Adrian Schmutzler
3214388680
The name br-mesh is actually quite misleading, since the bridge actually includes the "client" interfaces. In order to make this obvious, and to prevent confusion with the properly named wXmesh interfaces, rename them to br-client. Note that br-mesh is also particularly disturbing for the layer 3 firmware without batman-adv. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Acked-by: Fabian Bläse <fabian@blaese.de> Acked-by: Christian Dresel <freifunk@dresel.systems> Reviewed-by: Robert Langhammer <rlanghammer@web.de>
35 lines
1.1 KiB
Plaintext
35 lines
1.1 KiB
Plaintext
######## IN_ONLY ############
|
|
ebtables -N IN_ONLY -P RETURN
|
|
|
|
# Daten aus dem BATMAN werden erlaubt
|
|
# Alles ausser Daten von BATMAN werden DROP'ed
|
|
ebtables -A IN_ONLY -i ! bat0 --logical-in br-client -j DROP
|
|
|
|
######## OUT_ONLY ############
|
|
ebtables -N OUT_ONLY -P RETURN
|
|
|
|
# Daten ins BATMAN werden erlaubt
|
|
# Alles ausser Daten ins BATMAN werden DROP'ed
|
|
ebtables -A OUT_ONLY --logical-out br-client -o ! bat0 -j DROP
|
|
|
|
######## MULTICAST_OUT ############
|
|
ebtables -N MULTICAST_OUT -P DROP
|
|
|
|
######## INPUT ############
|
|
ebtables -P INPUT ACCEPT
|
|
|
|
# Regelt alles was an Multicast/Broadcast von CLIENT -> KNOTEN geht bei MULTICAST_OUT
|
|
ebtables -A INPUT -d Multicast --logical-in br-client -i ! bat0 -j ACCEPT
|
|
|
|
######## FORWARD ############
|
|
ebtables -P FORWARD ACCEPT
|
|
|
|
# Regelt alles was an Multicast/Broadcast von CLIENT -> BATMAN geht bei MULTICAST_OUT
|
|
ebtables -A FORWARD -d Multicast --logical-out br-client -o bat0 -j MULTICAST_OUT
|
|
|
|
######## OUTPUT ############
|
|
ebtables -P OUTPUT ACCEPT
|
|
|
|
# Regelt alles was an Multicast/Broadcast von KNOTEN -> BATMAN geht bei MULTICAST_OUT
|
|
ebtables -A OUTPUT -d Multicast --logical-out br-client -o bat0 -j MULTICAST_OUT
|