Add the following option to the client config section in
`/etc/config/gateway` to enable a basic stateful firewall:
```
config client
option stateful_firewall '1'
```
The firewall will forward icmp mesages and allow any outbound client
traffic and related inbound traffic.
Acked-by: Fabian Bläse <fabian@blaese.de>
Include nftables and appropriate modules. Translate ip- and ebtables
rules to their nftables counterparts. Remove ip/ebtables and modules.
This change intentionally tries to keep structural changes at a minimum
to keep the rule translation comprehensible.
kmod-nft-bridge is not required for fff-node, because it was merged into
a single kernel module since Linux 4.17:
[1] 02c7b25e5f
[2] fbaf48387eFixes: #252
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Co-authored-by: Johannes Kimmel <fff@bareminimum.eu>
This patch add the latency to the nodewatcher data.
The target of the ping can configure in /etc/config/fff
Example:
config latency 'latency'
option ipv4 'ff1.zbau.f3netze.de'
option ipv6 'ff1.zbau.f3netze.de'
if no target is set, no latency is send.
Signed-off-by: Christian Dresel <freifunk@dresel.systems>
Acked-by: Fabian Bläse <fabian@blaese.de>
The term "gateway" is ambiguous, and we are using "layer 3" for this
flavor now. Reflect that in the package name as well.
This is cosmetic otherwise.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Christian Dresel <freifunk@dresel.systems>
Johannes Kimmel
Fabian Bläse
Christian Dresel
Adrian Schmutzler