Add firewall rules

gluon-mesh-batman-adv should not be used without firewall to prevent forwarding
of packets from the mesh to the wan interface.

For some reason, the firewall package won't work at all without
kmod-ipt-nathelper.
This commit is contained in:
Matthias Schiffer 2014-01-14 01:50:59 +01:00
parent 1cf4d41cba
commit f99767fb9f
3 changed files with 18 additions and 1 deletions

View File

@ -12,7 +12,7 @@ define Package/gluon-mesh-batman-adv
SECTION:=gluon SECTION:=gluon
CATEGORY:=Gluon CATEGORY:=Gluon
TITLE:=Support for batman-adv meshing TITLE:=Support for batman-adv meshing
DEPENDS:=+gluon-core +kmod-batman-adv DEPENDS:=+gluon-core +kmod-batman-adv +firewall +kmod-ipt-nathelper
endef endef
define Package/gluon-mesh-batman-adv/description define Package/gluon-mesh-batman-adv/description

View File

@ -18,6 +18,14 @@ uci_set network client peerdns '0'
uci_set network client macaddr "$(sysconfig primary_mac)" uci_set network client macaddr "$(sysconfig primary_mac)"
uci_commit network uci_commit network
uci_add firewall zone client
uci_set firewall client name 'client'
uci add_list firewall.client.network='client'
uci_set firewall client input 'ACCEPT'
uci_set firewall client output 'ACCEPT'
uci_set firewall client forward 'REJECT'
uci_commit firewall
uci_add dhcp dhcp client uci_add dhcp dhcp client
uci_set dhcp client interface 'client' uci_set dhcp client interface 'client'
uci_set dhcp client ignore '1' uci_set dhcp client ignore '1'

View File

@ -34,3 +34,12 @@ uci_set network local_node_route6 target '@prefix6@'
uci_set network local_node_route6 gateway '::' uci_set network local_node_route6 gateway '::'
uci_commit network uci_commit network
uci_remove firewall local_node
uci_add firewall zone local_node
uci_set firewall local_node name 'local_node'
uci add_list firewall.local_node.network='local_node'
uci_set firewall local_node input 'ACCEPT'
uci_set firewall local_node output 'ACCEPT'
uci_set firewall local_node forward 'REJECT'
uci_commit firewall