Add firewall rules
gluon-mesh-batman-adv should not be used without firewall to prevent forwarding of packets from the mesh to the wan interface. For some reason, the firewall package won't work at all without kmod-ipt-nathelper.
This commit is contained in:
parent
1cf4d41cba
commit
f99767fb9f
@ -12,7 +12,7 @@ define Package/gluon-mesh-batman-adv
|
|||||||
SECTION:=gluon
|
SECTION:=gluon
|
||||||
CATEGORY:=Gluon
|
CATEGORY:=Gluon
|
||||||
TITLE:=Support for batman-adv meshing
|
TITLE:=Support for batman-adv meshing
|
||||||
DEPENDS:=+gluon-core +kmod-batman-adv
|
DEPENDS:=+gluon-core +kmod-batman-adv +firewall +kmod-ipt-nathelper
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/gluon-mesh-batman-adv/description
|
define Package/gluon-mesh-batman-adv/description
|
||||||
|
@ -18,6 +18,14 @@ uci_set network client peerdns '0'
|
|||||||
uci_set network client macaddr "$(sysconfig primary_mac)"
|
uci_set network client macaddr "$(sysconfig primary_mac)"
|
||||||
uci_commit network
|
uci_commit network
|
||||||
|
|
||||||
|
uci_add firewall zone client
|
||||||
|
uci_set firewall client name 'client'
|
||||||
|
uci add_list firewall.client.network='client'
|
||||||
|
uci_set firewall client input 'ACCEPT'
|
||||||
|
uci_set firewall client output 'ACCEPT'
|
||||||
|
uci_set firewall client forward 'REJECT'
|
||||||
|
uci_commit firewall
|
||||||
|
|
||||||
uci_add dhcp dhcp client
|
uci_add dhcp dhcp client
|
||||||
uci_set dhcp client interface 'client'
|
uci_set dhcp client interface 'client'
|
||||||
uci_set dhcp client ignore '1'
|
uci_set dhcp client ignore '1'
|
||||||
|
@ -34,3 +34,12 @@ uci_set network local_node_route6 target '@prefix6@'
|
|||||||
uci_set network local_node_route6 gateway '::'
|
uci_set network local_node_route6 gateway '::'
|
||||||
|
|
||||||
uci_commit network
|
uci_commit network
|
||||||
|
|
||||||
|
uci_remove firewall local_node
|
||||||
|
uci_add firewall zone local_node
|
||||||
|
uci_set firewall local_node name 'local_node'
|
||||||
|
uci add_list firewall.local_node.network='local_node'
|
||||||
|
uci_set firewall local_node input 'ACCEPT'
|
||||||
|
uci_set firewall local_node output 'ACCEPT'
|
||||||
|
uci_set firewall local_node forward 'REJECT'
|
||||||
|
uci_commit firewall
|
||||||
|
Loading…
Reference in New Issue
Block a user