feat(ISP/firewall): forward filtering #231

lbailly · 2025-01-09T22:43:50+01:00

lbailly commented

2025-01-09 22:43:50 +01:00

Il faut recheck que le checkReversePath est pas génant, et si on déploie on casse la co de test

rlahfa reviewed

2025-01-09 23:18:06 +01:00

machines/nixos/vault01/networking.nix Outdated

					
				@ -322,0 +344,4 @@

				              ip daddr 10.0.0.0/27 accept;

				              # Not others nor CRI

				              ip daddr 10.0.0.0/8 jump forward_reject;

juste jump forward_reject par défaut ici, ne filtre pas par IP.

on veut quand même que les gens puissent accéder à internet

lbailly marked this conversation as resolved

lbailly force-pushed isp-firewall from 3d6bf02c7e

Run pre-commit on all files / pre-commit (push) Successful in 23s

Details

Check meta / check_meta (pull_request) Successful in 15s

Details

Check meta / check_dns (pull_request) Successful in 16s

Details

Check workflows / check_workflows (pull_request) Successful in 17s

Details

Build all the nodes / netcore02 (pull_request) Successful in 21s

Details

Build all the nodes / ap01 (pull_request) Successful in 1m4s

Details

Build the shell / build-shell (pull_request) Successful in 32s

Details

Build all the nodes / bridge01 (pull_request) Successful in 1m59s

Details

Build all the nodes / hypervisor02 (pull_request) Successful in 2m1s

Details

Build all the nodes / hypervisor01 (pull_request) Successful in 2m2s

Details

Build all the nodes / storage01 (pull_request) Successful in 2m0s

Details

Build all the nodes / geo01 (pull_request) Successful in 2m7s

Details

Build all the nodes / geo02 (pull_request) Successful in 2m13s

Details

Build all the nodes / rescue01 (pull_request) Successful in 2m13s

Details

Run pre-commit on all files / pre-commit (pull_request) Successful in 39s

Details

Build all the nodes / hypervisor03 (pull_request) Successful in 2m29s

Details

Build all the nodes / web02 (pull_request) Successful in 2m13s

Details

Build all the nodes / web03 (pull_request) Successful in 2m13s

Details

Build all the nodes / tower01 (pull_request) Successful in 2m35s

Details

Build all the nodes / compute01 (pull_request) Successful in 2m39s

Details

Build all the nodes / web01 (pull_request) Successful in 2m47s

Details

Build all the nodes / vault01 (pull_request) Successful in 3m54s

Details

to c511376ac3

Check meta / check_dns (push) Successful in 16s

Details

Check meta / check_dns (pull_request) Successful in 15s

Details

Check workflows / check_workflows (pull_request) Successful in 16s

Details

Check meta / check_meta (pull_request) Successful in 19s

Details

Check meta / check_meta (push) Successful in 20s

Details

Build all the nodes / netcore02 (pull_request) Successful in 20s

Details

Run pre-commit on all files / pre-commit (push) Successful in 25s

Details

Build all the nodes / ap01 (pull_request) Successful in 32s

Details

Build the shell / build-shell (pull_request) Successful in 27s

Details

Run pre-commit on all files / pre-commit (pull_request) Successful in 23s

Details

Build all the nodes / bridge01 (pull_request) Successful in 2m13s

Details

Build all the nodes / geo02 (pull_request) Successful in 2m13s

Details

Build all the nodes / hypervisor03 (pull_request) Successful in 2m12s

Details

Build all the nodes / vault01 (pull_request) Successful in 2m28s

Details

Build all the nodes / hypervisor01 (pull_request) Successful in 2m59s

Details

Build all the nodes / hypervisor02 (pull_request) Successful in 3m2s

Details

Build all the nodes / build01 (pull_request) Successful in 3m3s

Details

Build all the nodes / storage01 (pull_request) Successful in 2m50s

Details

Build all the nodes / web01 (pull_request) Successful in 2m49s

Details

Build all the nodes / rescue01 (pull_request) Successful in 2m56s

Details

Build all the nodes / tower01 (pull_request) Successful in 2m58s

Details

Build all the nodes / geo01 (pull_request) Successful in 3m15s

Details

Build all the nodes / web03 (pull_request) Successful in 2m54s

Details

Build all the nodes / web02 (pull_request) Successful in 3m1s

