From a051deb995eb88b7a4cd9737eff382857aec6ee4 Mon Sep 17 00:00:00 2001 From: Christof Schulze Date: Sat, 17 Jun 2017 12:27:41 +0200 Subject: [PATCH 1/2] gluon-client-bridge: change local_node interface to be part of client zone --- .../luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network index 2f34c9fd..ee3a0b7a 100755 --- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network +++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network @@ -44,7 +44,8 @@ uci:save('network') uci:delete('firewall', 'client') uci:section('firewall', 'zone', 'client', { name = 'client', - network = {'client'}, + network = {'client','local_node',}, + conntrack = '1', input = 'DROP', output = 'DROP', forward = 'DROP', From c13eefd6d67408c195d533bbe4c1c5d15f2db64d Mon Sep 17 00:00:00 2001 From: Christof Schulze Date: Sat, 17 Jun 2017 19:09:52 +0200 Subject: [PATCH 2/2] allow inbound and outbound traffic on client zone --- .../luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network index ee3a0b7a..4669c833 100755 --- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network +++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network @@ -46,8 +46,8 @@ uci:section('firewall', 'zone', 'client', { name = 'client', network = {'client','local_node',}, conntrack = '1', - input = 'DROP', - output = 'DROP', + input = 'ACCEPT', + output = 'ACCEPT', forward = 'DROP', })