Add computer vlan
This commit is contained in:
parent
b5a418308e
commit
cc4321ec81
1 changed files with 49 additions and 2 deletions
|
@ -8,6 +8,7 @@ let
|
||||||
bridge = "br-lan";
|
bridge = "br-lan";
|
||||||
devices = "devices-vlan";
|
devices = "devices-vlan";
|
||||||
wifi = "wifi-vlan";
|
wifi = "wifi-vlan";
|
||||||
|
computer = "comptuer-vlan";
|
||||||
wg0 = "wg0";
|
wg0 = "wg0";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -27,6 +28,7 @@ in
|
||||||
"net.ipv6.conf.${bridge}.accept_ra" = 2;
|
"net.ipv6.conf.${bridge}.accept_ra" = 2;
|
||||||
"net.ipv6.conf.${devices}.accept_ra" = 2;
|
"net.ipv6.conf.${devices}.accept_ra" = 2;
|
||||||
"net.ipv6.conf.${wifi}.accept_ra" = 2;
|
"net.ipv6.conf.${wifi}.accept_ra" = 2;
|
||||||
|
"net.ipv6.conf.${computer}.accept_ra" = 2;
|
||||||
|
|
||||||
"net.ipv4.conf.all.forwarding" = true;
|
"net.ipv4.conf.all.forwarding" = true;
|
||||||
"net.ipv4.conf.default.rp_filter" = 1;
|
"net.ipv4.conf.default.rp_filter" = 1;
|
||||||
|
@ -34,6 +36,7 @@ in
|
||||||
"net.ipv4.conf.${bridge}.rp_filter" = 0;
|
"net.ipv4.conf.${bridge}.rp_filter" = 0;
|
||||||
"net.ipv4.conf.${devices}.rp_filter" = 0;
|
"net.ipv4.conf.${devices}.rp_filter" = 0;
|
||||||
"net.ipv4.conf.${wifi}.rp_filter" = 0;
|
"net.ipv4.conf.${wifi}.rp_filter" = 0;
|
||||||
|
"net.ipv4.conf.${computer}.rp_filter" = 0;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -59,6 +62,13 @@ in
|
||||||
};
|
};
|
||||||
vlanConfig.Id = 40;
|
vlanConfig.Id = 40;
|
||||||
};
|
};
|
||||||
|
"10-${computer}" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = computer;
|
||||||
|
Kind = "vlan";
|
||||||
|
};
|
||||||
|
vlanConfig.Id = 50;
|
||||||
|
};
|
||||||
"20-${bridge}" = {
|
"20-${bridge}" = {
|
||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
Kind = "bridge";
|
Kind = "bridge";
|
||||||
|
@ -114,7 +124,7 @@ in
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
Bridge = bridge;
|
Bridge = bridge;
|
||||||
ConfigureWithoutCarrier = true;
|
ConfigureWithoutCarrier = true;
|
||||||
VLAN = [ devices wifi ];
|
VLAN = [ devices wifi computer ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"40-${bridge}" = {
|
"40-${bridge}" = {
|
||||||
|
@ -179,6 +189,27 @@ in
|
||||||
};
|
};
|
||||||
linkConfig.RequiredForOnline = "routable";
|
linkConfig.RequiredForOnline = "routable";
|
||||||
};
|
};
|
||||||
|
"50-${computer}" = {
|
||||||
|
matchConfig = {
|
||||||
|
Name = computer;
|
||||||
|
Type = "vlan";
|
||||||
|
};
|
||||||
|
address = [
|
||||||
|
"192.168.50.1/24"
|
||||||
|
"2001:db8:50::1/64"
|
||||||
|
];
|
||||||
|
networkConfig = {
|
||||||
|
IPv6SendRA = true;
|
||||||
|
};
|
||||||
|
ipv6Prefixes = [{
|
||||||
|
Prefix = "2001:db8:50::/64";
|
||||||
|
}];
|
||||||
|
ipv6SendRAConfig = {
|
||||||
|
EmitDNS = true;
|
||||||
|
DNS = "2001:db8:50::1";
|
||||||
|
};
|
||||||
|
linkConfig.RequiredForOnline = "routable";
|
||||||
|
};
|
||||||
"60-${wg0}" = {
|
"60-${wg0}" = {
|
||||||
matchConfig.Name = wg0;
|
matchConfig.Name = wg0;
|
||||||
address = [ "192.168.5.1/24" "2001:db8:5::1/64" ];
|
address = [ "192.168.5.1/24" "2001:db8:5::1/64" ];
|
||||||
|
