diff --git a/config-parts/firewall-name.sh b/config-parts/firewall-name.sh index d6142e8..f93e04a 100644 --- a/config-parts/firewall-name.sh +++ b/config-parts/firewall-name.sh @@ -105,6 +105,10 @@ set firewall name iot-local rule 7 description 'Rule: accept_discovery_from_sono set firewall name iot-local rule 7 destination port '1900,1901,1902,57621' set firewall name iot-local rule 7 protocol 'udp' set firewall name iot-local rule 7 source group address-group 'sonos_controllers' +set firewall name iot-local rule 8 action 'accept' +set firewall name iot-local rule 8 description 'Rule: accept_dns' +set firewall name iot-local rule 8 destination port 'domain,domain-s' +set firewall name iot-local rule 8 protocol 'tcp_udp' # From IOT to SERVERS set firewall name iot-servers default-action 'drop' @@ -431,13 +435,9 @@ set firewall name servers-local rule 8 destination port '3784' set firewall name servers-local rule 8 protocol 'udp' set firewall name servers-local rule 8 source group address-group 'k8s_nodes' set firewall name servers-local rule 9 action 'accept' -set firewall name servers-local rule 9 description 'Rule: accept_dns_udp' -set firewall name servers-local rule 9 destination port '53' -set firewall name servers-local rule 9 protocol 'udp' -set firewall name servers-local rule 10 action 'accept' -set firewall name servers-local rule 10 description 'Rule: accept_dns_tcp' -set firewall name servers-local rule 10 destination port '53' -set firewall name servers-local rule 10 protocol 'tcp' +set firewall name servers-local rule 9 description 'Rule: accept_dns' +set firewall name servers-local rule 9 destination port 'domain,domain-s' +set firewall name servers-local rule 9 protocol 'tcp_udp' # From SERVERS to CONTAINERS set firewall name servers-containers default-action 'accept' @@ -599,13 +599,9 @@ set firewall name trusted-local rule 10 destination port '1900,1901,1902,57621' set firewall name trusted-local rule 10 protocol 'udp' set firewall name trusted-local rule 10 source group address-group 'sonos_controllers' set firewall name trusted-local rule 11 action 'accept' -set firewall name trusted-local rule 11 description 'Rule: accept_dns_udp' -set firewall name trusted-local rule 11 destination port '53' -set firewall name trusted-local rule 11 protocol 'udp' -set firewall name trusted-local rule 12 action 'accept' -set firewall name trusted-local rule 12 description 'Rule: accept_dns_tcp' -set firewall name trusted-local rule 12 destination port '53' -set firewall name trusted-local rule 12 protocol 'tcp' +set firewall name trusted-local rule 11 description 'Rule: accept_dns' +set firewall name trusted-local rule 11 destination port 'domain,domain-s' +set firewall name trusted-local rule 11 protocol 'tcp_udp' # From TRUSTED to SERVERS set firewall name trusted-servers default-action 'accept' diff --git a/config-parts/firewall.sh b/config-parts/firewall.sh index f9b68a3..ea0771b 100644 --- a/config-parts/firewall.sh +++ b/config-parts/firewall.sh @@ -57,6 +57,7 @@ set firewall group address-group k8s_nodes address '10.1.1.33' set firewall group address-group k8s_nodes address '10.1.1.41' set firewall group address-group k8s_nodes address '10.1.1.42' set firewall group address-group k8s_nodes address '10.1.1.43' +set firewall group address-group k8s_nodes address '10.1.1.44' set firewall group address-group k8s_hass address '10.45.0.5' set firewall group address-group k8s_plex address '10.45.0.20' diff --git a/config-parts/protocols.sh b/config-parts/protocols.sh index 5e96d57..4b7f41d 100644 --- a/config-parts/protocols.sh +++ b/config-parts/protocols.sh @@ -10,5 +10,8 @@ set protocols bgp neighbor 10.1.1.42 remote-as '64512' set protocols bgp neighbor 10.1.1.43 address-family ipv4-unicast set protocols bgp neighbor 10.1.1.43 description 'narya' set protocols bgp neighbor 10.1.1.43 remote-as '64512' +set protocols bgp neighbor 10.1.1.44 address-family ipv4-unicast +set protocols bgp neighbor 10.1.1.44 description 'nahar' +set protocols bgp neighbor 10.1.1.44 remote-as '64512' set protocols bgp parameters router-id '10.1.0.1' set protocols bgp system-as '64512' diff --git a/config-parts/service-dhcp_server.sh b/config-parts/service-dhcp_server.sh index d28c7ab..f56c9bc 100644 --- a/config-parts/service-dhcp_server.sh +++ b/config-parts/service-dhcp_server.sh @@ -141,6 +141,8 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'ce:06:3f:d5:32:be' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya ip-address '10.1.1.43' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya mac-address '6a:5b:95:ec:2a:e1' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya ip-address '10.1.1.44' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping narya mac-address 'f2:09:a3:b9:c8:f8' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar ip-address '10.1.1.11' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar mac-address '00:11:32:87:f6:1d' diff --git a/containers/bind/config/zones/db.jahanson.tech b/containers/bind/config/zones/db.jahanson.tech index e1decec..cd280ce 100644 --- a/containers/bind/config/zones/db.jahanson.tech +++ b/containers/bind/config/zones/db.jahanson.tech @@ -5,7 +5,7 @@ $TTL 3600 $ORIGIN jahanson.tech. @ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. ( - 1683832851 ; serial number (epoch timestamp) + 1685450905 ; serial number (epoch timestamp) 7200 ; refresh period 3600 ; retry period 1209600 ; expire time @@ -27,6 +27,7 @@ shadowfax IN A 10.1.1.33 nenya IN A 10.1.1.41 vilya IN A 10.1.1.42 narya IN A 10.1.1.43 +nahar IN A 10.1.1.44 nextcloud IN A 10.1.1.51 frodo IN A 10.1.1.52