Battlestar Routing Rules

cohoe commented 2 years ago

 sudo firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 1 -s 192.168.8.0/21 -d 0.0.0.0/0 -j ACCEPT
 sudo firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 1 -s 0.0.0.0/0 -d 192.168.8.0/21 -j ACCEPT

cohoe commented 1 year ago

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 1 -s 172.16.31.0/24 -d 0.0.0.0/0 -j ACCEPT
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 1 -s 0.0.0.0/0 -d 172.16.31.0/24 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 1 -s 172.16.31.0/24 -d 0.0.0.0/0 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 1 -s 0.0.0.0/0 -d 172.16.31.0/24 -j ACCEPT

cohoe commented 1 year ago

sudo ipset create localspace hash:net
sudo ipset add localspace 192.168.8.0/21

sudo ipset create privatespace hash:net
sudo ipset add privatespace 192.168.8.0/21
sudo ipset add privatespace 192.168.16.0/21
sudo ipset add privatespace 192.168.24.0/21
sudo ipset add privatespace 192.168.32.0/21

sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 1 -m set --set localspace src -m set --set privatespace dst -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 1 -m set --set privatespace src -m set --set localspace dst -j ACCEPT

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 1 -i wg0 -j ACCEPT
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 1 -o wg0 -j ACCEPT
sudo firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 1 -o ens+ -j MASQUERADE

cohoe / workstation

Battlestar Routing Rules #126