fff-firewall: add user-customizable nftables hook

Currently there is no way to persistently configure firewall rules on a router. This might be desirable as home-use of the Freifunk network is quite common these days. To allow for the most flexibility while keeping maintenance efforts low, add a persistent, user-customizable nftables hook. It is evaluated after all firewall rules have already been configured, so it is possible to override them. Users of this hook are responsible for keeping up with changes to the firmware and modify it appropriately, before updating the system. Fixes: #314 Signed-off-by: Fabian Bläse <fabian@blaese.de>
2024-03-11 21:51:02 +01:00 · 2024-03-11 21:51:02 +01:00 · 6acdc6efa1
parent cef7bc3c88
commit 6acdc6efa1
2 changed files with 2 additions and 0 deletions
--- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/90-user
+++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/90-user
@ -0,0 +1 @@
+nft -f /etc/nftables-fff.conf
--- a/src/packages/fff/fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade
+++ b/src/packages/fff/fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade
@ -12,6 +12,7 @@ cat > /etc/sysupgrade.conf <<-__EOF__
 /etc/config/fff
 /etc/config/gateway
 /etc/hoodfile
+/etc/nftables-fff.conf
 __EOF__

 exit 0