Details

Build all the nodes / compute01 (pull_request) Successful in 3m35s

Details

2025-01-14 17:21:31 +01:00

Compare

lbailly force-pushed isp-firewall from c511376ac3

Check meta / check_dns (push) Successful in 16s

Details

Check meta / check_dns (pull_request) Successful in 15s

Details

Check workflows / check_workflows (pull_request) Successful in 16s

Details

Check meta / check_meta (pull_request) Successful in 19s

Details

Check meta / check_meta (push) Successful in 20s

Details

Build all the nodes / netcore02 (pull_request) Successful in 20s

Details

Run pre-commit on all files / pre-commit (push) Successful in 25s

Details

Build all the nodes / ap01 (pull_request) Successful in 32s

Details

Build the shell / build-shell (pull_request) Successful in 27s

Details

Run pre-commit on all files / pre-commit (pull_request) Successful in 23s

Details

Build all the nodes / bridge01 (pull_request) Successful in 2m13s

Details

Build all the nodes / geo02 (pull_request) Successful in 2m13s

Details

Build all the nodes / hypervisor03 (pull_request) Successful in 2m12s

Details

Build all the nodes / vault01 (pull_request) Successful in 2m28s

Details

Build all the nodes / hypervisor01 (pull_request) Successful in 2m59s

Details

Build all the nodes / hypervisor02 (pull_request) Successful in 3m2s

Details

Build all the nodes / build01 (pull_request) Successful in 3m3s

Details

Build all the nodes / storage01 (pull_request) Successful in 2m50s

Details

Build all the nodes / web01 (pull_request) Successful in 2m49s

Details

Build all the nodes / rescue01 (pull_request) Successful in 2m56s

Details

Build all the nodes / tower01 (pull_request) Successful in 2m58s

Details

Build all the nodes / geo01 (pull_request) Successful in 3m15s

Details

Build all the nodes / web03 (pull_request) Successful in 2m54s

Details

Build all the nodes / web02 (pull_request) Successful in 3m1s

Details

Build all the nodes / compute01 (pull_request) Successful in 3m35s

Details

to 58a27d8914

Check meta / check_meta (push) Successful in 15s

Details

Check meta / check_meta (pull_request) Successful in 15s

Details

Check workflows / check_workflows (pull_request) Successful in 16s

Details

Run pre-commit on all files / pre-commit (push) Successful in 24s

Details

Check meta / check_dns (push) Successful in 29s

Details

Check meta / check_dns (pull_request) Successful in 29s

Details

Check workflows / check_workflows (push) Successful in 30s

Details

Build all the nodes / ap01 (pull_request) Successful in 31s

Details

Build all the nodes / netcore02 (pull_request) Successful in 19s

Details

Build all the nodes / geo02 (pull_request) Successful in 1m44s

Details

Build all the nodes / geo01 (pull_request) Successful in 1m45s

Details

Build all the nodes / rescue01 (pull_request) Successful in 2m2s

Details

Build all the nodes / build01 (pull_request) Successful in 2m20s

Details

Build all the nodes / hypervisor01 (pull_request) Successful in 2m22s

Details

Build all the nodes / hypervisor02 (pull_request) Successful in 2m25s

Details

Run pre-commit on all files / pre-commit (pull_request) Successful in 37s

Details

Build the shell / build-shell (pull_request) Successful in 43s

Details

Build all the nodes / hypervisor03 (pull_request) Successful in 2m26s

Details

Build all the nodes / bridge01 (pull_request) Successful in 2m30s

Details

Build all the nodes / tower01 (pull_request) Successful in 2m17s

Details

Build all the nodes / vault01 (pull_request) Successful in 2m15s

Details

Build all the nodes / storage01 (pull_request) Successful in 2m35s

Details

Build all the nodes / web02 (pull_request) Successful in 2m23s

Details

Build all the nodes / compute01 (pull_request) Successful in 2m58s

Details

Build all the nodes / web01 (pull_request) Successful in 2m31s

Details

Build all the nodes / web03 (pull_request) Successful in 2m37s

Details

2025-01-28 16:41:17 +01:00

Compare

lbailly changed title from ~~WIP: feat(ISP/firewall): forward filtering~~ to feat(ISP/firewall): forward filtering

