aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/space_server/files/networkd/network/10-lan20.network4
-rw-r--r--roles/space_server/files/nftables/nftables.conf14
2 files changed, 14 insertions, 4 deletions
diff --git a/roles/space_server/files/networkd/network/10-lan20.network b/roles/space_server/files/networkd/network/10-lan20.network
index b30caa4..06b1ff1 100644
--- a/roles/space_server/files/networkd/network/10-lan20.network
+++ b/roles/space_server/files/networkd/network/10-lan20.network
@@ -17,3 +17,7 @@ EmitLLDP=no
[Route]
Destination=2a01:4262:1ab::cafe/128
Gateway=2a01:4262:1ab:20::5
+
+[Route]
+Destination=2a01:4262:1ab::db/128
+Gateway=2a01:4262:1ab:20::6
diff --git a/roles/space_server/files/nftables/nftables.conf b/roles/space_server/files/nftables/nftables.conf
index d33a7bf..5f2f1b3 100644
--- a/roles/space_server/files/nftables/nftables.conf
+++ b/roles/space_server/files/nftables/nftables.conf
@@ -6,6 +6,12 @@ define labitat = 185.38.172.72
define spacewand4 = 185.38.175.70
define spacewand6 = 2a01:4262:1ab::cafe
+define spacebrain4 = 185.38.175.69
+define spacebrain6 = 2a01:4262:1ab::db
+
+define labservers4 = { $spacewand4, $spacebrain4 }
+define labservers6 = { $spacewand6, $spacebrain6 }
+
# internal stuff
define ext_if = wan
define ext_ip4 = 185.38.175.0
@@ -102,8 +108,8 @@ table ip filter {
ct state established,related accept
ct state invalid drop
- # accept all traffic to spacewand
- ip daddr $spacewand4 accept
+ # accept all traffic to Labitat servers
+ ip daddr $labservers4 accept
ip saddr $labitat udp dport 161 counter accept # traffic stats
@@ -164,8 +170,8 @@ table ip6 filter {
ct state established,related accept
ct state invalid drop
- # accept all traffic to spacewand
- ip6 daddr $spacewand6 accept
+ # accept all traffic to Labitat servers
+ ip6 daddr $labservers6 accept
iif $wire_if ip6 saddr $wire_net6 accept
iif $priv_if ip6 saddr $priv_net6 accept