changes to fw and unbound
This commit is contained in:
@@ -19,13 +19,25 @@
|
|||||||
chain input {
|
chain input {
|
||||||
type filter hook input priority filter; policy drop;
|
type filter hook input priority filter; policy drop;
|
||||||
|
|
||||||
|
# accept any localhost traffic
|
||||||
|
iif lo accept
|
||||||
|
|
||||||
# Allow trusted networks to access the router
|
# Allow trusted networks to access the router
|
||||||
iifname {
|
iifname {
|
||||||
"wan" # disable when final
|
"wan", # disable when final
|
||||||
"lan",
|
"lan",
|
||||||
"wg_cloonar"
|
"wg_cloonar"
|
||||||
} counter accept
|
} counter accept
|
||||||
|
|
||||||
|
# Allow networks to access the dns
|
||||||
|
iifname {
|
||||||
|
"lan",
|
||||||
|
"server",
|
||||||
|
"wg_cloonar",
|
||||||
|
"smart",
|
||||||
|
"multimedia"
|
||||||
|
} udp dport { 53, 67, 68 } tcp dport { 80, 443, 853 } counter accept
|
||||||
|
|
||||||
# Accept mDNS for avahi reflection
|
# Accept mDNS for avahi reflection
|
||||||
# iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept
|
# iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept
|
||||||
# iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept
|
# iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept
|
||||||
|
|||||||
@@ -4,78 +4,79 @@
|
|||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
interface = [ "10.42.96.1" "10.42.97.1" "10.42.99.1" "10.42.254.1" ];
|
interface = [ "10.42.96.1" "10.42.97.1" "10.42.99.1" "10.42.254.1" ];
|
||||||
tls-cert-bundle = "/var/lib/acme/fw.cloonar.com/fullchain.pem";
|
# tls-cert-bundle = "/var/lib/acme/fw.cloonar.com/fullchain.pem";
|
||||||
};
|
};
|
||||||
local-data = [
|
# local-zone = "cloonar.com transparent";
|
||||||
"localhost A 127.0.0.1"
|
# local-data = [
|
||||||
"localhost.cloonar.com A 127.0.0.1"
|
# "\"localhost A 127.0.0.1\""
|
||||||
"localhost AAAA ::1"
|
# "localhost.cloonar.com A 127.0.0.1"
|
||||||
"localhost.cloonar.com AAAA ::1"
|
# "localhost AAAA ::1"
|
||||||
"fw.cloonar.com A 10.42.97.1"
|
# "localhost.cloonar.com AAAA ::1"
|
||||||
"fw A 10.42.97.1"
|
# "fw.cloonar.com A 10.42.97.1"
|
||||||
|
# "fw A 10.42.97.1"
|
||||||
"switch.cloonar.com IN A 10.42.97.10"
|
#
|
||||||
"drone.cloonar.com IN A 10.42.97.118"
|
# "switch.cloonar.com IN A 10.42.97.10"
|
||||||
"hv-02.cloonar.com IN A 10.42.97.3"
|
# "drone.cloonar.com IN A 10.42.97.118"
|
||||||
"home-assistant.cloonar.com IN A 10.42.97.20"
|
# "hv-02.cloonar.com IN A 10.42.97.3"
|
||||||
"deconz.cloonar.com IN A 10.42.97.20"
|
# "home-assistant.cloonar.com IN A 10.42.97.20"
|
||||||
"mopidy.cloonar.com IN A 10.42.97.20"
|
# "deconz.cloonar.com IN A 10.42.97.20"
|
||||||
"snapcast.cloonar.com IN A 10.42.97.20"
|
# "mopidy.cloonar.com IN A 10.42.97.20"
|
||||||
"cl-storage-01.cloonar.com IN A 10.42.97.9"
|
# "snapcast.cloonar.com IN A 10.42.97.20"
|
||||||
"git.cloonar.com IN A 10.42.97.118"
|
# "cl-storage-01.cloonar.com IN A 10.42.97.9"
|
||||||
|
# "git.cloonar.com IN A 10.42.97.118"
|
||||||
"stage.wsw.at IN A 10.254.235.22"
|
#
|
||||||
"prod.wsw.at IN A 10.254.217.23"
|
# "stage.wsw.at IN A 10.254.235.22"
|
||||||
"piwik.wohnservice-wien.at IN A 10.254.240.109"
|
# "prod.wsw.at IN A 10.254.217.23"
|
||||||
"wohnservice-wien.at IN A 10.254.240.109"
|
# "piwik.wohnservice-wien.at IN A 10.254.240.109"
|
||||||
"mieterhilfe.at IN A 10.254.240.109"
|
# "wohnservice-wien.at IN A 10.254.240.109"
|
||||||
"wohnpartner-wien.at IN A 10.254.240.109"
|
# "mieterhilfe.at IN A 10.254.240.109"
|
||||||
"wohnberatung-wien.at IN A 10.254.240.109"
|
# "wohnpartner-wien.at IN A 10.254.240.109"
|
||||||
"wienbautvor.at IN A 10.254.240.109"
|
# "wohnberatung-wien.at IN A 10.254.240.109"
|
||||||
