From 10b54214a2db57f4f8d3e7991040aa4aedb6c419 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 25 Dec 2022 11:01:17 +0100 Subject: mz-(router|ap): switch to WPA3 and enable FT --- inventory/host_vars/mz-router.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'inventory/host_vars/mz-router.yml') diff --git a/inventory/host_vars/mz-router.yml b/inventory/host_vars/mz-router.yml index 23fd2931..6327ae78 100644 --- a/inventory/host_vars/mz-router.yml +++ b/inventory/host_vars/mz-router.yml @@ -75,10 +75,6 @@ openwrt_mixin: table inet global { ## INPUT - chain input_lan { - ip saddr $prefix_lan accept - } - chain input_wan { ip protocol icmp accept ip6 nexthdr ipv6-icmp accept @@ -88,7 +84,7 @@ openwrt_mixin: chain input { type filter hook input priority filter; policy drop; ct state vmap { established: accept, related: accept, invalid: drop } - iifname vmap { lo: accept, $nic_lan: jump input_lan, $nic_wan: jump input_wan } + iifname vmap { lo: accept, $nic_lan: accept, $nic_wan: jump input_wan } } @@ -226,7 +222,7 @@ openwrt_uci: disassoc_low_ack: 1 rsn_preauth: 1 ssid: "chaosWDS" - encryption: 'psk2+ccmp' + encryption: 'sae-mixed' key: '{{ vault_wifi_keys.wds_mz }}' - name: wifi-iface lan5g @@ -237,8 +233,11 @@ openwrt_uci: disassoc_low_ack: 1 rsn_preauth: 1 ssid: "chaos at home" - encryption: 'psk2+ccmp' + encryption: 'sae-mixed' key: '{{ vault_wifi_keys.lan }}' + ieee80211r: '1' + mobility_domain: 'ca00' + ft_over_ds: '1' - name: wifi-iface lan2g options: @@ -248,5 +247,8 @@ openwrt_uci: disassoc_low_ack: 1 rsn_preauth: 1 ssid: "chaos at home" - encryption: 'psk2+ccmp' + encryption: 'sae-mixed' key: '{{ vault_wifi_keys.lan }}' + ieee80211r: '1' + mobility_domain: 'ca00' + ft_over_ds: '1' -- cgit v1.2.3