Move essential firewall rules from gluon-firewall to gluon-core and gluon-mesh-batman-adv

The now empty gluon-firewall is removed.
2014-07-14 17:53:41 +02:00 · 2014-07-14 17:53:41 +02:00 · 16060d25d5
commit 16060d25d5
parent efe81b1c1c
4 changed files with 13 additions and 49 deletions
--- a/package/gluon-core/Makefile
+++ b/package/gluon-core/Makefile
@ -12,7 +12,7 @@ define Package/gluon-core
  SECTION:=gluon
  CATEGORY:=Gluon
  TITLE:=Base files of Gluon
-  DEPENDS:=+gluon-config +lua-platform-info +luci-lib-core +odhcp6c
+  DEPENDS:=+gluon-config +lua-platform-info +luci-lib-core +odhcp6c +firewall
 endef

 define Package/gluon-core/description
--- a/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
+++ b/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
@ -26,16 +26,5 @@ c:section('firewall', 'rule', 'wan_ssh',
 	  }
 )

-
-c:section('firewall', 'rule', 'client_dns',
-	  {
-		  name = 'client_dns',
-		  src = 'client',
-		  dest_port = '53',
-		  target = 'REJECT',
-	  }
-)
-
-
 c:save('firewall')
 c:commit('firewall')
--- a/package/gluon-firewall/Makefile
+++ b/package/gluon-firewall/Makefile
@ -1,37 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=gluon-firewall
-PKG_VERSION:=1
-
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/gluon-firewall
-  SECTION:=gluon
-  CATEGORY:=Gluon
-  TITLE:=Restrictive firewall rules
-  DEPENDS:=+gluon-core +firewall
-endef
-
-define Package/gluon-firewall/description
-	Gluon community wifi mesh firmware framework:
-	Firewall rules which try to ensure a node can't be abused
-	(e.g. for DNS amplification attacks)
-endef
-
-define Build/Prepare
-	mkdir -p $(PKG_BUILD_DIR)
-endef
-
-define Build/Configure
-endef
-
-define Build/Compile
-endef
-
-define Package/gluon-firewall/install
-	$(CP) ./files/* $(1)/
-endef
-
-$(eval $(call BuildPackage,gluon-firewall))
--- a/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
+++ b/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
@ -31,6 +31,7 @@ uci:section('network', 'interface', 'bat0',
 uci:save('network')
 uci:commit('network')

+
 uci:delete('firewall', 'client')
 uci:section('firewall', 'zone', 'client',
 	    {
@ -41,9 +42,20 @@ uci:section('firewall', 'zone', 'client',
 		    forward = 'REJECT',
 	    }
 )
+
+c:section('firewall', 'rule', 'client_dns',
+	  {
+		  name = 'client_dns',
+		  src = 'client',
+		  dest_port = '53',
+		  target = 'REJECT',
+	  }
+)
+
 uci:save('firewall')
 uci:commit('firewall')

+
 local dnsmasq = uci:get_first('dhcp', 'dnsmasq')
 uci:set('dhcp', dnsmasq, 'boguspriv', 0)
 uci:set('dhcp', dnsmasq, 'localise_queries', 0)