Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-06-18 | space_server: nftables: colo: use dynamic reverse path filter | Asbjørn Sloth Tønnesen | |
This patch changes the reverse path filtering of the labicolo VLAN to take place in the prerouting hook, using the kernel routing table, and removes the need to maintain a static prefix list. Labicolo routes are exported to the kernel routing table by BIRD, hence it should be sufficient to only have prefix lists there. This change has been tested, and it's only possible to spoof fellow labicolo members address space (same as before). | |||
2021-06-18 | space_server: bird: remove old prefix lists | Asbjørn Sloth Tønnesen | |
Now that we use communities, we don't need this prefix filter anymore, only the per-customer prefix filters. | |||
2021-06-18 | space_server: bird: export prefixes based on communities | Asbjørn Sloth Tønnesen | |
We only announce a prefix, if we have recieved it from a customer connection or if we originate it our self. This way we avoid announcing prefixes matching the earlier used, prefix list if we haven't recieved it via the customer connection. This is important for multi-homed labicolo customers. | |||
2021-06-18 | space_server: bird: set communities on import | Asbjørn Sloth Tønnesen | |
Assign large communities on prefix import. Later we can then use the community, to decide if we should announce it to our peers. | |||
2021-06-18 | space_server: bird: prepare large communities | Asbjørn Sloth Tønnesen | |
This patch prepares us for adopting Large BGP Communities (RFC 8092). Basic format of Large BGP Communities: <uint32_t asn>:<uint32_t function>:<uint32_t value> We use function 1 for storing prefix type (or relation). We then assign a value to transit, peering, customer and originated prefixes. Large BGP Communities http://largebgpcommunities.net/ https://tools.ietf.org/html/rfc8092 https://tools.ietf.org/html/rfc8195 | |||
2021-06-18 | space_server: bird: asbjorn: enable TTL security | Asbjørn Sloth Tønnesen | |
2021-06-18 | space_server: bird: fiberby: enable TTL security | Asbjørn Sloth Tønnesen | |
This protects us amount otherthings against 3rd parties resetting the TCP connection underneat our BGP sessions. This has been enabled in both ends, and this _MUST_ remain enabled, otherwise these sessions will go down. If this needs to be disabled for some reason then it must be coordinated with Fiberby. RFC 5082 - The Generalized TTL Security Mechanism https://datatracker.ietf.org/doc/html/rfc5082 | |||
2021-06-18 | space_server: bird: fix prefix errorHEADmaster | Hafnium | |
The prefix was only routeable on the intern network, not the whole internet, as it was not added in local_prefix_v6. The 2a0e:8f02:f034::/48 is attached to my ASN, AS211153 Commit message fixed up by Esmil | |||
2021-06-17 | space_server: bird: add bgp peering for Hafnium/AS211153 | Hafnium | |
Commit message and nftables rule fixed up by Esmil | |||
2021-06-01 | space_server: vars: update foodputer mac address | Emil Renner Berthing | |
In a heroic effort Asbjørn has replaced the old broken foodputer. | |||
2021-06-01 | space_server: vars: add more convenient packages | Emil Renner Berthing | |
2021-06-01 | users: esmil: remove old ssh keys | Emil Renner Berthing | |
2021-01-29 | space_server: chrony: start chrony after we're online | Emil Renner Berthing | |
2021-01-22 | space_server: named: add trust-ad option to resolv.conf | Emil Renner Berthing | |
2021-01-19 | space_server: radius: use letsencrypt certificate | Emil Renner Berthing | |
2021-01-19 | space_server: certbot: get space.labitat.dk certificate | Emil Renner Berthing | |
2021-01-19 | space_server: ssh: add config for switches | Emil Renner Berthing | |
2021-01-19 | space_server: chrony: run chrony ntp server | Emil Renner Berthing | |
2021-01-18 | fedora: handlers: add restart sshd handler | Emil Renner Berthing | |
2021-01-17 | space_server: update for Fedora 33 | Emil Renner Berthing | |
2021-01-16 | fedora: homed: configure systemd-homed | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add bunkerap1 | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add bunkerswitch | Emil Renner Berthing | |
2021-01-16 | space_server: vars: add description for switch | Emil Renner Berthing | |
..and remove wrong MAC address. The switch doesn't (and shouldn't) use dhcp. | |||
2021-01-16 | fedora: systemd: configure sleep.conf and user.conf | Emil Renner Berthing | |
2021-01-16 | fedora: timesyncd: fix disabling | Emil Renner Berthing | |
2020-11-17 | space_server: add static ips for pixelfluthafnium | Hafnium | |
2020-10-17 | space_server: nftables: drop spoofed incoming traffic | Emil Renner Berthing | |
Discovered by IMAAL Research Lab, Brigham Young University, thank you. | |||
2020-08-13 | space_server: add labicolo ipv6 range for Esmil | Emil Renner Berthing | |
2020-06-19 | space_server: radius: update radiusd.conf | Emil Renner Berthing | |
2020-06-01 | users: rasmis: added | Emil Renner Berthing | |
Add Rasmus so he can jump to the foodputer and read out the drinkomatic database. | |||
2020-06-01 | users: add support for jumponly users | Emil Renner Berthing | |
2020-06-01 | users: esmil: add stitch key and update .bashrc | Emil Renner Berthing | |
2020-04-10 | users: root: update bashrc | Emil Renner Berthing | |
2020-03-21 | space_server: networkd: set NTP server on wan interface | Emil Renner Berthing | |
time.cloudflare.com has much lower ping than any of the default N.fedora.pool.ntp.org servers. | |||
2020-03-20 | space_server: nftables: remove traffic stats rules | Emil Renner Berthing | |
This used to open up for polling our old switch for traffic data, but it died and it doesn't work with the new switch so let's plug the hole. | |||
2020-03-20 | users: graffen: added | Jesper Hess Nielsen | |
2020-03-14 | space_server: nftables: add graffens prefixes to nftables | Jesper Hess Nielsen | |
2020-03-14 | space_server: bird: add ipv4 BGP session for graffen | Jesper Hess Nielsen | |
2020-03-11 | space_server: bird: add bgp peering for graffen/AS209616 | Jesper Hess Nielsen | |
2020-03-07 | space_server: nftables: forward space.labitat.dk:17380 to jumbotron | Emil Renner Berthing | |
2020-03-03 | jumbotron: disable IPv6 privacy extensions | Emil Renner Berthing | |
..so we can make sure the jumbotron always takes the same IPv6 address and we can whitelist it in the firewall. | |||
2020-03-02 | Add AnyEvent::HTTPD package (for github integration) | Kristian Nielsen | |
2020-03-01 | space_server: radius: configure certificates | Emil Renner Berthing | |
2020-02-29 | space_server: update to Fedora 31 | Emil Renner Berthing | |
2020-02-29 | space_server: networkd: set Scope=link link addresses | Emil Renner Berthing | |
2020-02-29 | fedora: networkd: configure networkd.conf | Emil Renner Berthing | |
2020-02-29 | fedora: sudo: update sudoers file | Emil Renner Berthing | |
2020-02-29 | fedora: dnf: set install_weak_deps=no | Emil Renner Berthing | |
..when installing packages. In case the Ansible dnf module doesn't consult /etc/dnf/dnf.conf | |||
2020-02-27 | debian: networkd: remove last |bool instance | Emil Renner Berthing | |