mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity
openwrt-packages/net/pbr/Makefile

210 lines
6.2 KiB
Makefile
Raw Normal View History

pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
# Copyright 2017-2023 MOSSDeF, Stan Grishin (stangri@melmac.ca)
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
# This is free software, licensed under the GNU General Public License v3.
include $(TOPDIR)/rules.mk
PKG_NAME:=pbr
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
PKG_VERSION:=1.1.4
PKG_RELEASE:=5
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
include $(INCLUDE_DIR)/package.mk
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
define Package/pbr-service/Default
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
SECTION:=net
CATEGORY:=Network
pbr: update to 1.0.1-10 Bugfixes: * better error information for empty tid/mark and failure to resolve domains * better handling of entries in /etc/iproute2/rt_tables * update packages definitions and descriptions * remove firewall4 from dependencies to prevent dependency recursion Updates: * introduce nft_user_set_policy and nft_user_set_counter to control options for user nft sets this service creares * use counters in internal nft sets Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-01-03 20:46:20 +01:00
SUBMENU:=Routing and Redirection
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
TITLE:=Policy Based Routing Service
URL:=https://docs.openwrt.melmac.net/pbr/
pbr: update to 1.1.1-1 *** MAKEFILE *** * remove libubus dependency as it was causing issues https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318 * move firewall hotplug directory/file creation out of default section into pbr and pbr-iptables packages sections in preparation for dropping it from pbr * fix no new line after output when uninstalling packages *** UCI-DEFAULTS *** * only add firewall include to firewall config if the include file exists * add shellcheck exception to netifd uci-defaults file *** SCRIPTS *** * more informative logging for firewall and iface hotplug scripts * more informative logging for firewall include script *** SERVICE *** * introduce lock-file to prevent package starting on external events if it hasn't been auto- or manually started before * use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02 * parse firewall WAN zone to append list of interfaces * append error and warning "arrays" with new messages * used shared memory to store the service output/logging messages * improve is_ovpn function to filter out false positives when interface names started with `tun` * introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config matches the device name in network config * introduce opkg_get_version to compare versions of principal and luci packages * better code to obtain AdGuardHome version with betas installed * optimize code and add better logging for errors when inserting policies with iptables * optimize code and add better logging for errors when inserting policies with nft * bugfix: insert policies in all specified protocols * bugfix: support using physical devices in policies in nft mode * bugfix: use iptPrefix, not nftPrefix in iptables commands * implement Tor support in nft mode * bugfix: fix spelling for User File Syntax error * restart service fully (instead of quick reload) for OpenVPN interface events, as the order/number of supported interfaces * more verbose output (showing handles) of status in nft mode * improve `icmp_interface`, `ignored_interface`, `supported_interface` validation regexes * improve `interface`, validation regex Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-05-01 02:44:34 +02:00
DEPENDS:=+ip-full +jshn +jsonfilter +resolveip
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
DEPENDS+=+!BUSYBOX_DEFAULT_AWK:gawk
DEPENDS+=+!BUSYBOX_DEFAULT_GREP:grep
DEPENDS+=+!BUSYBOX_DEFAULT_SED:sed
PROVIDES:=pbr-service
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
CONFLICTS:=vpnbypass vpn-policy-routing
PKGARCH:=all
endef
define Package/pbr
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(call Package/pbr-service/Default)
pbr: add provides: pbr to variants Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-12-24 00:38:25 +01:00
TITLE+= with nft/nft set support
pbr: update to 1.0.1-10 Bugfixes: * better error information for empty tid/mark and failure to resolve domains * better handling of entries in /etc/iproute2/rt_tables * update packages definitions and descriptions * remove firewall4 from dependencies to prevent dependency recursion Updates: * introduce nft_user_set_policy and nft_user_set_counter to control options for user nft sets this service creares * use counters in internal nft sets Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-01-03 20:46:20 +01:00
DEPENDS+=+kmod-nft-core +kmod-nft-nat +nftables-json
DEFAULT_VARIANT:=1
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
VARIANT:=nftables
PROVIDES+=pbr vpnbypass vpn-policy-routing
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
endef
define Package/pbr-iptables
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(call Package/pbr-service/Default)
pbr: add provides: pbr to variants Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-12-24 00:38:25 +01:00
TITLE+= with iptables/ipset support
DEPENDS+=+ipset +iptables +kmod-ipt-ipset +iptables-mod-ipopt
pbr: update to 1.0.1-10 Bugfixes: * better error information for empty tid/mark and failure to resolve domains * better handling of entries in /etc/iproute2/rt_tables * update packages definitions and descriptions * remove firewall4 from dependencies to prevent dependency recursion Updates: * introduce nft_user_set_policy and nft_user_set_counter to control options for user nft sets this service creares * use counters in internal nft sets Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-01-03 20:46:20 +01:00
VARIANT:=iptables
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
endef
define Package/pbr-netifd
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(call Package/pbr-service/Default)
pbr: add provides: pbr to variants Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-12-24 00:38:25 +01:00
TITLE+= with netifd support
pbr: update to 1.0.1-10 Bugfixes: * better error information for empty tid/mark and failure to resolve domains * better handling of entries in /etc/iproute2/rt_tables * update packages definitions and descriptions * remove firewall4 from dependencies to prevent dependency recursion Updates: * introduce nft_user_set_policy and nft_user_set_counter to control options for user nft sets this service creares * use counters in internal nft sets Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-01-03 20:46:20 +01:00
VARIANT:=netifd
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
endef
define Package/pbr-service/description
This service enables policy-based routing for WAN interfaces and various VPN tunnels.