2025-01-28 22:15:47 +01:00

lbailly force-pushed isp-firewall from 58a27d8914

Check meta / check_meta (push) Successful in 15s

Details

Check meta / check_meta (pull_request) Successful in 15s

Details

Check workflows / check_workflows (pull_request) Successful in 16s

Details

Run pre-commit on all files / pre-commit (push) Successful in 24s

Details

Check meta / check_dns (push) Successful in 29s

Details

Check meta / check_dns (pull_request) Successful in 29s

Details

Check workflows / check_workflows (push) Successful in 30s

Details

Build all the nodes / ap01 (pull_request) Successful in 31s

Details

Build all the nodes / netcore02 (pull_request) Successful in 19s

Details

Build all the nodes / geo02 (pull_request) Successful in 1m44s

Details

Build all the nodes / geo01 (pull_request) Successful in 1m45s

Details

Build all the nodes / rescue01 (pull_request) Successful in 2m2s

Details

Build all the nodes / build01 (pull_request) Successful in 2m20s

Details

Build all the nodes / hypervisor01 (pull_request) Successful in 2m22s

Details

Build all the nodes / hypervisor02 (pull_request) Successful in 2m25s

Details

Run pre-commit on all files / pre-commit (pull_request) Successful in 37s

Details

Build the shell / build-shell (pull_request) Successful in 43s

Details

Build all the nodes / hypervisor03 (pull_request) Successful in 2m26s

Details

Build all the nodes / bridge01 (pull_request) Successful in 2m30s

Details

Build all the nodes / tower01 (pull_request) Successful in 2m17s

Details

Build all the nodes / vault01 (pull_request) Successful in 2m15s

Details

Build all the nodes / storage01 (pull_request) Successful in 2m35s

Details

Build all the nodes / web02 (pull_request) Successful in 2m23s

Details

Build all the nodes / compute01 (pull_request) Successful in 2m58s

Details

Build all the nodes / web01 (pull_request) Successful in 2m31s

Details

Build all the nodes / web03 (pull_request) Successful in 2m37s

Details

to e7033418e0

Run pre-commit on all files / pre-commit (push) Has been cancelled

Details

Check meta / check_meta (pull_request) Successful in 16s

Details

Check meta / check_dns (pull_request) Successful in 16s

Details

Check meta / check_meta (push) Successful in 17s

Details

Check meta / check_dns (push) Successful in 19s

Details

Build all the nodes / netaccess01 (pull_request) Successful in 20s

Details

Check workflows / check_workflows (pull_request) Successful in 27s

Details

Build all the nodes / ap01 (pull_request) Successful in 32s

Details

Build all the nodes / netcore01 (pull_request) Successful in 38s

Details

Build all the nodes / netcore02 (pull_request) Successful in 32s

Details

Build the shell / build-shell (pull_request) Successful in 24s

Details

Run pre-commit on all files / pre-commit (pull_request) Successful in 26s

Details

Build all the nodes / hypervisor03 (pull_request) Successful in 1m29s

Details

Build all the nodes / hypervisor01 (pull_request) Successful in 1m32s

Details

Build all the nodes / hypervisor02 (pull_request) Successful in 1m37s

Details

Build all the nodes / geo01 (pull_request) Successful in 1m41s

Details

Build all the nodes / geo02 (pull_request) Successful in 1m45s

Details

Build all the nodes / bridge01 (pull_request) Successful in 1m55s

Details

Build all the nodes / tower01 (pull_request) Successful in 1m55s

Details

Build all the nodes / build01 (pull_request) Successful in 2m4s

Details

Build all the nodes / storage01 (pull_request) Successful in 1m59s

Details

Build all the nodes / rescue01 (pull_request) Successful in 2m4s

Details

Build all the nodes / web02 (pull_request) Successful in 2m10s

Details

Build all the nodes / compute01 (pull_request) Successful in 2m27s

Details

Build all the nodes / vault01 (pull_request) Successful in 2m19s

Details

Build all the nodes / web03 (pull_request) Successful in 2m18s

Details

Build all the nodes / web01 (pull_request) Successful in 2m40s

Details

2025-02-05 00:16:03 +01:00

Compare

lbailly force-pushed isp-firewall from e7033418e0

Run pre-commit on all files / pre-commit (push) Has been cancelled

Details

Check meta / check_meta (pull_request) Successful in 16s

Details

Check meta / check_dns (pull_request) Successful in 16s

Details

Check meta / check_meta (push) Successful in 17s

Details

Check meta / check_dns (push) Successful in 19s

