forked from freifunk-franken/firmware
fff-network: enable forwarding; filter forwarding
Fixes #83 Signed-off-by: Tim Niemeyer <tim@tn-x.org> Reviewed-by: Robert Langhammer <rlanghammer@web.de> Reviewed-by: Christian Dresel <fff@chrisi01.de> Tested-by: Christian Dresel <fff@chrisi01.de>
This commit is contained in:
parent
6863c6235d
commit
bd5985e99e
|
@ -13,7 +13,7 @@ define Package/$(PKG_NAME)
|
|||
CATEGORY:=Freifunk
|
||||
TITLE:= Freifunk-Franken network configuration
|
||||
URL:=http://www.freifunk-franken.de
|
||||
DEPENDS:=+fff-uradvd +fff-boardname
|
||||
DEPENDS:=+fff-uradvd +fff-boardname +fff-firewall
|
||||
endef
|
||||
|
||||
define Package/$(PKG_NAME)/description
|
||||
|
|
|
@ -26,7 +26,6 @@ net.ipv4.conf.default.accept_redirects=0
|
|||
net.ipv4.icmp_echo_ignore_broadcasts=1
|
||||
net.ipv4.icmp_ignore_bogus_error_responses=1
|
||||
net.ipv4.ip_forward=0
|
||||
# net.ipv6.conf.all.forwarding=1
|
||||
|
||||
# disable bridge firewalling by default
|
||||
net.bridge.bridge-nf-call-arptables=0
|
||||
|
@ -65,6 +64,6 @@ net.ipv6.conf.all.autoconf = 0
|
|||
net.ipv6.conf.default.dad_transmits = 3
|
||||
net.ipv6.conf.all.dad_transmits = 3
|
||||
|
||||
# How many global unicast IPv6 addresses can be assigned to each interface?
|
||||
net.ipv6.conf.default.max_addresses = 0
|
||||
net.ipv6.conf.all.max_addresses = 0
|
||||
# Enable forwarding, otherwise not all local route are examined
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
net.ipv6.conf.default.forwarding=0
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
/sbin/iptables -P FORWARD DROP
|
||||
/sbin/ip6tables -P FORWARD DROP
|
|
@ -40,6 +40,7 @@ setAutoConf() {
|
|||
echo "net.ipv6.conf.$iface.accept_ra_pinfo = $on" >> "/etc/sysctl.d/51-fff-network-$iface.conf"
|
||||
echo "net.ipv6.conf.$iface.autoconf = $on" >> "/etc/sysctl.d/51-fff-network-$iface.conf"
|
||||
echo "net.ipv6.conf.$iface.accept_ra_rtr_pref = $on" >> "/etc/sysctl.d/51-fff-network-$iface.conf"
|
||||
echo "net.ipv6.conf.$iface.forwarding = 0" >> "/etc/sysctl.d/51-fff-network-$iface.conf"
|
||||
|
||||
/sbin/sysctl -p "/etc/sysctl.d/51-fff-network-$iface.conf"
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue