From 0cf6fade94a46d19aae7cc5732948483a1b23670 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Thu, 16 Jun 2022 19:05:26 +0200 Subject: [PATCH] gluon-mmfd: add firewall rules --- .../lib/gluon/upgrade/310-gluon-mmfd-firewall | 55 +++++++++++++++++++ .../gluon/upgrade/430-gluon-mmfd-interface | 11 ++++ 2 files changed, 66 insertions(+) create mode 100755 package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall create mode 100755 package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface diff --git a/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall new file mode 100755 index 00000000..5b533809 --- /dev/null +++ b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall @@ -0,0 +1,55 @@ +#!/usr/bin/lua + +local uci = require('simple-uci').cursor() +local site = require "gluon.site" + +uci:section('firewall', 'zone', 'mmfd', { + name = 'mmfd', + input = 'REJECT', + output = 'accept', + forward = 'REJECT', + device = 'mmfd+', + log = '1', +}) + +uci:section('firewall', 'rule', 'mesh_mmfd', { + src = 'mesh', + src_ip = 'fe80::/64', + dest_port = '27275', + proto = 'udp', + target = 'ACCEPT', +}) + +uci:section('firewall', 'rule', 'mesh_respondd_mcast_ll', { + src = 'mesh', + src_ip = 'fe80::/64' , + dest_port = '1001', + proto = 'udp', + target = 'ACCEPT', +}) + +uci:section('firewall', 'rule', 'mesh_respondd_mcast2', { + src = 'mesh', + src_ip = site.node_prefix6() or site.prefix6(), + dest_port = '1001', + proto = 'udp', + target = 'ACCEPT', +}) + +uci:section('firewall', 'rule', 'mmfd_respondd_ll', { + src = 'mmfd', + src_ip = 'fe80::/64', + dest_port = '1001', + proto = 'udp', + target = 'ACCEPT', +}) + +uci:section('firewall', 'rule', 'mmfd_respondd_mesh', { + src = 'mmfd', + src_ip = site.node_prefix6() or site.prefix6(), + dest_port = '1001', + proto = 'udp', + target = 'ACCEPT', +}) + +uci:save('firewall') diff --git a/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface new file mode 100755 index 00000000..8e500d16 --- /dev/null +++ b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface @@ -0,0 +1,11 @@ +#!/usr/bin/lua + +local uci = require('simple-uci').cursor() + +uci:section('network', 'interface', 'mmfd', { + proto = 'static', + ifname = 'mmfd0', + ip6addr = 'fe80::1/64' +}) + +uci:save('network')