"a.wohnservice-wien.at IN A 10.254.240.109"
|
# "wienbautvor.at IN A 10.254.240.109"
|
||||||
"a.wohnpartner-wien.at IN A 10.254.240.109"
|
# "a.wohnservice-wien.at IN A 10.254.240.109"
|
||||||
"a.stage.wohnservice-wien.at IN A 10.254.240.110"
|
# "a.wohnpartner-wien.at IN A 10.254.240.109"
|
||||||
"a.stage.mieterhilfe.at IN A 10.254.240.110"
|
# "a.stage.wohnservice-wien.at IN A 10.254.240.110"
|
||||||
"a.stage.wohnpartner-wien.at IN A 10.254.240.110"
|
# "a.stage.mieterhilfe.at IN A 10.254.240.110"
|
||||||
"a.stage.wohnberatung-wien.at IN A 10.254.240.110"
|
# "a.stage.wohnpartner-wien.at IN A 10.254.240.110"
|
||||||
"a.stage.wienbautvor.at IN A 10.254.240.110"
|
# "a.stage.wohnberatung-wien.at IN A 10.254.240.110"
|
||||||
"a.stage.wienwohntbesser.at IN A 10.254.240.110"
|
# "a.stage.wienbautvor.at IN A 10.254.240.110"
|
||||||
"upgrade-staging.wohnservice-wien.at IN A 10.254.240.110"
|
# "a.stage.wienwohntbesser.at IN A 10.254.240.110"
|
||||||
"upgrade-staging.mieterhilfe.at IN A 10.254.240.110"
|
# "upgrade-staging.wohnservice-wien.at IN A 10.254.240.110"
|
||||||
"upgrade-staging.wohnpartner-wien.at IN A 10.254.240.110"
|
# "upgrade-staging.mieterhilfe.at IN A 10.254.240.110"
|
||||||
"upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110"
|
# "upgrade-staging.wohnpartner-wien.at IN A 10.254.240.110"
|
||||||
"upgrade-staging.wienbautvor.at IN A 10.254.240.110"
|
# "upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110"
|
||||||
"upgrade-staging.wienwohntbesser.at IN A 10.254.240.110"
|
# "upgrade-staging.wienbautvor.at IN A 10.254.240.110"
|
||||||
|
# "upgrade-staging.wienwohntbesser.at IN A 10.254.240.110"
|
||||||
"testing.ebs.amz.at IN A 80.120.142.235"
|
#
|
||||||
"api.testing-ebs.amz.at IN A 80.120.142.235"
|
# "testing.ebs.amz.at IN A 80.120.142.235"
|
||||||
|
# "api.testing-ebs.amz.at IN A 80.120.142.235"
|
||||||
"metz.cloonar.com IN A 10.42.96.167"
|
#
|
||||||
"firetv-living.cloonar.com IN A 10.42.96.175"
|
# "metz.cloonar.com IN A 10.42.96.167"
|
||||||
"ps5-living.cloonar.com IN A 10.42.96.176"
|
# "firetv-living.cloonar.com IN A 10.42.96.175"
|
||||||
|
# "ps5-living.cloonar.com IN A 10.42.96.176"
|
||||||
"ddl-warez.to IN A 172.67.184.30"
|
#
|
||||||
];
|
# "ddl-warez.to IN A 172.67.184.30"
|
||||||
local-data-ptr = [
|
# ];
|
||||||
"127.0.0.1 localhost"
|
# local-data-ptr = [
|
||||||
"::1 localhost"
|
# "127.0.0.1 localhost"
|
||||||
"10.42.97.10 switch.cloonar.com"
|
# "::1 localhost"
|
||||||
"10.42.97.1 fw.cloonar.com"
|
# "10.42.97.10 switch.cloonar.com"
|
||||||
"10.42.97.118 drone.cloonar.com"
|
# "10.42.97.1 fw.cloonar.com"
|
||||||
"10.42.97.3 hv-02.cloonar.com"
|
# "10.42.97.118 drone.cloonar.com"
|
||||||
"10.42.97.20 home-assistant.cloonar.com"
|
# "10.42.97.3 hv-02.cloonar.com"
|
||||||
"10.42.97.9 cl-storage-01.cloonar.com"
|
# "10.42.97.20 home-assistant.cloonar.com"
|
||||||
"10.42.97.118 git.cloonar.com"
|
# "10.42.97.9 cl-storage-01.cloonar.com"
|
||||||
|
# "10.42.97.118 git.cloonar.com"
|
||||||
"10.254.235.22 stage.wsw.at"
|
#
|
||||||
"10.254.217.23 prod.wsw.at"
|
# "10.254.235.22 stage.wsw.at"
|
||||||
"10.254.240.109 wohnservice-wien.at"
|
# "10.254.217.23 prod.wsw.at"
|
||||||
"10.254.240.110 a.stage.wohnservice-wien.at"
|
# "10.254.240.109 wohnservice-wien.at"
|
||||||
|
# "10.254.240.110 a.stage.wohnservice-wien.at"
|
||||||
"80.120.142.235 testing.ebs.amz.at"
|
#
|
||||||
|
# "80.120.142.235 testing.ebs.amz.at"
|
||||||
"172.67.184.30 ddl-warez.to"
|
#
|
||||||
];
|
# "172.67.184.30 ddl-warez.to"
|
||||||
|
# ];
|
||||||
forward-zone = [
|
forward-zone = [
|
||||||
{
|
{
|
||||||
name = ".";
|
name = ".";
|
||||||
|
|||||||
Reference in New Issue
Block a user