correctly label gw hostnames in firewall

sown · Dec 1, 2024 · f4251c0 · f4251c0
1 parent 372c702
commit f4251c0
Showing 1 changed file with 1 addition and 16 deletions.
diff --git a/roles/gw/templates/nftables.conf b/roles/gw/templates/nftables.conf
@@ -26,20 +26,7 @@ table inet filter {
     # SOWN
     define NET_SOWNLAN4 = 10.5.0.0/24
     define NET_SOWNROUTED4 = 152.78.103.160/27
-    define NET_SOWNGW4 = {152.78.103.236 comment "gw", 152.78.103.237 comment "gw2"}
-
-    define NET_LEGACY_BGP4 = {
-        10.5.0.239 comment "auth2",
-        10.5.0.243 comment "monitor",
-        10.5.0.252 comment "gw",
-        10.5.0.253 comment "gw2"
-    }
-    define NET_LEGACY_BGP6 = {
-        2001:630:d0:f700::239 comment "auth2",
-        2001:630:d0:f700::243 comment "monitor",
-        2001:630:d0:f700::252 comment "gw",
-        2001:630:d0:f700::253 comment "gw2",
-    }
+    define NET_SOWNGW4 = {152.78.103.236 comment "gw-b53", 152.78.103.237 comment "gw-b32"}
 
     # SOWN HOSTS
 
@@ -130,8 +117,6 @@ table inet filter {
         ip6 saddr fe80::/64 tcp dport ssh counter accept comment "Allow link-local to SSH to the gateways"
 
         # Routing Protocols
-        iifname $NIC_SOWN ip saddr $NET_LEGACY_BGP4 tcp dport bgp counter accept comment "Allow legacy BGP traffic to gateways"
-        iifname $NIC_SOWN ip6 saddr $NET_LEGACY_BGP6 tcp dport bgp counter accept comment "Allow legacy BGP6 traffic to gateways"
         iifname $NIC_SOWN ip daddr 224.0.0.5 counter accept comment "Allow OSPF from SOWN"
         iifname $NIC_SOWN ip6 daddr ff02::5 counter accept comment "Allow OSPFv3 from SOWN"