@ -207,6 +238,7 @@ in
|
||||||
|
|
||||||
define DEVICES=${devices}
|
define DEVICES=${devices}
|
||||||
define WIFI=${wifi}
|
define WIFI=${wifi}
|
||||||
|
define COMPUTER=${computer}
|
||||||
define WG0=${wg0}
|
define WG0=${wg0}
|
||||||
|
|
||||||
define HTTP_HOST=192.168.20.200
|
define HTTP_HOST=192.168.20.200
|
||||||
|
@ -277,6 +309,11 @@ in
|
||||||
accept
|
accept
|
||||||
}
|
}
|
||||||
|
|
||||||
|
chain computer_in {}
|
||||||
|
chain computer_out {
|
||||||
|
accept
|
||||||
|
}
|
||||||
|
|
||||||
chain wg_in {}
|
chain wg_in {}
|
||||||
chain wg_out {
|
chain wg_out {
|
||||||
accept
|
accept
|
||||||
|
@ -295,6 +332,7 @@ in
|
||||||
$BRIDGE : jump bridge_in,
|
$BRIDGE : jump bridge_in,
|
||||||
$DEVICES : jump devices_in,
|
$DEVICES : jump devices_in,
|
||||||
$WIFI : jump wifi_in,
|
$WIFI : jump wifi_in,
|
||||||
|
$COMPUTER : jump computer_in,
|
||||||
$WG0 : jump wg_in
|
$WG0 : jump wg_in
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -302,6 +340,7 @@ in
|
||||||
$BRIDGE : jump bridge_out,
|
$BRIDGE : jump bridge_out,
|
||||||
$DEVICES : jump devices_out,
|
$DEVICES : jump devices_out,
|
||||||
$WIFI : jump wifi_out,
|
$WIFI : jump wifi_out,
|
||||||
|
$COMPUTER : jump computer_out,
|
||||||
$WG0 : jump wg_out
|
$WG0 : jump wg_out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -321,6 +360,7 @@ in
|
||||||
tcp dport @internal_access_tcp ct state new iifname vmap {
|
tcp dport @internal_access_tcp ct state new iifname vmap {
|
||||||
$BRIDGE : accept,
|
$BRIDGE : accept,
|
||||||
$WG0 : accept,
|
$WG0 : accept,
|
||||||
|
$COMPUTER : accept,
|
||||||
$DEVICES : jump reject_politely,
|
$DEVICES : jump reject_politely,
|
||||||
$WIFI : jump rate_limit,
|
$WIFI : jump rate_limit,
|
||||||
$WAN : jump rate_limit
|
$WAN : jump rate_limit
|
||||||
|
@ -429,8 +469,11 @@ in
|
||||||
|
|
||||||
"${wifi},192.168.40.10,192.168.40.240,24h"
|
"${wifi},192.168.40.10,192.168.40.240,24h"
|
||||||
"${wifi},::10,constructor:${wifi},ra-names,64,24h"
|
"${wifi},::10,constructor:${wifi},ra-names,64,24h"
|
||||||
|
|
||||||
|
"${computer},192.168.50.10,192.168.50.240,24h"
|
||||||
|
"${computer},::10,constructor:${computer},ra-names,64,24h"
|
||||||
];
|
];
|
||||||
interface = [ bridge devices wifi wg0 ];
|
interface = [ bridge devices wifi computer wg0 ];
|
||||||
dhcp-option = [
|
dhcp-option = [
|
||||||
"${bridge},option:router,192.168.20.1"
|
"${bridge},option:router,192.168.20.1"
|
||||||
"${bridge},option:dns-server,192.168.20.1"
|
"${bridge},option:dns-server,192.168.20.1"
|
||||||
|
@ -443,6 +486,10 @@ in
|
||||||
"${wifi},option:router,192.168.40.1"
|
"${wifi},option:router,192.168.40.1"
|
||||||
"${wifi},option:dns-server,192.168.40.1"
|
"${wifi},option:dns-server,192.168.40.1"
|
||||||
"${wifi},option6:dns-server,2001:db8:40::1"
|
"${wifi},option6:dns-server,2001:db8:40::1"
|
||||||
|
|
||||||
|
"${computer},option:router,192.168.50.1"
|
||||||
|
"${computer},option:dns-server,192.168.50.1"
|
||||||
|
"${computer},option6:dns-server,2001:db8:50::1"
|
||||||
];
|
];
|
||||||
|
|
||||||
local = "/lan/";
|
local = "/lan/";
|
||||||
|
|
Loading…
Reference in a new issue