Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-06-18 | space_server: nftables: colo: use dynamic reverse path filter | Asbjørn Sloth Tønnesen | |
This patch changes the reverse path filtering of the labicolo VLAN to take place in the prerouting hook, using the kernel routing table, and removes the need to maintain a static prefix list. Labicolo routes are exported to the kernel routing table by BIRD, hence it should be sufficient to only have prefix lists there. This change has been tested, and it's only possible to spoof fellow labicolo members address space (same as before). | |||
2021-06-18 | space_server: bird: remove old prefix lists | Asbjørn Sloth Tønnesen | |
Now that we use communities, we don't need this prefix filter anymore, only the per-customer prefix filters. | |||
2021-06-18 | space_server: bird: export prefixes based on communities | Asbjørn Sloth Tønnesen | |
We only announce a prefix, if we have recieved it from a customer connection or if we originate it our self. This way we avoid announcing prefixes matching the earlier used, prefix list if we haven't recieved it via the customer connection. This is important for multi-homed labicolo customers. | |||
2021-06-18 | space_server: bird: set communities on import | Asbjørn Sloth Tønnesen | |
Assign large communities on prefix import. Later we can then use the community, to decide if we should announce it to our peers. | |||
2021-06-18 | space_server: bird: prepare large communities | Asbjørn Sloth Tønnesen | |
This patch prepares us for adopting Large BGP Communities (RFC 8092). Basic format of Large BGP Communities: <uint32_t asn>:<uint32_t function>:<uint32_t value> We use function 1 for storing prefix type (or relation). We then assign a value to transit, peering, customer and originated prefixes. Large BGP Communities http://largebgpcommunities.net/ https://tools.ietf.org/html/rfc8092 https://tools.ietf.org/html/rfc8195 | |||
2021-06-18 | space_server: bird: asbjorn: enable TTL security | Asbjørn Sloth Tønnesen | |
2021-06-18 | space_server: bird: fiberby: enable TTL security | Asbjørn Sloth Tønnesen | |
This protects us amount otherthings against 3rd parties resetting the TCP connection underneat our BGP sessions. This has been enabled in both ends, and this _MUST_ remain enabled, otherwise these sessions will go down. If this needs to be disabled for some reason then it must be coordinated with Fiberby. RFC 5082 - The Generalized TTL Security Mechanism https://datatracker.ietf.org/doc/html/rfc5082 | |||
2021-06-18 | space_server: bird: fix prefix errorHEADmaster | Hafnium | |
The prefix was only routeable on the intern network, not the whole internet, as it was not added in local_prefix_v6. The 2a0e:8f02:f034::/48 is attached to my ASN, AS211153 Commit message fixed up by Esmil | |||
2021-06-17 | space_server: bird: add bgp peering for Hafnium/AS211153 | Hafnium | |
Commit message and nftables rule fixed up by Esmil | |||
2021-06-01 | space_server: vars: update foodputer mac address | Emil Renner Berthing | |
In a heroic effort Asbjørn has replaced the old broken foodputer. | |||
2021-06-01 | space_server: vars: add more convenient packages | Emil Renner Berthing | |
2021-01-29 | space_server: chrony: start chrony after we're online | Emil Renner Berthing | |
2021-01-22 | space_server: named: add trust-ad option to resolv.conf | Emil Renner Berthing | |
2021-01-19 | space_server: radius: use letsencrypt certificate | Emil Renner Berthing | |
2021-01-19 | space_server: certbot: get space.labitat.dk certificate | Emil Renner Berthing | |
2021-01-19 | space_server: ssh: add config for switches | Emil Renner Berthing | |
2021-01-19 | space_server: chrony: run chrony ntp server | Emil Renner Berthing | |
2021-01-18 | fedora: handlers: add restart sshd handler | Emil Renner Berthing | |
2021-01-17 | space_server: update for Fedora 33 | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add bunkerap1 | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add bunkerswitch | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add description for switch | Emil Renner Berthing | |
..and remove wrong MAC address. The switch doesn't (and shouldn't) use dhcp. | |||
2020-11-17 | space_server: add static ips for pixelfluthafnium | Hafnium | |
2020-10-17 | space_server: nftables: drop spoofed incoming traffic | Emil Renner Berthing | |
Discovered by IMAAL Research Lab, Brigham Young University, thank you. | |||
2020-08-13 | space_server: add labicolo ipv6 range for Esmil | Emil Renner Berthing | |
2020-06-19 | space_server: radius: update radiusd.conf | Emil Renner Berthing | |
2020-06-01 | users: rasmis: added | Emil Renner Berthing | |
Add Rasmus so he can jump to the foodputer and read out the drinkomatic database. | |||
2020-03-21 | space_server: networkd: set NTP server on wan interface | Emil Renner Berthing | |
time.cloudflare.com has much lower ping than any of the default N.fedora.pool.ntp.org servers. | |||
2020-03-20 | space_server: nftables: remove traffic stats rules | Emil Renner Berthing | |
This used to open up for polling our old switch for traffic data, but it died and it doesn't work with the new switch so let's plug the hole. | |||
2020-03-20 | users: graffen: added | Jesper Hess Nielsen | |
2020-03-14 | space_server: nftables: add graffens prefixes to nftables | Jesper Hess Nielsen | |
2020-03-14 | space_server: bird: add ipv4 BGP session for graffen | Jesper Hess Nielsen | |
2020-03-11 | space_server: bird: add bgp peering for graffen/AS209616 | Jesper Hess Nielsen | |
2020-03-07 | space_server: nftables: forward space.labitat.dk:17380 to jumbotron | Emil Renner Berthing | |
2020-03-01 | space_server: radius: configure certificates | Emil Renner Berthing | |
2020-02-29 | space_server: update to Fedora 31 | Emil Renner Berthing | |
2020-02-29 | space_server: networkd: set Scope=link link addresses | Emil Renner Berthing | |
2020-02-27 | roles: remove useless |bool filters | Emil Renner Berthing | |
This used to be a fix for some bogus warnings, but they seem to have gone in recent versions of Ansible | |||
2020-02-27 | space_server: show nicer loop items | Emil Renner Berthing | |
2020-02-27 | space_server: avahi: use shorter dict format | Emil Renner Berthing | |
2020-02-27 | space_server: move sudo tasks to fedora role | Emil Renner Berthing | |
..to align with debian role | |||
2020-02-27 | space_server: use common secrets.yml in ansible root | Emil Renner Berthing | |
..and generalize and move sshd tasks to fedora role. | |||
2020-02-27 | fedora: update for hash_behaviour = replace | Emil Renner Berthing | |
2020-02-23 | space_server: vars: add piscreen2.s | Emil Renner Berthing | |
2019-07-06 | roles: fix warnings about bare boolean variables | Emil Renner Berthing | |
2019-05-02 | space_server: renumber Fiberby link | Asbjørn Sloth Tønnesen | |
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk> | |||
2019-04-11 | space_server: dhcpd: add timezone info | Emil Renner Berthing | |
2019-04-07 | space_server: dhcpd: only do ddns for sane hostnames | Emil Renner Berthing | |
2019-04-05 | space_server: named: allow local transfer queries | Emil Renner Berthing | |
..so now you can see all registered dhcp hostnames with: dig axfr dhcp | |||
2019-04-03 | space_server: vars: add SIP box as voip.s | Emil Renner Berthing | |