From ef39030d83fb488b16035c82f1f876ed103f541a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 5 Mar 2023 11:20:27 +0100
Subject: ...
---
hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa | 4 ++--
.../arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa | 4 ++--
hosts/vidhar/dns/zones/yggdrasil.soa | 6 +++---
hosts/vidhar/network/ruleset.nft | 4 ++--
hosts/vidhar/printing/default.nix | 14 +++++++-------
hosts/vidhar/printing/ruleset.nft | 11 ++++++-----
6 files changed, 22 insertions(+), 21 deletions(-)
(limited to 'hosts/vidhar')
diff --git a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
index 5f98034e..b23f6fd4 100644
--- a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
+++ b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
@@ -1,7 +1,7 @@
$ORIGIN 141.10.in-addr.arpa.
$TTL 300
@ IN SOA vidhar.lan.yggdrasil. hostmaster.yggdrasil.li (
- 2023030402 ; serial
+ 2023030500 ; serial
300 ; refresh
300 ; retry
300 ; expire
@@ -18,4 +18,4 @@ $TTL 300
3.2 IN PTR printer.printer.yggdrasil.
-1.4 IN PTR printing.vidhar.lan.yggdrasil.
+1.5 IN PTR printing.vidhar.lan.yggdrasil.
diff --git a/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa b/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa
index bec3fd05..39d59939 100644
--- a/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa
+++ b/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa
@@ -1,7 +1,7 @@
$ORIGIN 1.0.0.0.a.d.a.0.2.5.0.0.0.0.0.4.3.0.a.2.ip6.arpa.
$TTL 300
@ IN SOA vidhar.lan.yggdrasil. hostmaster.yggdrasil.li (
- 2023030400 ; serial
+ 2023030500 ; serial
300 ; refresh
300 ; retry
300 ; expire
@@ -14,4 +14,4 @@ $TTL 300
0.0.0.0.0.0.0.0.0.0.0.1 IN PTR vidhar.yggdrasil.
0.0.0.0.0.0.0.0.0.0.0.2 IN PTR sif.yggdrasil.
-0.0.0.0.0.4.0.0.0.0.0.1 IN PTR printing.vidhar.yggdrasil.
+0.0.0.0.0.5.0.0.0.0.0.1 IN PTR printing.vidhar.yggdrasil.
diff --git a/hosts/vidhar/dns/zones/yggdrasil.soa b/hosts/vidhar/dns/zones/yggdrasil.soa
index 3d0daaac..e2b1a61b 100644
--- a/hosts/vidhar/dns/zones/yggdrasil.soa
+++ b/hosts/vidhar/dns/zones/yggdrasil.soa
@@ -1,7 +1,7 @@
$ORIGIN yggdrasil.
$TTL 300
@ IN SOA vidhar.yggdrasil. hostmaster.yggdrasil.li (
- 2023030405 ; serial
+ 2023030500 ; serial
300 ; refresh
300 ; retry
300 ; expire
@@ -31,5 +31,5 @@ ap01.mgmt IN A 10.141.1.4
printer.printer IN A 10.141.3.2
-printing.vidhar.lan IN A 10.141.4.1
-printing.vidhar IN AAAA 2a03:4000:52:ada:4::1
+printing.vidhar.lan IN A 10.141.5.1
+printing.vidhar IN AAAA 2a03:4000:52:ada:5::1
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index d2c88008..37c1cf55 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -144,8 +144,8 @@ table inet filter {
iifname lan oifname { dsl, bifrost } counter name fw-lan accept
- iifname lan oifname ve-printing ip daddr 10.141.4.1 tcp dport 631 counter name fw-cups accept
- iifname lan oifname ve-printing ip6 daddr 2a03:4000:52:ada:4::1 tcp dport 631 counter name fw-cups accept
+ iifname lan oifname ve-printing ip daddr 10.141.5.1 tcp dport 631 counter name fw-cups accept
+ iifname lan oifname ve-printing ip6 daddr 2a03:4000:52:ada:5::1 tcp dport 631 counter name fw-cups accept
iifname ve-printing oifname lan ct state {established, related} counter name fw-printing accept
diff --git a/hosts/vidhar/printing/default.nix b/hosts/vidhar/printing/default.nix
index 0e0dfcf7..d844823b 100644
--- a/hosts/vidhar/printing/default.nix
+++ b/hosts/vidhar/printing/default.nix
@@ -10,10 +10,10 @@ in {
privateNetwork = true;
ephemeral = true;
autoStart = true;
- hostAddress = "10.141.4.0";
- hostAddress6 = "2a03:4000:52:ada:4::";
- localAddress = "10.141.4.1";
- localAddress6 = "2a03:4000:52:ada:4::1";
+ hostAddress = "10.141.5.0";
+ hostAddress6 = "2a03:4000:52:ada:5::";
+ localAddress = "10.141.5.1";
+ localAddress6 = "2a03:4000:52:ada:5::1";
interfaces = [ "printer" ];
config = let
hostConfig = config;
@@ -42,10 +42,10 @@ in {
{ subnet = "10.141.3.0/24";
option-data = [
{ name = "domain-name-servers";
- data = "10.141.4.0";
+ data = "10.141.5.0";
}
{ name = "ntp-servers";
- data = "10.141.4.0";
+ data = "10.141.5.0";
}
{ name = "broadcast-address";
data = "10.141.3.255";
@@ -81,7 +81,7 @@ in {
allowFrom = [ "all" ];
extraConf = ''
ServerName printing
- ServerAlias 10.141.4.1 2a03:4000:52:ada:4::1 printing.vidhar.yggdrasil printing.vidhar.lan.yggdrasil
+ ServerAlias 10.141.5.1 2a03:4000:52:ada:5::1 printing.vidhar.yggdrasil printing.vidhar.lan.yggdrasil
'';
};
diff --git a/hosts/vidhar/printing/ruleset.nft b/hosts/vidhar/printing/ruleset.nft
index c3027567..e47256c3 100644
--- a/hosts/vidhar/printing/ruleset.nft
+++ b/hosts/vidhar/printing/ruleset.nft
@@ -44,6 +44,7 @@ table inet filter {
counter fw-printer {}
counter fw-host {}
+ counter icmp-fw {}
counter icmp-ratelimit-fw {}
counter reject-ratelimit-fw {}
@@ -97,9 +98,9 @@ table inet filter {
meta l4proto $icmp_protos counter name icmp-fw accept
- iifname printer oifname eth0 ip daddr 10.141.4.0 meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter fw-printer accept
- iifname printer oifname eth0 ip6 daddr 2a03:4000:52:ada:4:: meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter fw-printer accept
- iifname eth0 oifname printer counter fw-host accept
+ iifname printer oifname eth0 ip daddr 10.141.5.0 meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter name fw-printer accept
+ iifname printer oifname eth0 ip6 daddr 2a03:4000:52:ada:5:: meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter name fw-printer accept
+ iifname eth0 oifname printer counter name fw-host accept
limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop
@@ -127,8 +128,8 @@ table inet filter {
meta l4proto $icmp_protos counter name icmp-rx accept
- ip6 saddr 2a03:4000:52:ada:4:: tcp dport 631 counter name cups-rx accept
- ip saddr 10.141.4.0 tcp dport 631 counter name cups-rx accept
+ ip6 saddr 2a03:4000:52:ada:5:: tcp dport 631 counter name cups-rx accept
+ ip saddr 10.141.5.0 tcp dport 631 counter name cups-rx accept
ct state {established, related} counter name established-rx accept
--
cgit v1.2.3