- Move site check for prefix4 and extra_prefixes6 to gluon-core, so the
rules don't need to be duplicated in several packages. This also fixes
gluon-respondd not checking extra_prefixes6 at all when
gluon-ebtables-source-filter is not installed as well.
- A redundant check for prefix6 is removed from gluon-l3roamd (this was
already checked by gluon-core)
- A separate check for prefix4 remains in gluon-client-bridge, as the
setting in mandatory there
Reorder scripts so that the mesh_lan interface is accounted for.
Two other firewall upgrade scripts (mesh-babel and l3roamd) are
reordered as well. While there seems to be no hard dependency at the
moment, it makes sense to run the basic setup first, also to avoid
problems with future changes.
Closes: #2090
Fixes: ed094bc68c ("gluon-core: firewall: Allow custom gluon_wired interfaces (#2041)")
This patch makes use of the new feature in l3roamd to gracefully
add, remove and list the mesh interfaces that are currently in use. This
helps when changing mesh interfaces often - a characteristic of the
wireguard protocol implementation as in the previous behavior all local
clients are dropped when adjusting mesh interfaces.
* gluon-core, gluon-client-bridge: introduce new firewall zone: local_client
* gluon-core: put clients in local_client zone, introduce drop-zone,
set dns-rules and zones
* gluon-respondd: allow respondd on mesh
* gluon-status-page-api: allow http input on mesh and client
