Add the following option to the client config section in
`/etc/config/gateway` to enable a basic stateful firewall:
```
config client
option stateful_firewall '1'
```
The firewall will forward icmp mesages and allow any outbound client
traffic and related inbound traffic.
Acked-by: Fabian Bläse <fabian@blaese.de>
Previously, some interfaces in the client ifname list have been kept.
The actual reason for this is unknown, it might have been used for the
bat0 interfaces.
Filtering the interface list in this way might lead to interfaces being
retained unintentionally, especially with the diverse naming of DSA
interfaces.
As it is not required anymore, remove the retention of some interfaces
completely.
Fixes: #207
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Suppresses the unhelpful "uci: Entry not found" message when running
configure-layer3 -c in case there is no `ip6addr` set on the client
interface.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Starting with OpenWrt 21.02 some devices now use upstream kernel drivers
for the built-in switch instead of relying on OpenWrt's swconfig driver.
The upstream kernel drivers use the Distributed Switch Architecture
(DSA) for configuration of the switch. Instead of explicitly configuring
the hardware switch, all ports appear as distinct interfaces and linux
bridges are offloaded to the hardware switch if possible.
To keep changes small, this patch adds support for DSA devices by
setting up a linux bridge, which is then treated just like the
cpuport-interface of the swconfig driver.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
The name br-mesh is actually quite misleading, since the bridge
actually includes the "client" interfaces. In order to make this
obvious, and to prevent confusion with the properly named wXmesh
interfaces, rename them to br-client.
Note that br-mesh is also particularly disturbing for the layer 3
firmware without batman-adv.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
Acked-by: Christian Dresel <freifunk@dresel.systems>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
configuregateway and it's gateway.d files represent a specific
functionality that other packages depend on. Thus, it is put into
a package of its own so dependencies can be expressed more properly.
While at, use the chance to get rid of the ambiguous term "gateway"
and rename the script to configure-layer3 and the folders to layer3.d.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>