Details

Build all the nodes / netaccess01 (pull_request) Successful in 20s

Details

Check workflows / check_workflows (pull_request) Successful in 27s

Details

Build all the nodes / ap01 (pull_request) Successful in 32s

Details

Build all the nodes / netcore01 (pull_request) Successful in 38s

Details

Build all the nodes / netcore02 (pull_request) Successful in 32s

Details

Build the shell / build-shell (pull_request) Successful in 24s

Details

Run pre-commit on all files / pre-commit (pull_request) Successful in 26s

Details

Build all the nodes / hypervisor03 (pull_request) Successful in 1m29s

Details

Build all the nodes / hypervisor01 (pull_request) Successful in 1m32s

Details

Build all the nodes / hypervisor02 (pull_request) Successful in 1m37s

Details

Build all the nodes / geo01 (pull_request) Successful in 1m41s

Details

Build all the nodes / geo02 (pull_request) Successful in 1m45s

Details

Build all the nodes / bridge01 (pull_request) Successful in 1m55s

Details

Build all the nodes / tower01 (pull_request) Successful in 1m55s

Details

Build all the nodes / build01 (pull_request) Successful in 2m4s

Details

Build all the nodes / storage01 (pull_request) Successful in 1m59s

Details

Build all the nodes / rescue01 (pull_request) Successful in 2m4s

Details

Build all the nodes / web02 (pull_request) Successful in 2m10s

Details

Build all the nodes / compute01 (pull_request) Successful in 2m27s

Details

Build all the nodes / vault01 (pull_request) Successful in 2m19s

Details

Build all the nodes / web03 (pull_request) Successful in 2m18s

Details

Build all the nodes / web01 (pull_request) Successful in 2m40s

Details

to 1737583fbc

Run pre-commit on all files / pre-commit (push) Successful in 25s

Details

Check meta / check_meta (pull_request) Successful in 16s

Details

Check meta / check_dns (pull_request) Successful in 34s

Details

Check workflows / check_workflows (pull_request) Successful in 43s

Details

Build all the nodes / ap01 (pull_request) Successful in 1m25s

Details

Build all the nodes / bridge01 (pull_request) Successful in 1m33s

Details

Build all the nodes / geo01 (pull_request) Successful in 1m30s

Details

Build all the nodes / build01 (pull_request) Successful in 1m35s

Details

Build all the nodes / netaccess01 (pull_request) Successful in 42s

Details

Build all the nodes / netcore01 (pull_request) Successful in 38s

Details

Build all the nodes / netcore02 (pull_request) Successful in 44s

Details

Build all the nodes / geo02 (pull_request) Successful in 1m35s

Details

Build all the nodes / compute01 (pull_request) Successful in 2m0s

Details

Run pre-commit on all files / pre-commit (pull_request) Successful in 27s

Details

Build the shell / build-shell (pull_request) Successful in 28s

Details

Build all the nodes / hypervisor01 (pull_request) Successful in 1m42s

Details

Build all the nodes / hypervisor03 (pull_request) Successful in 1m41s

Details

Build all the nodes / hypervisor02 (pull_request) Successful in 1m45s

Details

Build all the nodes / storage01 (pull_request) Successful in 1m24s

Details

Build all the nodes / rescue01 (pull_request) Successful in 1m32s

Details

Build all the nodes / web02 (pull_request) Successful in 1m27s

Details

Build all the nodes / tower01 (pull_request) Successful in 1m42s

Details

Build all the nodes / web03 (pull_request) Successful in 1m34s

Details

Build all the nodes / vault01 (pull_request) Successful in 1m48s

Details

Build all the nodes / web01 (pull_request) Successful in 2m13s

Details

2025-02-05 00:16:12 +01:00

Compare

lbailly force-pushed isp-firewall from 1737583fbc

Run pre-commit on all files / pre-commit (push) Successful in 25s

Details

Check meta / check_meta (pull_request) Successful in 16s

Details

Check meta / check_dns (pull_request) Successful in 34s

Details

Check workflows / check_workflows (pull_request) Successful in 43s

Details

Build all the nodes / ap01 (pull_request) Successful in 1m25s

Details

Build all the nodes / bridge01 (pull_request) Successful in 1m33s

Details

Build all the nodes / geo01 (pull_request) Successful in 1m30s

Details

Build all the nodes / build01 (pull_request) Successful in 1m35s

Details

Build all the nodes / netaccess01 (pull_request) Successful in 42s

Details

Build all the nodes / netcore01 (pull_request) Successful in 38s

