Accept all peers

fastd/fastd.conf

@@ -53,7 +53,11 @@ on down "
 #on establish    async "/usr/local/bin/ff_log_vpnpeer establish";
 #on disestablish async "/usr/local/bin/ff_log_vpnpeer disestablish";
 
-include peers from "/etc/freifunk/peers";
+# Nur registrierte Peers -- ALT --
+#include peers from "/etc/freifunk/peers";
+
+on verify "/etc/fastd/verify-peer.sh $PEER_KEY $PEER_ADDRESS";
+
   {%- if peer_limit %}
 peer limit {{ peer_limit }};
   {%- endif %}

fastd/peers-blacklist

@@ -0,0 +1,2 @@
+# Insert one key per row. verify.sh greps for the connecting key in this file
+# and exits with 1 if key is found.

fastd/peers.sls

@@ -7,6 +7,21 @@ include:
   - ffho_base
   - keys
 
+# publish blacklist
+/etc/fastd/peers-blacklist:
+  file.manaed:
+    - source: salt://fastd/peers-blacklist
+    - user: root
+    - group: root
+    - mode: 644
+
+/etc/fastd/verify-peer.sh:
+  file.managed:
+    - source: salt://fastd/verify-peer.sh
+    - user: root
+    - group: root
+    - mode: 744
+
 # Pull fastd mesh peers git
 peers-git:
   git.latest:

fastd/verify-peer.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+timestamp() {
+  date +"%Y-%m-%d %H:%M:%S"
+}
+
+if [ -n "$(cat /etc/fastd/peers-blacklist | grep "$1")" ]; then
+	echo -e "$(timestamp)\t$1\t$2\tblocked" >> /var/log/fastd.blacklist;
+	exit 1;
+else
+	exit 0;
+fi