kaffa/obsidian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OpenWrt CDN IP 필터 추가 (BunnyCDN + Cloudflare)

Browse Source 
오리진 직접 접근 차단, CDN 경유만 허용
매일 04:00 자동 업데이트 크론

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
kappa
2026-03-15 10:56:04 +09:00
parent 3a0f75ec13
commit ea48a713c5
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
infra/infra-hosts.md
View File

@@ -69,6 +69,10 @@ tags: [infra, network, kr-zone, openwrt]
- proxy-quic: udp:0.0.0.0:9443 → udp:127.0.0.1:9443 - proxy-quic: udp:0.0.0.0:9443 → udp:127.0.0.1:9443
- **APISIX etcd**: apisix-etcd (incus 컨테이너, 10.179.99.101) - **APISIX etcd**: apisix-etcd (incus 컨테이너, 10.179.99.101)
- **OVN 네트워크**: ovn1 (10.165.246.0/24) — hp2↔kr2 간 오버레이 - **OVN 네트워크**: ovn1 (10.165.246.0/24) — hp2↔kr2 간 오버레이
- **CDN IP 필터**: BunnyCDN + Cloudflare IP만 80/443 허용, 그 외 WAN 차단
- 스크립트: `/etc/cdn-filter-update.sh`
- nftables: `/etc/nftables.d/10-cdn-filter.nft`
- 크론: 매일 04:00 업데이트
- **DNS rebind 예외**: inouter.com (OpenWrt dnsmasq) - **DNS rebind 예외**: inouter.com (OpenWrt dnsmasq)
- 공인 IP `220.120.65.245`는 OpenWrt 라우터의 IP - 공인 IP `220.120.65.245`는 OpenWrt 라우터의 IP