Inicio Explorar Axuda
Rexistro Iniciar sesión
FreifunkHochstift
/
ffho-packages
3
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0
Explorar o código

Get allowed prefixes from site.conf

With this commit, the allowed networks for ipv4 and ipv6 are
retrieved from the global config file site.conf. An additional
option was added "additional_prefix6" to hold all extra prefixes
beside the main prefix given in "prefix6".

See https://git.c3pb.de/freifunk-pb/ffpb-packages/issues/3
Michael Schwarz %!s(int64=9) %!d(string=hai) anos
pai
d2742c47f2
achega
2b92e12de3
Modificáronse 2 ficheiros con 26 adicións e 9 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 7 4
      ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv4-space
  2. 19 5
      ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv6-spaces

+ 7 - 4
ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv4-space
Ver ficheiro 

@@ -1,4 +1,7 @@
 
-rule 'FFPB_NET_ONLY -p IPv4 --ip-protocol udp --ip-destination-port 67 -j RETURN'
 
-rule 'FFPB_NET_ONLY -p IPv4 --ip-src 10.132.0.0/17 -j RETURN'
 
-rule 'FFPB_NET_ONLY -p ARP --arp-ip-src 10.132.0.0/17 --arp-ip-dst 10.132.0.0/17 -j RETURN'
 
-rule 'FFPB_NET_ONLY -p ARP --arp-ip-src 0.0.0.0/0 --arp-ip-dst 10.132.0.0/17 -j RETURN'
 
+siteConfig = require("gluon.site_config")
 
+prefix4 = siteConfig.prefix4
 
+
 
+rule ('FFPB_NET_ONLY -p IPv4 --ip-protocol udp --ip-destination-port 67 -j RETURN')
 
+rule ('FFPB_NET_ONLY -p IPv4 --ip-src ' .. prefix4 .. ' -j RETURN')
 
+rule ('FFPB_NET_ONLY -p ARP --arp-ip-src ' .. prefix4 .. ' --arp-ip-dst ' .. prefix4 .. ' -j RETURN')
 
+rule ('FFPB_NET_ONLY -p ARP --arp-ip-src 0.0.0.0/0 --arp-ip-dst ' .. prefix4 .. ' -j RETURN')

+ 19 - 5
ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv6-spaces
Ver ficheiro 

@@ -1,5 +1,19 @@
 
-rule 'FFPB_NET_ONLY -p IPv6 --ip6-src fe80::/10 -j RETURN'
 
-rule 'FFPB_NET_ONLY -p IPv6 --ip6-dst ff00::/8 -j RETURN'
 
-rule 'FFPB_NET_ONLY -p IPv6 --ip6-src fdca:ffee:ff12:132::/64 -j RETURN'
 
-rule 'FFPB_NET_ONLY -p IPv6 --ip6-src 2001:470:6d:860::/64 -j RETURN'
 
-rule 'FFPB_NET_ONLY -p IPv6 --ip6-src 2a03:2260:113::/48 -j RETURN'
 
+siteConfig = require("gluon.site_config")
 
+
 
+-- iterate through lists
 
+function list_iter (_table)
 
+    local i = 0 
+    local n = table.getn(_table)
 
+    return function ()
 
+        i = i + 1 
+        if i <= n then return _table[i] end 
+    end 
+end
 
+
 
+rule ('FFPB_NET_ONLY -p IPv6 --ip6-src fe80::/10 -j RETURN')
 
+rule ('FFPB_NET_ONLY -p IPv6 --ip6-dst ff00::/8 -j RETURN')
 
+rule ('FFPB_NET_ONLY -p IPv6 --ip6-src ' .. siteConfig.prefix6 .. ' -j RETURN')
 
+
 
+for prefix in list_iter(siteConfig.additional_prefix6) do
 
+	rule ('FFPB_NET_ONLY -p IPv6 --ip6-src ' .. prefix .. ' -j RETURN')
 
+end