From 59fc9b891a6e3cacb834ca33e39b9c58f4e103d8 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 1 Aug 2021 15:48:22 +0200
Subject: preapre ele-tub

---
 inventory/group_vars/elevate-festival/vars.yml | 23 ++++++------
 inventory/host_vars/ele-tub.yml                | 49 ++++++++++++++++----------
 2 files changed, 43 insertions(+), 29 deletions(-)

(limited to 'inventory')

diff --git a/inventory/group_vars/elevate-festival/vars.yml b/inventory/group_vars/elevate-festival/vars.yml
index 3fea4df6..9344c7a6 100644
--- a/inventory/group_vars/elevate-festival/vars.yml
+++ b/inventory/group_vars/elevate-festival/vars.yml
@@ -6,7 +6,7 @@ network_zones:
     prefix: 192.168.18.0/24
     gateway: 192.168.18.254
     dns:
-      - 192.168.18.254
+    - 192.168.18.254
     dhcp:
       start: 1
       limit: 199
@@ -35,7 +35,7 @@ network_zones:
     prefix: 192.168.20.0/24
     gateway: 192.168.20.254
     dns:
-      - 192.168.20.254
+    - 192.168.20.254
     dhcp:
       start: 1
       limit: 199
@@ -53,7 +53,7 @@ network_zones:
     prefix: 192.168.23.0/24
     gateway: 192.168.23.254
     dns:
-      - 192.168.23.254
+    - 192.168.23.254
     dhcp:
       start: 1
       limit: 240
@@ -141,6 +141,7 @@ network_zones:
 
       ### Other
       ele-mon: 220
+      ele-tub: 240
       datacop: 249
       equinox-t450s: 250
       ele-router: 254
@@ -152,7 +153,7 @@ network_zones:
     prefix: 192.168.48.0/24
     gateway: 192.168.48.254
     dns:
-      - 192.168.48.254
+    - 192.168.48.254
     offsets:
       companion: 42
       kuschelbaer: 48
@@ -178,7 +179,7 @@ network_zones:
     prefix: 192.168.73.0/24
     gateway: 192.168.73.254
     dns:
-      - 192.168.73.254
+    - 192.168.73.254
     dhcp:
       start: 100
       limit: 199
@@ -201,8 +202,8 @@ network_zones:
     prefix: 85.237.2.96/28
     gateway: 85.237.2.97
     dns:
-      - 217.29.144.65
-      - 217.29.144.66
+    - 217.29.144.65
+    - 217.29.144.66
     offsets:
       ## citycom uses offset 1,2 and 3
       ele-router: 4  # 85.237.2.100
@@ -214,8 +215,8 @@ network_zones:
     prefix: 85.237.28.192/28
     gateway: 85.237.28.193
     dns:
-      - 217.29.144.65
-      - 217.29.144.66
+    - 217.29.144.65
+    - 217.29.144.66
     offsets:
       ## citycom uses offset 1,2 and 3
       ele-helene: 4  # 85.237.28.196
@@ -237,10 +238,10 @@ network_zones:
     vlan: 511
     prefix: 10.12.241.128/28
     gateway: 10.12.241.142
+    dns:
+    - 10.12.0.10
     offsets:
       ele-tub: 14
-    dns:
-      - 10.12.0.10
 
   murat_transfer:
     description: "transfer network for upstream via mur.at"
diff --git a/inventory/host_vars/ele-tub.yml b/inventory/host_vars/ele-tub.yml
index 4ab8ae70..47c06223 100644
--- a/inventory/host_vars/ele-tub.yml
+++ b/inventory/host_vars/ele-tub.yml
@@ -46,17 +46,35 @@ openwrt_mixin:
   /etc/htoprc:
     file: "{{ global_files_dir }}/common/htoprc"
 
-  /etc/rc.local:
+  /etc/rc.d/S22network-fw:
+    link: "../init.d/network-fw"
+
+  /etc/rc.d/K92network-fw:
+    link: "../init.d/network-fw"
+
+  /etc/init.d/network-fw:
+    mode: "0755"
     content: |
-      # Put your custom commands here that should be executed once
-      # the system init finished. By default this file does nothing.
+      #!/bin/sh /etc/rc.common
+
+      START=22
+      STOP=91
 
-      ip rule add pref 42000 lookup default
-      ip rule del pref 32767
-      ip route add default via {{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets['ele-mur']) | ipaddr('address') }} table 172
-      ip rule add pref 33000 from {{ network_zones.funkfeuer.prefix }} lookup 172
+      start() {
+        FF_IF=$(uci get network.ff.ifname)
+        FFSUBNET_IF=$(uci get network.ffsubnet.ifname)
+        FFSUBNET_IPADDR=$(uci get network.ffsubnet.ipaddr)
+        FFSUBNET_NETMASK=$(uci get network.ffsubnet.netmask)
 
-      exit 0
+        iptables -A FORWARD -i "$FFSUBNET_IF" -o "$FF_IF" -s "$FFSUBNET_IPADDR/$FFSUBNET_IPADDR" -j ACCEPT
+        iptables -A FORWARD -i "$FF_IF" -o "$FFSUBNET_IF" -d "$FFSUBNET_IPADDR/$FFSUBNET_IPADDR" -j ACCEPT
+        iptables -P FORWARD DROP
+      }
+
+      stop() {
+        iptables -P FORWARD ACCEPT
+        iptables -F FORWARD
+      }
 
 
 openwrt_uci:
@@ -98,12 +116,14 @@ openwrt_uci:
         ipaddr: 127.0.0.1
         netmask: 255.0.0.0
 
-    - name: interface 'unused'
+    - name: interface 'mgmt'
       options:
         ifname: eth0
-        proto: none
+        proto: static
+        ipaddr: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address') }}"
+        netmask: "{{ network_zones.mgmt.prefix | ipaddr('netmask') }}"
 
-    - name: interface 'uhrturm'
+    - name: interface 'ffsubnet'
       options:
         ifname: eth1
         proto: static
@@ -118,13 +138,6 @@ openwrt_uci:
         netmask: 255.255.0.0
         dns: "{{ network_zones.funkfeuer.dns }}"
 
-    - name: interface 'murattransfer'
-      options:
-        ifname: eth2
-        proto: static
-        ipaddr: "{{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets[inventory_hostname]) | ipaddr('address') }}"
-        netmask: "{{ network_zones.murat_transfer.prefix | ipaddr('netmask') }}"
-
   olsrd:
     - name: olsrd
       options:
-- 
cgit v1.2.3