Details

Build all the nodes / netcore02 (pull_request) Successful in 44s

Details

Build all the nodes / geo02 (pull_request) Successful in 1m35s

Details

Build all the nodes / compute01 (pull_request) Successful in 2m0s

Details

Run pre-commit on all files / pre-commit (pull_request) Successful in 27s

Details

Build the shell / build-shell (pull_request) Successful in 28s

Details

Build all the nodes / hypervisor01 (pull_request) Successful in 1m42s

Details

Build all the nodes / hypervisor03 (pull_request) Successful in 1m41s

Details

Build all the nodes / hypervisor02 (pull_request) Successful in 1m45s

Details

Build all the nodes / storage01 (pull_request) Successful in 1m24s

Details

Build all the nodes / rescue01 (pull_request) Successful in 1m32s

Details

Build all the nodes / web02 (pull_request) Successful in 1m27s

Details

Build all the nodes / tower01 (pull_request) Successful in 1m42s

Details

Build all the nodes / web03 (pull_request) Successful in 1m34s

Details

Build all the nodes / vault01 (pull_request) Successful in 1m48s

Details

Build all the nodes / web01 (pull_request) Successful in 2m13s

Details

to b3eb86c0a1

Build all the nodes / tower01 (pull_request) Successful in 2m39s

Details

Build all the nodes / hypervisor01 (pull_request) Successful in 2m50s

Details

Build all the nodes / web02 (pull_request) Successful in 2m54s

Details

Build all the nodes / geo02 (pull_request) Successful in 3m2s

Details

Build all the nodes / rescue01 (pull_request) Successful in 2m59s

Details

Build all the nodes / hypervisor03 (pull_request) Successful in 3m6s

Details

Build all the nodes / web03 (pull_request) Successful in 3m5s

Details

Build all the nodes / web01 (pull_request) Successful in 3m32s

Details

Build all the nodes / compute01 (pull_request) Successful in 3m47s

Details

Build all the nodes / ap01 (push) Successful in 1m8s

Details

Build all the nodes / netcore01 (push) Successful in 28s

Details

Build all the nodes / netaccess01 (push) Successful in 49s

Details

Build all the nodes / netcore02 (push) Successful in 39s

Details

Build all the nodes / hypervisor01 (push) Successful in 1m40s

Details

Build all the nodes / bridge01 (push) Successful in 2m17s

Details

Build all the nodes / hypervisor02 (push) Successful in 1m39s

Details

Build the shell / build-shell (push) Successful in 25s

Details

Build all the nodes / geo02 (push) Successful in 2m3s

Details

Build all the nodes / geo01 (push) Successful in 2m36s

Details

Run pre-commit on all files / pre-commit (push) Successful in 45s

Details

Build all the nodes / hypervisor03 (push) Successful in 1m54s

Details

Build all the nodes / compute01 (push) Successful in 2m46s

Details

Build all the nodes / build01 (push) Successful in 2m55s

Details

Build all the nodes / tower01 (push) Successful in 2m7s

Details

Build all the nodes / vault01 (push) Successful in 2m27s

Details

Build all the nodes / rescue01 (push) Successful in 2m51s

Details

Build all the nodes / web02 (push) Successful in 2m44s

Details

Build all the nodes / web03 (push) Successful in 3m13s

Details

Build all the nodes / web01 (push) Successful in 3m18s

Details

Build all the nodes / storage01 (push) Successful in 3m40s

Details

2025-02-05 15:52:12 +01:00

Compare

thubrecht merged commit b3eb86c0a1 into main

2025-02-05 16:07:49 +01:00

thubrecht deleted branch isp-firewall

2025-02-05 16:07:49 +01:00

dgnum-chores referenced this pull request

2025-06-12 14:35:38 +02:00

lon: update agenix #481

dgnum-chores referenced this pull request from a commit

2025-06-12 14:35:39 +02:00

lon: update agenix

dgnum-chores referenced this pull request from a commit

2025-06-12 14:36:38 +02:00

lon: update agenix

dgnum-chores referenced this pull request from a commit

2025-06-12 14:57:57 +02:00

lon: update agenix

lbailly referenced this pull request from a commit

2025-06-12 16:21:20 +02:00

lon: update agenix

lbailly referenced this pull request from a commit

2025-06-12 16:25:50 +02:00

lon: update agenix

~~lbailly referenced this pull request 2025-06-13 11:56:04 +02:00~~

nixos-25.05 #500

Sign in to join this conversation.

No reviewers

No labels

No milestone

No project

No assignees

2 participants

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

DGNum/infrastructure!231

Rows
Columns