering of the labicolo VLAN to take place in the prerouting hook, using the kernel routing table, and removes the need to maintain a static prefix list. Labicolo routes are exported to the kernel routing table by BIRD, hence it should be sufficient to only have prefix lists there. This change has been tested, and it's only possible to spoof fellow labicolo members address space (same as before). Esmil: prerouting before input/forward makes more sense to me
Diffstat (limited to 'roles/space_server/files/nftables')
0 files changed, 0 insertions, 0 deletions