freifunk-franken
/
firmware
9
7
Fork 13
Code Issues 48 Pull Requests 7 Releases 17 Wiki Activity

layer3: add option to enable stateful firewall on client network #284

Closed
jkimmel wants to merge 2 commits from jkimmel/firmware:stateful-firewall into master
pull from: jkimmel/firmware:stateful-firewall
merge into: freifunk-franken:master
Conversation 2 Commits 2 Files Changed 25 +342 -119

2 Commits

Author SHA1 Message Date
Johannes Kimmel eaa40f7034 layer3: add option to enable stateful firewall on client network
ci/woodpecker/pr/woodpecker Pipeline was successful Details 
Add the following option to the client config section in
`/etc/config/gateway` to enable a basic stateful firewall:

```
config client
    option stateful_firewall '1'
```

The firewall will forward icmp mesages and allow any outbound client
traffic and related inbound traffic.
 2023-04-12 10:01:14 +02:00
Fabian Bläse 8be918ad49 WIP: fff-firewall: Switch from ip/ebtables to nftables
ci/woodpecker/pr/woodpecker Pipeline was successful Details 
Include nftables and appropriate modules. Translate ip- and ebtables
rules to their nftables counterparts. Remove ip/ebtables and modules.

This change intentionally tries to keep structural changes at a minimum
to keep the rule translation comprehensible.

kmod-nft-bridge is not required for fff-node, because it was merged into
a single kernel module since Linux 4.17:
[1] 02c7b25e5f
[2] fbaf48387e

Fixes: #252

Signed-off-by: Fabian Bläse <fabian@blaese.de>
Co-authored-by: Johannes Kimmel <fff@bareminimum.eu>
 2023-04-06 22:04:20 +02:00