McUles
/
firmware
forked from freifunk-franken/firmware
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
619 Commits 2 Branches 57 Tags 4.1 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
Tim Niemeyer d8eccf57e3 fff: advertise fdff:0::/64 to access web interface 
This patch adds a prefix advertisment for each node. Every node get also
the IPs
* $prefix::MAC
* $prefix::link-local
* $prefix::1

::1 is duplicated so we need filtering to not forward data into the
network for ::1.

Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
 2016-01-31 18:02:06 +01:00
Tim Niemeyer 0737c5df82 firewall: filter broadcasts 
This ebtables rules are based on the gluon work.

Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>
Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
 2015-09-21 15:22:14 +02:00
Oliver Voelker 5d907840f7 leerzeilen entfernt, fehlende shebangs hinzugefügt 2014-11-12 21:22:55 +01:00
Tim Niemeyer 49bf540db4 firewall.user: Filter ssh brute force attacks 
Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>
 2013-10-27 13:10:56 +01:00
Tim Niemeyer 0dd637d097 Revert "ssh reopened in firewall config for debugging purposes, should be closed again in stable release" 
This isn't really needed for debugging. The default port number 22 is often
targeted for brute-force attacks. Dropbear on 16M memory isn't relly capable
of handling this.

This reverts commit 2083df18d1.
 2013-02-02 01:01:21 +01:00
Bjoern Franke 2083df18d1 ssh reopened in firewall config for debugging purposes, should be closed again in stable release 2012-11-23 17:41:58 +01:00
Tim Niemeyer 3622ea8cb5 wan-firewall: fix and clean up 
- use -A (append) instead of -I (insert)
This makes shure the rule order is correct. This fixes #421.
- use uci to determine the correct wan interface
This is the reason, why #421 was only on wr1043. Now the firewall rule
applies to all router.
- remove old and not used rules

Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>
 2012-11-17 18:20:52 +01:00
Tim Niemeyer bf9c42a24c Statefull Inspektion for WAN Interface 
On a router wich is directly connected to the internet, there is lot of traffix
on the WAN port. E.g. ssh bruteforces. That's like a DOS for a small device.

This fixes #395

Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>
 2012-09-30 11:26:11 +02:00
Tim Niemeyer b4d756cb91 New build_script structure. 
The new build_script uses a bsp-style interface. Now it's possible
to work on more than one board at the same time. Just select the
selected_bsp with the build_script and start over.

Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>
 2012-09-29 18:58:44 +02:00