mirror
/
gluon-packages
mirror of https://github.com/freifunk-gluon/packages.git
1
0
Fork 0
Code Releases Activity

Merge 2b88142c1f into c64bdff1c0

This commit is contained in:
Daniel Ehlers 2014-06-03 11:28:50 +00:00
parent c64bdff1c0 2b88142c1f
commit 8ad89834a8
3 changed files with 67 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
gluon/gluon-firewall/Makefile Normal file
View File

@ -0,0 +1,38 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-firewall
PKG_VERSION:=1
PKG_RELEASE:=1.$(GLUON_CONFIG_VERSION)
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
include $(INCLUDE_DIR)/package.mk
define Package/gluon-firewall
SECTION:=gluon
CATEGORY:=Gluon
TITLE:=Restrictive firewall settings
DEPENDS:=+gluon-core
endef
define Package/gluon-firewall/description
Gluon community wifi mesh firmware framework:
Firewall rules blocking incoming connections on wan interfaces,
with an exception for ssh.
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
endef
define Build/Configure
endef
define Build/Compile
endef
define Package/gluon-firewall/install
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,gluon-firewall))

29
gluon/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/11-wan-firewall Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
. /lib/functions.sh
config_load firewall
reject_input_on_wan() {
config_get name "$1" name
[ "$name" = 'wan' ] && uci_set firewall "$1" input 'REJECT'
}
config_foreach reject_input_on_wan 'zone'
uci_remove firewall wan_ssh
uci_add firewall rule wan_ssh
uci_set firewall wan_ssh name 'wan_ssh'
uci_set firewall wan_ssh src 'wan'
uci_set firewall wan_ssh dest_port '22'
uci_set firewall wan_ssh proto 'tcp'
uci_set firewall wan_ssh family 'ipv4'
uci_set firewall wan_ssh target 'ACCEPT'
uci_remove firewall wan_ssh6
uci_add firewall rule wan_ssh6
uci_set firewall wan_ssh6 name 'wan_ssh6'
uci_set firewall wan_ssh6 src 'wan'
uci_set firewall wan_ssh6 dest_port '22'
uci_set firewall wan_ssh6 proto 'tcp'
uci_set firewall wan_ssh6 family 'ipv6'
uci_set firewall wan_ssh6 target 'ACCEPT'
uci_commit firewall

7
gluon/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
View File

@ -29,13 +29,6 @@ uci_set firewall client input 'ACCEPT'
uci_set firewall client output 'ACCEPT'
uci_set firewall client forward 'REJECT'
config_load firewall
accept_input_on_wan() {
config_get name "$1" name
[ "$name" = 'wan' ] && uci_set firewall "$1" input 'ACCEPT'
}
config_foreach accept_input_on_wan 'zone'
uci_commit firewall
uci_set dhcp '@dnsmasq[0]' boguspriv '0'