freifunk-franken/firmware
9
7
Fork 14
Code Issues 45 Pull Requests 9 Actions Releases 20 Wiki Activity

fff-firewall: add user-customizable nftables hook #317

Closed
fbl wants to merge 2 commits from fbl/firmware:user-firewall into master
pull from: fbl/firmware:user-firewall
merge into: freifunk-franken:master
Conversation 1 Commits 2 Files Changed 3 +3 -2
fbl commented 2024-03-11 22:11:45 +01:00
Owner
Copy Link

Currently there is no way to persistently configure firewall rules on a
router. This might be desirable as home-use of the Freifunk network is
quite common these days.

To allow for the most flexibility while keeping maintenance efforts low,
add a persistent, user-customizable nftables hook. It is evaluated after
all firewall rules have already been configured, so it is possible to
override them.

Users of this hook are responsible for keeping up with changes to the
firmware and modify it appropriately, before updating the system.

Fixes: #314

While at it, merge sysupgrade.conf entires into a single uci-defaults script.

Currently there is no way to persistently configure firewall rules on a router. This might be desirable as home-use of the Freifunk network is quite common these days. To allow for the most flexibility while keeping maintenance efforts low, add a persistent, user-customizable nftables hook. It is evaluated after all firewall rules have already been configured, so it is possible to override them. Users of this hook are responsible for keeping up with changes to the firmware and modify it appropriately, before updating the system. Fixes: #314 While at it, merge sysupgrade.conf entires into a single uci-defaults script.
fbl added the
feature
 label 2024-03-11 22:11:45 +01:00
fbl added 2 commits 2024-03-11 22:11:45 +01:00 
Currently there is no way to persistently configure firewall rules on a
router. This might be desirable as home-use of the Freifunk network is
quite common these days.

To allow for the most flexibility while keeping maintenance efforts low,
add a persistent, user-customizable nftables hook. It is evaluated after
all firewall rules have already been configured, so it is possible to
override them.

Users of this hook are responsible for keeping up with changes to the
firmware and modify it appropriately, before updating the system.

Fixes: #314

Signed-off-by: Fabian Bläse <fabian@blaese.de>
Consolidate sysupgrade.conf entries
Some checks are pending
ci/woodpecker/pull_request_closed/woodpecker Pipeline is pending
Details
871e80eb35 
Most of the entries in /etc/sysupgrade.conf are generated by a
uci-defaults script in the fff-sysupgrade package. The only entry
added in a different place is rc.local.fff_userconfig.

Consolidate all entries to be added by the uci-defaults script in
fff-sysupgrade.

Signed-off-by: Fabian Bläse <fabian@blaese.de>
fbl commented 2024-04-01 23:53:44 +02:00
Author
Owner
Copy Link

Applied.

Applied.
fbl closed this pull request 2024-04-01 23:53:44 +02:00
fbl added this to the 20240401-beta milestone 2024-04-01 23:53:47 +02:00
Some checks are pending
ci/woodpecker/pull_request_closed/woodpecker Pipeline is pending
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
RFC

   
RFT

   
WIP

   
blocked

   
bsp

touching bsp files or adding devices

  
bug

Something is not working

  
build/scripts/tools

touching buildscript or other tools

  
duplicate

This issue or pull request already exists

  
feature

New feature

  
fixed

Issue that got resolved

  
layer3

only for layer3 FW

  
mantis

Imported from mantis

  
more details required

Reported information is insufficient to debug the issue

  
needs changes

   
node

only for node FW

  
packages/fff

touching our packages

  
rejected

Rejected or won't fix

  
security

   
trivial

simple non-functional changes that are mostly matter of taste

  
upstream

touching upstream version, build or feed patches

No Label
RFC
RFT
WIP
blocked
bsp
bug
build/scripts/tools
duplicate
feature
fixed
layer3
mantis
more details required
needs changes
node
packages/fff
rejected
security
trivial
upstream
Milestone
Clear milestone
No items
No Milestone
20240401-beta
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: freifunk-franken/firmware#317
No description provided.
Delete Branch "fbl/firmware:user-firewall"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?