Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-06-19 | space_server: nftables: colo: use dynamic reverse path filter | Asbjørn Sloth Tønnesen | |
This patch changes the reverse path filtering of the labicolo VLAN to take place in the prerouting hook, using the kernel routing table, and removes the need to maintain a static prefix list. Labicolo routes are exported to the kernel routing table by BIRD, hence it should be sufficient to only have prefix lists there. This change has been tested, and it's only possible to spoof fellow labicolo members address space (same as before). Esmil: prerouting before input/forward makes more sense to me | |||
2021-06-19 | space_server: bird: remove old prefix lists | Asbjørn Sloth Tønnesen | |
Now that we use communities, we don't need this prefix filter anymore, only the per-customer prefix filters. | |||
2021-06-19 | space_server: bird: export prefixes based on communities | Asbjørn Sloth Tønnesen | |
We only announce a prefix, if we have recieved it from a customer connection or if we originate it our self. This way we avoid announcing prefixes matching the earlier used, prefix list if we haven't recieved it via the customer connection. This is important for multi-homed labicolo customers. Esmil: consistent brace placement | |||
2021-06-19 | space_server: bird: set communities on import | Asbjørn Sloth Tønnesen | |
Assign large communities on prefix import. Later we can then use the community, to decide if we should announce it to our peers. | |||
2021-06-19 | space_server: bird: prepare large communities | Asbjørn Sloth Tønnesen | |
This patch prepares us for adopting Large BGP Communities (RFC 8092). Basic format of Large BGP Communities: <uint32_t asn>:<uint32_t function>:<uint32_t value> We use function 1 for storing prefix type (or relation). We then assign a value to transit, peering, customer and originated prefixes. Large BGP Communities http://largebgpcommunities.net/ https://tools.ietf.org/html/rfc8092 https://tools.ietf.org/html/rfc8195 Esmil: consistent brace placement | |||
2021-06-18 | space_server: bird: asbjorn: enable TTL security | Asbjørn Sloth Tønnesen | |
2021-06-18 | space_server: bird: fiberby: enable TTL security | Asbjørn Sloth Tønnesen | |
This protects us amount otherthings against 3rd parties resetting the TCP connection underneat our BGP sessions. This has been enabled in both ends, and this _MUST_ remain enabled, otherwise these sessions will go down. If this needs to be disabled for some reason then it must be coordinated with Fiberby. RFC 5082 - The Generalized TTL Security Mechanism https://datatracker.ietf.org/doc/html/rfc5082 | |||
2021-06-18 | space_server: bird: fix prefix errorHEADmaster | Hafnium | |
The prefix was only routeable on the intern network, not the whole internet, as it was not added in local_prefix_v6. The 2a0e:8f02:f034::/48 is attached to my ASN, AS211153 Commit message fixed up by Esmil | |||
2021-06-17 | space_server: bird: add bgp peering for Hafnium/AS211153 | Hafnium | |
Commit message and nftables rule fixed up by Esmil | |||
2021-01-29 | space_server: chrony: start chrony after we're online | Emil Renner Berthing | |
2021-01-22 | space_server: named: add trust-ad option to resolv.conf | Emil Renner Berthing | |
2021-01-19 | space_server: radius: use letsencrypt certificate | Emil Renner Berthing | |
2021-01-19 | space_server: certbot: get space.labitat.dk certificate | Emil Renner Berthing | |
2021-01-19 | space_server: ssh: add config for switches | Emil Renner Berthing | |
2021-01-19 | space_server: chrony: run chrony ntp server | Emil Renner Berthing | |
2021-01-17 | space_server: update for Fedora 33 | Emil Renner Berthing | |
2020-10-17 | space_server: nftables: drop spoofed incoming traffic | Emil Renner Berthing | |
Discovered by IMAAL Research Lab, Brigham Young University, thank you. | |||
