Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
FreifunkHochstift
/
gluon
6
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0
Koks: 1c1c9f8fc7
Atzari Tagi
gluon
/
package
/
gluon-respondd
/
luasrc
/
lib
/
gluon
/
upgrade
/
400-respondd-firewall

400-respondd-firewall 839 B
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536 
  1. #!/usr/bin/lua
    2. 

  2. 

  3. local uci = require('simple-uci').cursor()
    4. 

  4. 

  5. uci:delete('firewall', 'wan_announced')
    6. 

  6. 

  7. -- Allow respondd port on WAN to allow resolving neighbours over mesh-on-wan
    8. 

  8. uci:section('firewall', 'rule', 'wan_respondd', {
    9. 

  9. 	name = 'wan_respondd',
    10. 

  10. 	src = 'wan',
    11. 

  11. 	src_ip = 'fe80::/64',
    12. 

  12. 	dest_port = '1001',
    13. 

  13. 	proto = 'udp',
    14. 

  14. 	target = 'ACCEPT',
    15. 

  15. })
    16. 

  16. 

  17. -- Restrict respondd queries to link-local addresses to prevent amplification attacks from outside
    18. 

  18. uci:section('firewall', 'rule', 'client_respondd', {
    19. 

  19. 	name = 'client_respondd',
    20. 

  20. 	src = 'client_local',
    21. 

  21. 	src_ip = 'fe80::/64',
    22. 

  22. 	dest_port = '1001',
    23. 

  23. 	proto = 'udp',
    24. 

  24. 	target = 'ACCEPT',
    25. 

  25. })
    26. 

  26. 

  27. uci:section('firewall', 'rule',  'mesh_respondd_ll', {
    28. 

  28. 	name = 'mesh_respondd_ll',
    29. 

  29. 	src = 'mesh',
    30. 

  30. 	src_ip = 'fe80::/64',
    31. 

  31. 	dest_port = '1001',
    32. 

  32. 	proto = 'udp',
    33. 

  33. 	target = 'ACCEPT',
    34. 

  34. })
    35. 

  35. 

  36. uci:save('firewall')
    37.