Merge pull request #2553 from ffgraz/mmfd

Move common firewall rules to respective packages

package/gluon-l3roamd/luasrc/lib/gluon/upgrade/320-firewall-l3roamd

@@ -1,6 +1,26 @@
 #!/usr/bin/lua
+
 local uci = require('simple-uci').cursor()
 
+uci:section('firewall', 'zone', 'l3roamd', {
+	name = 'l3roamd',
+	input = 'ACCEPT',
+	output = 'ACCEPT',
+	forward = 'REJECT',
+	device = 'l3roam+',
+	log = '1',
+})
+
+uci:section('firewall', 'forwarding', 'flc', {
+	src = 'l3roamd',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fcl', {
+	src = 'loc_client',
+	dest = 'l3roamd',
+})
+
 uci:section('firewall', 'rule',  'mesh_l3roamd', {
 	name = 'mesh_l3roamd',
 	src = 'mesh',

package/gluon-mesh-babel/Makefile

@@ -9,7 +9,7 @@ include ../gluon.mk
 
 define Package/gluon-mesh-babel
   TITLE:=Babel mesh
-  DEPENDS:=+gluon-core +babeld +gluon-mmfd +libiwinfo +libgluonutil +firewall +libjson-c +libnl-tiny +libubus +libubox +libblobmsg-json +libbabelhelper +luabitop
+  DEPENDS:=+gluon-core +babeld +gluon-mesh-layer3-common +libiwinfo +libgluonutil +firewall +libjson-c +libnl-tiny +libubus +libubox +libblobmsg-json +libbabelhelper +luabitop
   PROVIDES:=gluon-mesh-provider
 endef
 

package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall

@@ -1,96 +1,6 @@
 #!/usr/bin/lua
 
 local uci = require('simple-uci').cursor()
-local site = require "gluon.site"
-
-uci:section('firewall', 'zone', 'l3roamd', {
-	name = 'l3roamd',
-	input = 'ACCEPT',
-	output = 'ACCEPT',
-	forward = 'REJECT',
-	device = 'l3roam+',
-	log = '1',
-})
-
-uci:section('firewall', 'zone', 'mmfd', {
-	name = 'mmfd',
-	input = 'REJECT',
-	output = 'accept',
-	forward = 'REJECT',
-	device = 'mmfd+',
-	log = '1',
-})
-
--- forwardings and respective rules
-uci:section('firewall', 'forwarding', 'fcc', {
-	src = 'loc_client',
-	dest = 'loc_client',
-})
-
-uci:section('firewall', 'forwarding', 'fcm', {
-	src = 'loc_client',
-	dest = 'mesh',
-})
-
-uci:section('firewall', 'forwarding', 'fmc', {
-	src = 'mesh',
-	dest = 'loc_client',
-})
-
-uci:section('firewall', 'forwarding', 'fmm', {
-	src = 'mesh',
-	dest = 'mesh',
-})
-
-uci:section('firewall', 'forwarding', 'flc', {
-	src = 'l3roamd',
-	dest = 'loc_client',
-})
-
-uci:section('firewall', 'forwarding', 'fcl', {
-	src = 'loc_client',
-	dest = 'l3roamd',
-})
-
-uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
-	src = 'mesh',
-	src_ip = 'fe80::/64' ,
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mesh_respondd_mcast2', {
-	src = 'mesh',
-	src_ip = site.node_prefix6(),
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mmfd_respondd_ll', {
-	src = 'mmfd',
-	src_ip = 'fe80::/64',
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mmfd_respondd_mesh', {
-	src = 'mmfd',
-	src_ip = site.node_prefix6(),
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mesh_mmfd', {
-	src = 'mesh',
-	src_ip = 'fe80::/64',
-	dest_port = '27275',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
 
 uci:section('firewall', 'rule', 'mesh_babel', {
 	src = 'mesh',

package/gluon-mesh-layer3-common/Makefile

@@ -0,0 +1,12 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-mesh-layer3-common
+
+include ../gluon.mk
+
+define Package/gluon-mesh-layer3-common
+  TITLE:=Layer3 common files
+  DEPENDS:=+gluon-core +gluon-mmfd +firewall
+endef
+
+$(eval $(call BuildPackageGluon,gluon-mesh-layer3-common))

package/gluon-mesh-layer3-common/check_site.lua

@@ -0,0 +1,2 @@
+need_string_match(in_domain({'node_prefix6'}), '^[%x:]+/64$')
+

package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/310-layer3-firewall

@@ -0,0 +1,25 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+uci:section('firewall', 'forwarding', 'fcc', {
+	src = 'loc_client',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fcm', {
+	src = 'loc_client',
+	dest = 'mesh',
+})
+
+uci:section('firewall', 'forwarding', 'fmc', {
+	src = 'mesh',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fmm', {
+	src = 'mesh',
+	dest = 'mesh',
+})
+
+uci:save('firewall')

package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall

@@ -0,0 +1,55 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+local site = require "gluon.site"
+
+uci:section('firewall', 'zone', 'mmfd', {
+	name = 'mmfd',
+	input = 'REJECT',
+	output = 'accept',
+	forward = 'REJECT',
+	device = 'mmfd+',
+	log = '1',
+})
+
+uci:section('firewall', 'rule',  'mesh_mmfd', {
+	src = 'mesh',
+	src_ip = 'fe80::/64',
+	dest_port = '27275',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
+	src = 'mesh',
+	src_ip = 'fe80::/64' ,
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast2', {
+	src = 'mesh',
+	src_ip = site.node_prefix6() or site.prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_ll', {
+	src = 'mmfd',
+	src_ip = 'fe80::/64',
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_mesh', {
+	src = 'mmfd',
+	src_ip = site.node_prefix6() or site.prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:save('firewall')

package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface

@@ -7,4 +7,5 @@ uci:section('network', 'interface', 'mmfd', {
 	ifname = 'mmfd0',
 	ip6addr = 'fe80::1/64'
 })
+
 uci:save('network')