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
endef
define Package/pbr/description
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(call Package/pbr-service/description)
This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
endef
define Package/pbr-iptables/description
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(call Package/pbr-service/description)
This version supports OpenWrt with firewall3/ipset/iptables.
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
endef
define Package/pbr-netifd/description
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(call Package/pbr-service/description)
This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
endef
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
define Package/pbr-service/conffiles
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
/etc/config/pbr
endef
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
Package/pbr/conffiles = $(Package/pbr-service/conffiles)
Package/pbr-iptables/conffiles = $(Package/pbr-service/conffiles)
Package/pbr-netifd/conffiles = $(Package/pbr-service/conffiles)
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
define Build/Configure
endef
define Build/Compile
endef
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
define Package/pbr-service/install
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
$(INSTALL_DIR) $(1)/etc/init.d
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(INSTALL_BIN) ./files/etc/init.d/pbr $(1)/etc/init.d/pbr
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
$(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/pbr
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
$(INSTALL_DIR) $(1)/usr/share/pbr
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(INSTALL_DATA) ./files/usr/share/pbr/.keep $(1)/usr/share/pbr/.keep
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.wg_server_and_client $(1)/usr/share/pbr/pbr.user.wg_server_and_client
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
endef
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
# $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
# $(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
define Package/pbr/install
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(call Package/pbr-service/install,$(1))
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
pbr: update to 1.1.1-1 *** MAKEFILE *** * remove libubus dependency as it was causing issues https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318 * move firewall hotplug directory/file creation out of default section into pbr and pbr-iptables packages sections in preparation for dropping it from pbr * fix no new line after output when uninstalling packages *** UCI-DEFAULTS *** * only add firewall include to firewall config if the include file exists * add shellcheck exception to netifd uci-defaults file *** SCRIPTS *** * more informative logging for firewall and iface hotplug scripts * more informative logging for firewall include script *** SERVICE *** * introduce lock-file to prevent package starting on external events if it hasn't been auto- or manually started before * use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02 * parse firewall WAN zone to append list of interfaces * append error and warning "arrays" with new messages * used shared memory to store the service output/logging messages * improve is_ovpn function to filter out false positives when interface names started with `tun` * introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config matches the device name in network config * introduce opkg_get_version to compare versions of principal and luci packages * better code to obtain AdGuardHome version with betas installed * optimize code and add better logging for errors when inserting policies with iptables * optimize code and add better logging for errors when inserting policies with nft * bugfix: insert policies in all specified protocols * bugfix: support using physical devices in policies in nft mode * bugfix: use iptPrefix, not nftPrefix in iptables commands * implement Tor support in nft mode * bugfix: fix spelling for User File Syntax error * restart service fully (instead of quick reload) for OpenVPN interface events, as the order/number of supported interfaces * more verbose output (showing handles) of status in nft mode * improve `icmp_interface`, `ignored_interface`, `supported_interface` validation regexes * improve `interface`, validation regex Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-05-01 02:44:34 +02:00
$(INSTALL_DIR) $(1)/usr/share/pbr
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(INSTALL_DATA) ./files/usr/share/pbr/firewall.include $(1)/usr/share/pbr/firewall.include
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
$(INSTALL_DIR) $(1)/usr/share/nftables.d
$(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d/
endef
define Package/pbr-iptables/install
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(call Package/pbr-service/install,$(1))
