mark22k
/
dn42-router
镜像自地址 https://codeberg.org/mark22k/dn42-router.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312
							---
firewall:
  alfis: true
  tailscale: true
  tailscale_nat:
    ipv4: 172.22.149.252/32
    ipv6: fd04:234e:fc31:7402::/64
  bgp:
    - interface: lab
      addresses:
        - fe80::2924
    - interface: monitor
      addresses:
        - fe80::2923:2
    - interface: client16
      addresses:
        - fe80::2923:2
    - interface: lare
      addresses:
        - fe80::3035:2923
    - interface: ycyc894
      addresses:
        - fe80::904
    - interface: maglab2
      addresses:
        - fe80::2800
    - interface: dn42.tech9.io
      addresses:
        - fe80::1588
    - interface: caesia
      addresses:
        - fe80::2923
    - interface: dingemans
      addresses:
        - fe80::3:349a
    - interface: chaosvpn
      addresses:
        - 172.22.54.1
        - fe80::6:4654
    - interface: uvok
      addresses:
        - fe80::2924
    - interface: sernet
      addresses:
        - fe80::3947:6
    - interface: duckl1ng
      addresses:
        - fe80::f274:b
    - interface: androw
      addresses:
        - fe80::2575:2
    - interface: elrond
      addresses:
        - fe80::620:1
    - interface: pebkac
      addresses:
        - fe80::ffff:2092
    # - interface: foxo
    #   addresses:
    #     - ???
    - interface: winter
      addresses:
        - fd4e:d0:d38d::3
    - interface: sidereal
      addresses:
        - fe80::2016
    - interface: rivensbane
      addresses:
        - fe80::1815
    - interface: paternot
      addresses:
        - fd22:ad17:8e8d:10::11c
    - interface: highdefuk
      addresses:
        - fe80::117
  bfd:
    - interface: lab
      prefix: fe80::/10
    - interface: monitor
      prefix: fe80::/10
    - interface: client16
      prefix: fe80::/10
    - interface: dingemans
      prefix: fe80::/10
    - interface: elrond
      prefix: fe80::/10
    - interface: rivensbane
      prefix: fe80::/10
    - interface: paternot
      prefix: fd22:ad17:8e8d:10::11c/127
  rules:
    # Allow DNS
    - meta l4proto { tcp, udp } th dport 53 counter accept
    # Allow Whois from dnet
    - tcp dport 43 ip saddr @dnet_ipv4 counter accept
    - tcp dport 43 ip6 saddr @dnet_ipv6 counter accept
    # allow zone transfer
    - meta l4proto { tcp, udp } th dport 5353 ip saddr 172.22.149.224/28 counter accept
    - meta l4proto { tcp, udp } th dport 5353 ip6 saddr fd04:234e:fc31::/112 counter accept
    # Allow HTTP
    - tcp dport { 80, 443 } counter accept
    # Tor
    - meta l4proto { tcp, udp } th dport 1991 counter accept
    - meta l4proto { tcp, udp } th dport 1992 counter accept
    # I2P
    - meta l4proto { tcp, udp } th dport 13608 counter accept
    # OpenVPN third.mk16.de
    - udp dport 34597 counter accept

  # wireguard and fastd ports are automatically opened
  rc:
    own_interfaces:
      - routercity
    interfaces:
      - p2prouter
      - herzstein
      - aurora
      - palerme
      - sobinka
      - laplace
      - stricker
      - trolljaeger
      - silvermoon
      - frostwood
      - beastwarden
  dnet:
    own_interfaces:
      - crxn
      - dn42
      - neo
      - dns
      - dn42-myip
    interfaces:
      - uvok
      - lab
      - p2prouter
      - crxnalexsrv
      - crxntristan
      - crxngustav
      - alioth
      - androw
      - atolm
      - aureus
      - aurora
      - benjojo
      - brandweb
      - burble
      - caesia
      - caesia2
      - caskd
      - chaosvpn
      - charlie
      - crxngrisha
      - crxngleb
      - crxnmikhail
      - crxnreseau
      - crxnty3r0x
      - de01.weiti.org
      - dingemans
      - dn42.g-load.eu
      - dn42.kuu.moe
      - dn42.miegl.cz
      - dn42.tech9.io
      - famfo
      - flas
      - hax404
      - herzstein
      - highdefuk
      - icvpndlrgw4
      - icvpndlrgw9
      - icvpnfrankfurt
      - icvpnfulda1
      - icvpnfulda2
      - icvpnfulda3
      - icvpnfulda4
      - jenakuu
      - jerryxiao
      - johnriddel
      - kskb-neo
      - kskb
      - lapis
      - laplace
      - lare
      - librehouse
      - maglab
      - maglab2
      - maraun
      - melusfer
      - mirsal
      - morik1
      - morik2
      - neoas
      - neonl42.kskb
      - nexadn
      - nicholascw
      - nisb
      - palerme
      - parrot
      - pelethiec
      - rhm
      - rzl
      - sobinka
      - spectre-net
      - stricker
      - sunnet
      - symnet
      - taavi
      - tbspace
      - tchekda
      - tinyt
      - trolljaeger
      - truewinter
      - tux
      - ty3r0x
      - vlezay
      - whojk
      - yayc
      - ycyc894
      - yuuta
      - zwergenland
      - sernet
      - duckl1ng
      - androw
      - elrond
      - pebkac
      - foxo
      - winter
      - silvermoon
      - frostwood
      - beastwarden
      - sidereal
      - rivensbane
      - paternot
  clients:
    - interface: ovpn_third
      firewall: false
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.249/32
        dnet_ipv6:
          - fd04:234e:fc31:e::5938/128
    - interface: client01
      firewall: true
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.251/32
        dnet_ipv6:
          - fd04:234e:fc31:e::1/128
    - interface: client02
      firewall: true
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.116/32
        dnet_ipv6:
          - fd04:234e:fc31:e::2/128
    - interface: client16
      firewall: false
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.118/31
        dnet_ipv6:
          - fd04:234e:fc31:b0c0::/60
    - interface: monitor
      firewall: false
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.248/32
        dnet_ipv6:
          - fd04:234e:fc31:fd1e:ceac:f1c0::/90
    - interface: client17
      firewall: true
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.120/32
        dnet_ipv6:
          - fd04:234e:fc31:fd1e:ceac:f180::/90
    - interface: client20
      firewall: true
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.121/32
        dnet_ipv6:
          - fd04:234e:fc31:e::20/128
    - interface: client19
      firewall: true
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.117/32
        dnet_ipv6:
          - fd04:234e:fc31:e::19/128
    - interface: client21
      firewall: true
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.122/32
        dnet_ipv6:
          - fd04:234e:fc31:e::21/128
    - interface: client22
      firewall: true
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.123/32
        dnet_ipv6:
          - fd04:234e:fc31:e::22/128
    - interface: portscanning
      firewall: false
      allowed_ips:
        dnet_ipv4:
          - 172.22.149.250/32
        dnet_ipv6:
          - fd04:234e:fc31::250/128