mirror of
https://github.com/freifunk-gluon/packages.git
synced 2024-06-26 01:27:31 +02:00
gluon-mesh-batman-adv: Do not ACCEPT incoming packets.
For security reasons we should not accept incoming packets per default and instead allow specific services on specific interfaces.
This commit is contained in:
parent
2ced9d31f7
commit
0733bccbdd
|
@ -29,13 +29,6 @@ uci_set firewall client input 'ACCEPT'
|
||||||
uci_set firewall client output 'ACCEPT'
|
uci_set firewall client output 'ACCEPT'
|
||||||
uci_set firewall client forward 'REJECT'
|
uci_set firewall client forward 'REJECT'
|
||||||
|
|
||||||
config_load firewall
|
|
||||||
accept_input_on_wan() {
|
|
||||||
config_get name "$1" name
|
|
||||||
[ "$name" = 'wan' ] && uci_set firewall "$1" input 'ACCEPT'
|
|
||||||
}
|
|
||||||
config_foreach accept_input_on_wan 'zone'
|
|
||||||
|
|
||||||
uci_commit firewall
|
uci_commit firewall
|
||||||
|
|
||||||
uci_set dhcp '@dnsmasq[0]' boguspriv '0'
|
uci_set dhcp '@dnsmasq[0]' boguspriv '0'
|
||||||
|
|
Loading…
Reference in New Issue
Block a user