[Babel-users] rolling out babel-1.6 in a week or so

Dave Taht dave.taht at gmail.com
Sat Jun 13 23:58:17 UTC 2015


On Sat, Jun 13, 2015 at 4:32 PM, Juliusz Chroboczek
<jch at pps.univ-paris-diderot.fr> wrote:
>> and then I go looking for the main babeld repo and spot this, which has
>> socket control of conf stuff...
>> http://git.erp5.org/repos/babeld.git
>
>
>   http://mid.gmane.org/<5436C3F2.4000608@jmuchemb.eu>
>   http://mid.gmane.org/<87bnpdf43i.wl-jch@pps.univ-paris-diderot.fr>

your links got mangled, but the email addy of the first was enough to
find the relevant posts. I grok your analysis. :)

It would be nice to more dynamically configure babel in the long run
via appropriate means.

whilst I am parsing the -g output... (which is not needed for what I
describe below)

I am kind of seeking ways to secure the perimeter of the network
better than I currently do, with the pending ipv6 rollout of highly
dynamic ipv6 addresses. One thought I'd had was to feed the
known-to-igp routes into a ipset rule so I could only allow ssh from
those ranges and a carefully added set of management networks outside
the perimeter[1] for while I am away (right now I use the tinc vpn for
this, and plan to only allow ssh from the vpn). tinc and babel seem
compatible in switched, but not routed, mode. When routed there are
several pita things about it, thus far.


[1] this of course does not prevent a rogue router from messing up
life internally, but I do like at least slowing down attempts over
ipv6 to mess up my world.

-- 
Dave Täht
What will it take to vastly improve wifi for everyone?
https://plus.google.com/u/0/explore/makewififast



More information about the Babel-users mailing list