nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
81dc4f44e2
gluon/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules

42 lines
717 B
Lua
Executable File
Raw Blame History

#!/usr/bin/lua
local site = require 'gluon.site_config'
local uci = require 'luci.model.uci'
local c = uci.cursor()
local function reject_input_on_wan(zone)
if zone.name == 'wan' then
c:set('firewall', zone['.name'], 'input', 'REJECT')
c:set('firewall', zone['.name'], 'conntrack', '1')
end
return true
end
c:foreach('firewall', 'zone', reject_input_on_wan)
c:section('firewall', 'rule', 'wan_ssh',
{
name = 'wan_ssh',
src = 'wan',
dest_port = '22',
proto = 'tcp',
target = 'ACCEPT',
}
)
c:section('firewall', 'rule', 'client_dns',
{
name = 'client_dns',
src = 'client',
dest_port = '53',
target = 'REJECT',
}
)
c:save('firewall')
c:commit('firewall')
Reference in New Issue View Git Blame Copy Permalink