9 лет назад · 16060d25d5
--- a/package/gluon-core/Makefile
+++ b/package/gluon-core/Makefile
@@ -12,7 +12,7 @@ define Package/gluon-core
 
				   SECTION:=gluon
			
 
				   CATEGORY:=Gluon
			
 
				   TITLE:=Base files of Gluon
			
 
				-  DEPENDS:=+gluon-config +lua-platform-info +luci-lib-core +odhcp6c
			
 
				+  DEPENDS:=+gluon-config +lua-platform-info +luci-lib-core +odhcp6c +firewall
			
 
				 endef
			
 
				 
			
 
				 define Package/gluon-core/description
			
--- a/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
+++ b/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
@@ -26,16 +26,5 @@ c:section('firewall', 'rule', 'wan_ssh',
 
				 	  }
			
 
				 )
			
 
				 
			
 
				-
			
 
				-c:section('firewall', 'rule', 'client_dns',
			
 
				-	  {
			
 
				-		  name = 'client_dns',
			
 
				-		  src = 'client',
			
 
				-		  dest_port = '53',
			
 
				-		  target = 'REJECT',
			
 
				-	  }
			
 
				-)
			
 
				-
			
 
				-
			
 
				 c:save('firewall')
			
 
				 c:commit('firewall')
			
--- a/package/gluon-firewall/Makefile
+++ b/package/gluon-firewall/Makefile
@@ -1,37 +0,0 @@
 
				-include $(TOPDIR)/rules.mk
			
 
				-
			
 
				-PKG_NAME:=gluon-firewall
			
 
				-PKG_VERSION:=1
			
 
				-
			
 
				-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
			
 
				-
			
 
				-include $(INCLUDE_DIR)/package.mk
			
 
				-
			
 
				-define Package/gluon-firewall
			
 
				-  SECTION:=gluon
			
 
				-  CATEGORY:=Gluon
			
 
				-  TITLE:=Restrictive firewall rules
			
 
				-  DEPENDS:=+gluon-core +firewall
			
 
				-endef
			
 
				-
			
 
				-define Package/gluon-firewall/description
			
 
				-	Gluon community wifi mesh firmware framework:
			
 
				-	Firewall rules which try to ensure a node can't be abused
			
 
				-	(e.g. for DNS amplification attacks)
			
 
				-endef
			
 
				-
			
 
				-define Build/Prepare
			
 
				-	mkdir -p $(PKG_BUILD_DIR)
			
 
				-endef
			
 
				-
			
 
				-define Build/Configure
			
 
				-endef
			
 
				-
			
 
				-define Build/Compile
			
 
				-endef
			
 
				-
			
 
				-define Package/gluon-firewall/install
			
 
				-	$(CP) ./files/* $(1)/
			
 
				-endef
			
 
				-
			
 
				-$(eval $(call BuildPackage,gluon-firewall))
			
--- a/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
+++ b/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
@@ -31,6 +31,7 @@ uci:section('network', 'interface', 'bat0',
 
				 uci:save('network')
			
 
				 uci:commit('network')
			
 
				 
			
 
				+
			
 
				 uci:delete('firewall', 'client')
			
 
				 uci:section('firewall', 'zone', 'client',
			
 
				 	    {
			
@@ -41,9 +42,20 @@ uci:section('firewall', 'zone', 'client',
 
				 		    forward = 'REJECT',
			
 
				 	    }
			
 
				 )
			
 
				+
			
 
				+c:section('firewall', 'rule', 'client_dns',
			
 
				+	  {
			
 
				+		  name = 'client_dns',
			
 
				+		  src = 'client',
			
 
				+		  dest_port = '53',
			
 
				+		  target = 'REJECT',
			
 
				+	  }
			
 
				+)
			
 
				+
			
 
				 uci:save('firewall')
			
 
				 uci:commit('firewall')
			
 
				 
			
 
				+
			
 
				 local dnsmasq = uci:get_first('dhcp', 'dnsmasq')
			
 
				 uci:set('dhcp', dnsmasq, 'boguspriv', 0)
			
 
				 uci:set('dhcp', dnsmasq, 'localise_queries', 0)