Changeset 14206 in genesis


Ignore:
Timestamp:
Aug 29, 2018, 7:03:25 PM (6 years ago)
Author:
rick
Message:

Add option for whitelisting services on proxy

To avoid clutter on the network a non-proxy service also requires
this list to be present. This could how-ever yield to unwanted results if the
proxy dynamically changes to one which have a lesser set of features allowed.

Files:
3 edited

Legend:

Unmodified
Added
Removed

  • nodes/Meerburg/wleiden.yaml

    r14205 r14206  
    2222status    : "up"
    2323whitelist : ['58:12:43:AA:6E:D6']
     24publicnat : ['http', 'https', 'submission', 'imaps', 'pop3s']
    2425
    2526

  • nodes/Rick/wleiden.yaml

    r14205 r14206  
    2626serviceid : "172.31.254.9"
    2727status    : "up"
     28publicnat : ['http', 'https', 'submission', 'imaps', 'pop3s']
    2829
    2930

  • tools/gformat.py

    r14199 r14206  
    171171      'autogen_gfile' : gfile,
    172172      'service_proxy_ileiden' : False,
     173      'publicnat' : ['http', 'https'],
    173174    }
    174175    f = open(gfile, 'r')
     
    836837pf_rules="/etc/pf.conf"
    837838{% if autogen_ileiden_enable -%}
    838 pf_flags="-D ext_if={{ externalif }} -D int_if={{ internalif }} -D publicnat={80,443}"
     839pf_flags="-D ext_if={{ externalif }} -D int_if={{ internalif }} -D publicnat={{ publicnat|join(',') }} -D ileiden_ports={{ publicnat|join(',') }}"
    839840lvrouted_enable="{{ autogen_ileiden_enable }}"
    840841lvrouted_flags="-u -s s00p3rs3kr3t -m 28"
     
    892893      pf_flags="-D ext_if=$externalif -D ext_if_net=$externalif:network -D inet_if=$externalif -D inet_ip='($externalif:0)' -D masterip=$masterip"
    893894    {% endif %}
    894     pf_flags="$pf_flags -D publicnat=80,443"
     895    pf_flags="$pf_flags -D publicnat={{ publicnat|join(',') }}"
    895896    lvrouted_flags="$lvrouted_flags -g"
    896897  {% elif service_proxy_normal or service_incoming_rdr %}
     
    906907    named_auto_forward_only="YES"
    907908    pf_rules="/etc/pf.node.conf"
    908     pf_flags=""
     909    pf_flags="-D ileiden_ports={{ publicnat|join(',') }}"
    909910    lvrouted_flags="$lvrouted_flags -z `make_list "$list_ileiden_proxies" ","`"
    910911  {% endif %}
Note: See TracChangeset for help on using the changeset viewer.