pbr: update to 1.1.1-1 *** MAKEFILE *** * remove libubus dependency as it was causing issues https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318 * move firewall hotplug directory/file creation out of default section into pbr and pbr-iptables packages sections in preparation for dropping it from pbr * fix no new line after output when uninstalling packages *** UCI-DEFAULTS *** * only add firewall include to firewall config if the include file exists * add shellcheck exception to netifd uci-defaults file *** SCRIPTS *** * more informative logging for firewall and iface hotplug scripts * more informative logging for firewall include script *** SERVICE *** * introduce lock-file to prevent package starting on external events if it hasn't been auto- or manually started before * use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02 * parse firewall WAN zone to append list of interfaces * append error and warning "arrays" with new messages * used shared memory to store the service output/logging messages * improve is_ovpn function to filter out false positives when interface names started with `tun` * introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config matches the device name in network config * introduce opkg_get_version to compare versions of principal and luci packages * better code to obtain AdGuardHome version with betas installed * optimize code and add better logging for errors when inserting policies with iptables * optimize code and add better logging for errors when inserting policies with nft * bugfix: insert policies in all specified protocols * bugfix: support using physical devices in policies in nft mode * bugfix: use iptPrefix, not nftPrefix in iptables commands * implement Tor support in nft mode * bugfix: fix spelling for User File Syntax error * restart service fully (instead of quick reload) for OpenVPN interface events, as the order/number of supported interfaces * more verbose output (showing handles) of status in nft mode * improve `icmp_interface`, `ignored_interface`, `supported_interface` validation regexes * improve `interface`, validation regex Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-05-01 02:44:34 +02:00
$(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
$(INSTALL_DATA) ./files/etc/hotplug.d/firewall/70-pbr $(1)/etc/hotplug.d/firewall/70-pbr
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/etc/config/pbr.iptables $(1)/etc/config/pbr
endef
define Package/pbr-netifd/install
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
$(call Package/pbr-service/install,$(1))
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/etc/uci-defaults/91-pbr $(1)/etc/uci-defaults/91-pbr
endef
define Package/pbr/postinst
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
chmod -x /etc/init.d/pbr || true
fw4 -q reload || true
chmod +x /etc/init.d/pbr || true
echo -n "Installing rc.d symlink for pbr... "
/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
fi
exit 0
endef
define Package/pbr/prerm
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
uci -q delete firewall.pbr || true
pbr: update to 1.1.1-1 *** MAKEFILE *** * remove libubus dependency as it was causing issues https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318 * move firewall hotplug directory/file creation out of default section into pbr and pbr-iptables packages sections in preparation for dropping it from pbr * fix no new line after output when uninstalling packages *** UCI-DEFAULTS *** * only add firewall include to firewall config if the include file exists * add shellcheck exception to netifd uci-defaults file *** SCRIPTS *** * more informative logging for firewall and iface hotplug scripts * more informative logging for firewall include script *** SERVICE *** * introduce lock-file to prevent package starting on external events if it hasn't been auto- or manually started before * use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02 * parse firewall WAN zone to append list of interfaces * append error and warning "arrays" with new messages * used shared memory to store the service output/logging messages * improve is_ovpn function to filter out false positives when interface names started with `tun` * introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config matches the device name in network config * introduce opkg_get_version to compare versions of principal and luci packages * better code to obtain AdGuardHome version with betas installed * optimize code and add better logging for errors when inserting policies with iptables * optimize code and add better logging for errors when inserting policies with nft * bugfix: insert policies in all specified protocols * bugfix: support using physical devices in policies in nft mode * bugfix: use iptPrefix, not nftPrefix in iptables commands * implement Tor support in nft mode * bugfix: fix spelling for User File Syntax error * restart service fully (instead of quick reload) for OpenVPN interface events, as the order/number of supported interfaces * more verbose output (showing handles) of status in nft mode * improve `icmp_interface`, `ignored_interface`, `supported_interface` validation regexes * improve `interface`, validation regex Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-05-01 02:44:34 +02:00
echo "Stopping pbr service... "
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
/etc/init.d/pbr stop quiet && echo "OK" || echo "FAIL"
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
echo -n "Removing rc.d symlink for pbr... "
/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
fi
exit 0
endef
define Package/pbr/postrm
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
fw4 -q reload || true
fi
exit 0
endef
define Package/pbr-iptables/postinst
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
pbr: update to 1.0.1-14 * improve install/uninstall messages * fix ips add command * add boot() to init file Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-01-17 01:41:48 +01:00
echo -n "Installing rc.d symlink for pbr-iptables... "
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
fi
exit 0
endef
define Package/pbr-iptables/prerm
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
uci -q delete firewall.pbr || true
