diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2022-12-25 11:01:17 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2022-12-25 11:01:17 +0100 |
| commit | 10b54214a2db57f4f8d3e7991040aa4aedb6c419 (patch) | |
| tree | 254f38febb36a84ce44942bdd36c525e029715dd /inventory/host_vars/mz-router.yml | |
| parent | mz-(router|ap): upgrade to openwrt 22.03.2 (diff) | |
mz-(router|ap): switch to WPA3 and enable FT
Diffstat (limited to 'inventory/host_vars/mz-router.yml')
| -rw-r--r-- | inventory/host_vars/mz-router.yml | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/inventory/host_vars/mz-router.yml b/inventory/host_vars/mz-router.yml index 23fd2931..6327ae78 100644 --- a/inventory/host_vars/mz-router.yml +++ b/inventory/host_vars/mz-router.yml @@ -75,10 +75,6 @@ openwrt_mixin: table inet global { ## INPUT - chain input_lan { - ip saddr $prefix_lan accept - } - chain input_wan { ip protocol icmp accept ip6 nexthdr ipv6-icmp accept @@ -88,7 +84,7 @@ openwrt_mixin: chain input { type filter hook input priority filter; policy drop; ct state vmap { established: accept, related: accept, invalid: drop } - iifname vmap { lo: accept, $nic_lan: jump input_lan, $nic_wan: jump input_wan } + iifname vmap { lo: accept, $nic_lan: accept, $nic_wan: jump input_wan } } @@ -226,7 +222,7 @@ openwrt_uci: disassoc_low_ack: 1 rsn_preauth: 1 ssid: "chaosWDS" - encryption: 'psk2+ccmp' + encryption: 'sae-mixed' key: '{{ vault_wifi_keys.wds_mz }}' - name: wifi-iface lan5g @@ -237,8 +233,11 @@ openwrt_uci: disassoc_low_ack: 1 rsn_preauth: 1 ssid: "chaos at home" - encryption: 'psk2+ccmp' + encryption: 'sae-mixed' key: '{{ vault_wifi_keys.lan }}' + ieee80211r: '1' + mobility_domain: 'ca00' + ft_over_ds: '1' - name: wifi-iface lan2g options: @@ -248,5 +247,8 @@ openwrt_uci: disassoc_low_ack: 1 rsn_preauth: 1 ssid: "chaos at home" - encryption: 'psk2+ccmp' + encryption: 'sae-mixed' key: '{{ vault_wifi_keys.lan }}' + ieee80211r: '1' + mobility_domain: 'ca00' + ft_over_ds: '1' |