|
@@ -14,7 +14,7 @@ end
|
|
|
|
|
|
uci:foreach('firewall', 'zone', reject_input_on_wan)
|
|
|
|
|
|
-for _, zone in ipairs ({ 'mesh', 'local_client' } ) do
|
|
|
+for _, zone in ipairs({'mesh', 'local_client', 'wired_mesh'}) do
|
|
|
-- Other packages assign interfaces to these zones
|
|
|
uci:section('firewall', 'zone', zone, {
|
|
|
name = zone,
|
|
@@ -24,7 +24,7 @@ for _, zone in ipairs ({ 'mesh', 'local_client' } ) do
|
|
|
forward = 'REJECT',
|
|
|
})
|
|
|
|
|
|
- uci:section('firewall', 'rule', zone .. '_ICMPv6_in', {
|
|
|
+ uci:section('firewall', 'rule', zone .. '_ICMPv6_in', {
|
|
|
src = zone,
|
|
|
proto = 'icmp',
|
|
|
icmp_type = {
|
|
@@ -53,7 +53,7 @@ for _, zone in ipairs ({ 'mesh', 'local_client' } ) do
|
|
|
uci:delete('firewall', zone .. '_ICMPv6_out')
|
|
|
end
|
|
|
|
|
|
-uci:section('firewall', 'rule', 'local_client_ICMPv4_in', {
|
|
|
+uci:section('firewall', 'rule', 'local_client_ICMPv4_in', {
|
|
|
src = 'local_client',
|
|
|
proto = 'icmp',
|
|
|
icmp_type = {
|
|
@@ -76,4 +76,22 @@ for _, zone in ipairs({ 'wan', 'local_client', 'mesh' }) do
|
|
|
end
|
|
|
|
|
|
|
|
|
+-- We can't put mesh_wan into this zone, as mesh_wan is the same
|
|
|
+-- interface as wan, which has its own zone
|
|
|
+uci:set('firewall', 'wired_mesh', 'network', {'mesh_lan'})
|
|
|
+
|
|
|
+-- VXLAN for wired meshing
|
|
|
+for _, zone in ipairs({'wired_mesh', 'wan'}) do
|
|
|
+ uci:section('firewall', 'rule', zone .. '_vxlan', {
|
|
|
+ name = zone .. '_vxlan',
|
|
|
+ src = zone,
|
|
|
+ family = 'ipv6',
|
|
|
+ src_ip = 'fe80::/64',
|
|
|
+ proto = 'udp',
|
|
|
+ dest_port = '4789',
|
|
|
+ target = 'ACCEPT',
|
|
|
+ })
|
|
|
+end
|
|
|
+
|
|
|
+
|
|
|
uci:save('firewall')
|