nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gluon-mesh-batman-adv: Do not ACCEPT incoming packets.

Browse Source 
For security reasons we should not accept incoming packets per default
and instead allow specific services on specific interfaces.
This commit is contained in:
Daniel Ehlers 2014-05-06 21:24:04 +02:00 committed by Matthias Schiffer
parent acd60a22b1
commit aba0a3bc0c
1 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
View File

@ -29,13 +29,6 @@ uci_set firewall client input 'ACCEPT'
uci_set firewall client output 'ACCEPT' uci_set firewall client output 'ACCEPT'
uci_set firewall client forward 'REJECT' uci_set firewall client forward 'REJECT'
config_load firewall
accept_input_on_wan() {
config_get name "$1" name
[ "$name" = 'wan' ] && uci_set firewall "$1" input 'ACCEPT'
}
config_foreach accept_input_on_wan 'zone'
uci_commit firewall uci_commit firewall
uci_set dhcp '@dnsmasq[0]' boguspriv '0' uci_set dhcp '@dnsmasq[0]' boguspriv '0'