2020-08-13 | space_server: add labicolo ipv6 range for Esmil | Emil Renner Berthing | |
2020-06-19 | space_server: radius: update radiusd.conf | Emil Renner Berthing | |
2020-03-21 | space_server: networkd: set NTP server on wan interface | Emil Renner Berthing | |
time.cloudflare.com has much lower ping than any of the default N.fedora.pool.ntp.org servers. | |||
2020-03-20 | space_server: nftables: remove traffic stats rules | Emil Renner Berthing | |
This used to open up for polling our old switch for traffic data, but it died and it doesn't work with the new switch so let's plug the hole. | |||
2020-03-14 | space_server: nftables: add graffens prefixes to nftables | Jesper Hess Nielsen | |
2020-03-14 | space_server: bird: add ipv4 BGP session for graffen | Jesper Hess Nielsen | |
2020-03-11 | space_server: bird: add bgp peering for graffen/AS209616 | Jesper Hess Nielsen | |
2020-03-07 | space_server: nftables: forward space.labitat.dk:17380 to jumbotron | Emil Renner Berthing | |
2020-02-29 | space_server: update to Fedora 31 | Emil Renner Berthing | |
2020-02-29 | space_server: networkd: set Scope=link link addresses | Emil Renner Berthing | |
2020-02-27 | space_server: move sudo tasks to fedora role | Emil Renner Berthing | |
..to align with debian role | |||
2019-05-02 | space_server: renumber Fiberby link | Asbjørn Sloth Tønnesen | |
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | |||
2019-04-03 | space_server: named: support dynamic updates | Emil Renner Berthing | |
..of the dhcp zone and reverse dns for 10.42.0.0/16 This way the dhcp daemon can add entries when it handles out leases. | |||
2019-04-02 | space_server: named: create reverse ipv4 zone | Emil Renner Berthing | |
2019-04-01 | space_server: named: use named instead of unbound | Emil Renner Berthing | |
This reverts commit 3b795796bd03488a385f3ad42b10b8c0d61282c1, "space_server: unbound: use unbound instad of bind". Unlike unbound, bind supports synthesizing DNS64 answers only for certain clients, so only requests from the Labitat NAT64 network will get DNS64 answers. | |||
2019-01-10 | space_server: fix one last reference to the old prefix | Asbjørn Sloth Tønnesen | |
Fixes: 78688483 space_server: add Asbjorn's colo addresses and net | |||
2018-12-05 | space_server: enable NAT64/DNS64 network | Emil Renner Berthing | |
2018-12-05 | space_server: avahi: ask myhostname 2nd | Emil Renner Berthing | |
2018-12-05 | space_server: unbound: create /etc/resolv.conf | Emil Renner Berthing | |
2018-12-03 | space_server: networkd: announce proper DNS on mgt | Emil Renner Berthing | |
2018-12-03 | space_server: networkd: disable ARP on untagged interface | Emil Renner Berthing | |
2018-11-30 | space_server: networkd: small cleanups | Emil Renner Berthing | |
2018-11-30 | space_server: use systemd-network for RAs | Emil Renner Berthing | |
..rather radvd | |||
2018-11-30 | space_server: networkd: use Link.RequiredForOnline | Emil Renner Berthing | |
..rather than overriding ExecStart to call networkd-wait-online with --ignore | |||
2018-11-28 | space_server: nat Labitat free from 185.38.175.1 | Emil Renner Berthing | |
2018-11-28 | space_server: add Asbjorn's colo addresses and net | Asbjørn Sloth Tønnesen | |
2018-11-28 | space_server: nftables: accept all traffic to colo nets | Emil Renner Berthing | |
..but don't let colo servers connect to internal addresses. | |||
2018-11-24 | space_server: networkd: smarter set difference | Emil Renner Berthing | |
2018-11-22 | space_server: radvd: up DNS server valid time | Emil Renner Berthing | |
2018-11-10 | space_server: replace blackhole script | Emil Renner Berthing | |
2018-11-10 | space_server: update for Fedora 29 | Emil Renner Berthing | |
2018-11-10 | space_server: drop uneccessary subdirs | Emil Renner Berthing | |
2018-11-06 | space_server: add spacebrain.labitat.dk | Asbjørn Sloth Tønnesen | |