pbr: update to 1.1.1-1 *** MAKEFILE *** * remove libubus dependency as it was causing issues https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318 * move firewall hotplug directory/file creation out of default section into pbr and pbr-iptables packages sections in preparation for dropping it from pbr * fix no new line after output when uninstalling packages *** UCI-DEFAULTS *** * only add firewall include to firewall config if the include file exists * add shellcheck exception to netifd uci-defaults file *** SCRIPTS *** * more informative logging for firewall and iface hotplug scripts * more informative logging for firewall include script *** SERVICE *** * introduce lock-file to prevent package starting on external events if it hasn't been auto- or manually started before * use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02 * parse firewall WAN zone to append list of interfaces * append error and warning "arrays" with new messages * used shared memory to store the service output/logging messages * improve is_ovpn function to filter out false positives when interface names started with `tun` * introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config matches the device name in network config * introduce opkg_get_version to compare versions of principal and luci packages * better code to obtain AdGuardHome version with betas installed * optimize code and add better logging for errors when inserting policies with iptables * optimize code and add better logging for errors when inserting policies with nft * bugfix: insert policies in all specified protocols * bugfix: support using physical devices in policies in nft mode * bugfix: use iptPrefix, not nftPrefix in iptables commands * implement Tor support in nft mode * bugfix: fix spelling for User File Syntax error * restart service fully (instead of quick reload) for OpenVPN interface events, as the order/number of supported interfaces * more verbose output (showing handles) of status in nft mode * improve `icmp_interface`, `ignored_interface`, `supported_interface` validation regexes * improve `interface`, validation regex Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-05-01 02:44:34 +02:00
echo "Stopping pbr-iptables service... "
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
/etc/init.d/pbr stop quiet && echo "OK" || echo "FAIL"
pbr: update to 1.0.1-14 * improve install/uninstall messages * fix ips add command * add boot() to init file Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-01-17 01:41:48 +01:00
echo -n "Removing rc.d symlink for pbr-iptables... "
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
fi
exit 0
endef
define Package/pbr-netifd/postinst
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
pbr: update to 1.0.1-14 * improve install/uninstall messages * fix ips add command * add boot() to init file Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-01-17 01:41:48 +01:00
echo -n "Installing rc.d symlink for pbr-netifd... "
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
fi
exit 0
endef
define Package/pbr-netifd/prerm
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
uci -q delete firewall.pbr || true
pbr: update to 1.1.1-1 *** MAKEFILE *** * remove libubus dependency as it was causing issues https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318 * move firewall hotplug directory/file creation out of default section into pbr and pbr-iptables packages sections in preparation for dropping it from pbr * fix no new line after output when uninstalling packages *** UCI-DEFAULTS *** * only add firewall include to firewall config if the include file exists * add shellcheck exception to netifd uci-defaults file *** SCRIPTS *** * more informative logging for firewall and iface hotplug scripts * more informative logging for firewall include script *** SERVICE *** * introduce lock-file to prevent package starting on external events if it hasn't been auto- or manually started before * use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02 * parse firewall WAN zone to append list of interfaces * append error and warning "arrays" with new messages * used shared memory to store the service output/logging messages * improve is_ovpn function to filter out false positives when interface names started with `tun` * introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config matches the device name in network config * introduce opkg_get_version to compare versions of principal and luci packages * better code to obtain AdGuardHome version with betas installed * optimize code and add better logging for errors when inserting policies with iptables * optimize code and add better logging for errors when inserting policies with nft * bugfix: insert policies in all specified protocols * bugfix: support using physical devices in policies in nft mode * bugfix: use iptPrefix, not nftPrefix in iptables commands * implement Tor support in nft mode * bugfix: fix spelling for User File Syntax error * restart service fully (instead of quick reload) for OpenVPN interface events, as the order/number of supported interfaces * more verbose output (showing handles) of status in nft mode * improve `icmp_interface`, `ignored_interface`, `supported_interface` validation regexes * improve `interface`, validation regex Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-05-01 02:44:34 +02:00
echo "Stopping pbr-netifd service... "
pbr: update to 1.1.4-5 This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
2024-03-18 02:43:50 +01:00
/etc/init.d/pbr stop quiet && echo "OK" || echo "FAIL"
pbr: initial commit * The makefile produces the nft and iptables capable `pbr` package and the `pbr-iptables` package for legacy setups * This replaces `vpnbypass` and `vpn-policy-routing` packages * I'm soliciting feedback on this package and my intention is to update the version to 1.0.0 before this is merged, but I need the feedback on this and luci-app-pbr before then. Signed-off-by: Stan Grishin <stangri@melmac.ca>
2022-11-01 00:08:01 +01:00
echo -n "Removing rc.d symlink for pbr... "
/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
fi
exit 0
endef
$(eval $(call BuildPackage,pbr))
$(eval $(call BuildPackage,pbr-iptables))
#$(eval $(call BuildPackage,pbr-netifd))