Add static routes

metal-stack · Oct 21, 2024 · fa77cc7 · fa77cc7
1 parent ea909e5
commit fa77cc7
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 7 deletions.
diff --git a/partition/roles/mgmt-firewall/README.md b/partition/roles/mgmt-firewall/README.md
@@ -110,10 +110,11 @@ The following fields define port forwarding rules:
 
 The following variables can be customized for each firewall:
 
-| Variable                            | Mandatory | Description                 |
-| ----------------------------------- | --------- | --------------------------- |
-| `mgmt_firewall_location_name`       | yes       | Location of the firewall    |
-| `mgmt_firewall_device_name`         | yes       | Device name                 |
-| `mgmt_firewall_public_key`          | yes       | Public key for the firewall |
-| `mgmt_firewall_default_wan_enabled` |           | Default: false              |
-| `mgmt_firewall_wireless_disabled`   |           | Default: true               |
+| Variable                              | Mandatory | Description                                    |
+| ------------------------------------- | --------- | ---------------------------------------------- |
+| `mgmt_firewall_location_name`         | yes       | Location of the firewall                       |
+| `mgmt_firewall_device_name`           | yes       | Device name                                    |
+| `mgmt_firewall_public_key`            | yes       | Public key for the firewall                    |
+| `mgmt_firewall_default_wan_enabled`   |           | Default: false                                 |
+| `mgmt_firewall_wireless_disabled`     |           | Default: true                                  |
+| `mgmt_firewall_static_routes_enabled` |           | Set up static routes, by specifying a gateway. |
diff --git a/partition/roles/mgmt-firewall/tasks/main.yaml b/partition/roles/mgmt-firewall/tasks/main.yaml
@@ -241,6 +241,17 @@
     /etc/init.d/firewall restart
   loop: '{{ mgmt_firewall_port_forwards }}'
 
+- name: Setup Static Routes
+  ansible.builtin.raw: |
+    network.1=route
+    network.1.table='254'
+    network.1.netmask='0.0.0.0'
+    network.1.target='0.0.0.0'
+    network.1.gateway='{{ item.gateway }}'
+    network.1.interface='wan'
+  loop: '{{ mgmt_firewall_static_routes }}'
+  when: mgmt_firewall_static_routes_enabled | default(false)
+
 - name: Setup static VLANs (VLAN 1 and 2)
   ansible.builtin.raw: |
     uci set network.@switch_vlan[0].ports='0t 4'