nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move essential firewall rules from gluon-firewall to gluon-core and gluon-mesh-batman-adv

Browse Source 
The now empty gluon-firewall is removed.
This commit is contained in:
Matthias Schiffer 2014-07-14 17:53:41 +02:00
parent efe81b1c1c
commit 16060d25d5
4 changed files with 13 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/gluon-core/Makefile
View File

@ -12,7 +12,7 @@ define Package/gluon-core
SECTION:=gluon SECTION:=gluon
CATEGORY:=Gluon CATEGORY:=Gluon
TITLE:=Base files of Gluon TITLE:=Base files of Gluon
DEPENDS:=+gluon-config +lua-platform-info +luci-lib-core +odhcp6c DEPENDS:=+gluon-config +lua-platform-info +luci-lib-core +odhcp6c +firewall
endef endef
define Package/gluon-core/description define Package/gluon-core/description

11
package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules → package/gluon-core/files/lib/gluon/upgrade/core/invariant/014-firewall-rules
View File

@ -26,16 +26,5 @@ c:section('firewall', 'rule', 'wan_ssh',
} }
) )
c:section('firewall', 'rule', 'client_dns',
{
name = 'client_dns',
src = 'client',
dest_port = '53',
target = 'REJECT',
}
)
c:save('firewall') c:save('firewall')
c:commit('firewall') c:commit('firewall')

37
package/gluon-firewall/Makefile
View File

@ -1,37 +0,0 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-firewall
PKG_VERSION:=1
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
include $(INCLUDE_DIR)/package.mk
define Package/gluon-firewall
SECTION:=gluon
CATEGORY:=Gluon
TITLE:=Restrictive firewall rules
DEPENDS:=+gluon-core +firewall
endef
define Package/gluon-firewall/description
Gluon community wifi mesh firmware framework:
Firewall rules which try to ensure a node can't be abused
(e.g. for DNS amplification attacks)
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
endef
define Build/Configure
endef
define Build/Compile
endef
define Package/gluon-firewall/install
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,gluon-firewall))

12
package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
View File

@ -31,6 +31,7 @@ uci:section('network', 'interface', 'bat0',
uci:save('network') uci:save('network')
uci:commit('network') uci:commit('network')
uci:delete('firewall', 'client') uci:delete('firewall', 'client')
uci:section('firewall', 'zone', 'client', uci:section('firewall', 'zone', 'client',
{ {
@ -41,9 +42,20 @@ uci:section('firewall', 'zone', 'client',
forward = 'REJECT', forward = 'REJECT',
} }
) )
c:section('firewall', 'rule', 'client_dns',
{
name = 'client_dns',
src = 'client',
dest_port = '53',
target = 'REJECT',
}
)
uci:save('firewall') uci:save('firewall')
uci:commit('firewall') uci:commit('firewall')
local dnsmasq = uci:get_first('dhcp', 'dnsmasq') local dnsmasq = uci:get_first('dhcp', 'dnsmasq')
uci:set('dhcp', dnsmasq, 'boguspriv', 0) uci:set('dhcp', dnsmasq, 'boguspriv', 0)
uci:set('dhcp', dnsmasq, 'localise_queries', 0) uci:set('dhcp', dnsmasq, 'localise_queries', 0)