Skip to content
Snippets Groups Projects
Commit 6f2e4151 authored by Tom Teichler's avatar Tom Teichler :beers:
Browse files

Shorewall- und HAProxy-Config aktualisieren

parent 9c622dfd
No related branches found
No related tags found
No related merge requests found
...@@ -248,7 +248,16 @@ backend foreman ...@@ -248,7 +248,16 @@ backend foreman
backend ceph_dashboard backend ceph_dashboard
mode http mode http
option httpchk GET /
http-check expect status 200
http-response add-header X-Frame-Options: ALLOW
server rz-sp-virt-01 192.168.123.11:8080 check server rz-sp-virt-01 192.168.123.11:8080 check
server rz-sp-virt-02 192.168.123.12:8080 check
server rz-sp-virt-04 192.168.123.14:8080 check
backend local_nginx backend local_nginx
mode http mode http
......
...@@ -32,6 +32,8 @@ ...@@ -32,6 +32,8 @@
admcli br-wan:87.162.124.119 admcli br-wan:87.162.124.119
# monitoring-extern # monitoring-extern
admcli br-wan:23.88.122.18 admcli br-wan:23.88.122.18
# Hetzner magicfelix
admcli br-wan:168.119.166.244
?endif ?endif
?if __IPV6 ?if __IPV6
......
...@@ -62,7 +62,7 @@ PROXMOX_HOSTS=192.168.123.11,192.168.123.12,192.168.123.13,192.168.123.14 ...@@ -62,7 +62,7 @@ PROXMOX_HOSTS=192.168.123.11,192.168.123.12,192.168.123.13,192.168.123.14
# Blocklists # Blocklists
BADGUYS=101.64.0.0/13,183.128.0.0/11 BADGUYS=101.64.0.0/13,183.128.0.0/11,111.0.0.0/10,36.99.0.0/16,31.210.37.0/24
# Hosts # Hosts
...@@ -76,3 +76,6 @@ MEDIA=91.184.37.239 ...@@ -76,3 +76,6 @@ MEDIA=91.184.37.239
CLOUD=91.184.37.233 CLOUD=91.184.37.233
RZ_SP_BACKUP_01=91.184.37.163 RZ_SP_BACKUP_01=91.184.37.163
WWW_ALT=91.184.37.227 WWW_ALT=91.184.37.227
# Users
HETZNER_MAGICFELIX=168.119.166.244/32
...@@ -20,6 +20,9 @@ ...@@ -20,6 +20,9 @@
?SECTION UNTRACKED ?SECTION UNTRACKED
?SECTION NEW ?SECTION NEW
# Drop nervigen Foo
DROP all:$BADGUYS all
# Unbreak the internet # Unbreak the internet
ACCEPT all all icmp ACCEPT all all icmp
...@@ -176,6 +179,7 @@ Web/ACCEPT all fw:$HAPROXY_ADMINS ...@@ -176,6 +179,7 @@ Web/ACCEPT all fw:$HAPROXY_ADMINS
ACCEPT intern:192.168.124.26/32 all ACCEPT intern:192.168.124.26/32 all
Web/ACCEPT all!wan intern:192.168.124.26/32 Web/ACCEPT all!wan intern:192.168.124.26/32
ACCEPT wan:$HETZNER_MAGICFELIX intern:91.184.37.169/32
ACCEPT all mgmt:$PROXMOX_HOSTS tcp 80 ACCEPT all mgmt:$PROXMOX_HOSTS tcp 80
DROP:info all:$BADGUYS all
?if __IPV4 ?if __IPV4
MASQUERADE 10.0.0.0/8 br-wan SNAT(91.184.32.117) 10.0.0.0/8 br-wan
MASQUERADE 192.168.123.0/24 br-wan MASQUERADE 192.168.123.0/24 br-wan
MASQUERADE 192.168.124.0/24 br-wan MASQUERADE 192.168.124.0/24 br-wan
MASQUERADE 172.16.30.0/24 br-wan MASQUERADE 172.16.30.0/24 br-wan
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment