|
|
@@ -1,6 +1,7 @@
|
|
|
#!/usr/bin/lua
|
|
|
|
|
|
local uci = require('simple-uci').cursor()
|
|
|
+local site = require('gluon.site')
|
|
|
|
|
|
uci:delete('firewall', 'wan_announced')
|
|
|
|
|
|
@@ -14,7 +15,7 @@ uci:section('firewall', 'rule', 'wan_respondd', {
|
|
|
target = 'ACCEPT',
|
|
|
})
|
|
|
|
|
|
--- Restrict respondd queries to link-local addresses to prevent amplification attacks from outside
|
|
|
+-- Allow respondd-access on client_local
|
|
|
uci:section('firewall', 'rule', 'client_respondd', {
|
|
|
name = 'client_respondd',
|
|
|
src = 'client_local',
|
|
|
@@ -33,4 +34,13 @@ uci:section('firewall', 'rule', 'mesh_respondd_ll', {
|
|
|
target = 'ACCEPT',
|
|
|
})
|
|
|
|
|
|
+uci:section('firewall', 'rule', 'mesh_respondd_siteprefix', {
|
|
|
+ name = 'mesh_respondd_siteprefix',
|
|
|
+ src = 'mesh',
|
|
|
+ src_ip = site.prefix6(),
|
|
|
+ dest_port = '1001',
|
|
|
+ proto = 'udp',
|
|
|
+ target = 'ACCEPT',
|
|
|
+})
|
|
|
+
|
|
|
uci:save('firewall')
|
Christof Schulze