nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gluon-core: firewall: Allow custom gluon_wired interfaces (#2041)

Browse Source 
This allows for multiple mesh legs out of one box. Useful for offloaders
and networks using vlan for separate mesh transport.
Custom mesh interfaces in a VXLAN domain are otherwise firewalled.

This fixes #1479
This commit is contained in:
Jan-Jonas Sämann 2020-05-31 10:57:58 +02:00 committed by GitHub
parent 97e5434b32
commit ed094bc68c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules
View File

@ -80,9 +80,18 @@ for _, zone in ipairs({ 'wan', 'local_client', 'mesh' }) do
end end
-- We can't put mesh_wan into this zone, as mesh_wan is the same local wired_mesh_ifaces = {}
-- interface as wan, which has its own zone uci:foreach('network', 'interface',
uci:set('firewall', 'wired_mesh', 'network', {'mesh_lan'}) function(iface)
-- Select all interfaces with proto gluon_wired except for
-- mesh_wan into this zone, as mesh_wan is the same
-- interface as wan, which has its own zone
if iface['proto'] == 'gluon_wired' and iface['.name'] ~= 'mesh_wan' then
table.insert(wired_mesh_ifaces, iface['.name'])
end
end
)
uci:set('firewall', 'wired_mesh', 'network', wired_mesh_ifaces)
-- VXLAN for wired meshing -- VXLAN for wired meshing
for _, zone in ipairs({'wired_mesh', 'wan'}) do for _, zone in ipairs({'wired_mesh', 'wan'}) do