gluon-core: firewall: accept inbound VXLAN traffic on wired mesh interfaces
Fixes #1308
This commit is contained in:
parent
454555a030
commit
a32fddf38c
@ -14,7 +14,7 @@ end
|
||||
|
||||
uci:foreach('firewall', 'zone', reject_input_on_wan)
|
||||
|
||||
for _, zone in ipairs ({ 'mesh', 'local_client' } ) do
|
||||
for _, zone in ipairs({'mesh', 'local_client', 'wired_mesh'}) do
|
||||
-- Other packages assign interfaces to these zones
|
||||
uci:section('firewall', 'zone', zone, {
|
||||
name = zone,
|
||||
@ -76,4 +76,22 @@ for _, zone in ipairs({ 'wan', 'local_client', 'mesh' }) do
|
||||
end
|
||||
|
||||
|
||||
-- We can't put mesh_wan into this zone, as mesh_wan is the same
|
||||
-- interface as wan, which has its own zone
|
||||
uci:set('firewall', 'wired_mesh', 'network', {'mesh_lan'})
|
||||
|
||||
-- VXLAN for wired meshing
|
||||
for _, zone in ipairs({'wired_mesh', 'wan'}) do
|
||||
uci:section('firewall', 'rule', zone .. '_vxlan', {
|
||||
name = zone .. '_vxlan',
|
||||
src = zone,
|
||||
family = 'ipv6',
|
||||
src_ip = 'fe80::/64',
|
||||
proto = 'udp',
|
||||
dest_port = '4789',
|
||||
target = 'ACCEPT',
|
||||
})
|
||||
end
|
||||
|
||||
|
||||
uci:save('firewall')
|
||||
|
Loading…
Reference in New Issue
Block a user