foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

dhcpd/pf: Add DHCP failover support

Browse source
This commit is contained in:
Timo Makinen 2025-06-22 17:52:29 +00:00
parent 97c9467b89
commit 5e803c87fb
2 changed files with 40 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
roles/pf/templates/pf.conf.gw_dna.j2
View file

@ -50,6 +50,11 @@ pass in quick on $ext_if proto tcp from {{ gw_lan_ip }}/32 to self port ssh
pass in quick on $int_if proto tcp from $int_net to self port 9100
pass in quick on $int_if proto tcp from $int_net to self port 9167
# allow dhcpd failover
{% for host in groups['dnagw_' + intdomain.split('.')[0]] %}
pass in quick on $int_if proto tcp from {{ hostvars[host]['network_interfaces'][0].ipaddr }} to self port 647
{% endfor %}
# allow dns queries from internal net
pass in quick on $int_if proto { tcp, udp } from $int_net to self port domain
pass in quick on $int_if proto tcp from $int_net to self port domain-s
@ -71,6 +76,11 @@ pass out quick on $int_if from self to any
# allow traffic from outside
pass out quick on $int_if from any to $int_net
{% if intdomain == 'iot.foo.sh' %}
# block ip's 50-100 from iot network
block in quick on $int_if from 172.20.27.192/26 to !$int_net
{% endif %}
# allow communication from internal to world
pass in quick on $int_if from $int_net to !$int_net