mirror of https://github.com/aredn/aredn.git
feature: FirewallIncludes: Add program that will auto include firewall rules that are in a set directory.
This is the basis for allowing packages to contain firewall rules that can be just dropped in a folder at install time.
This commit is contained in:
parent
4372605f8f
commit
477a20d55a
|
@ -80,6 +80,10 @@ config rule
|
|||
option family ipv4
|
||||
option target ACCEPT
|
||||
|
||||
config include
|
||||
option path /usr/local/bin/mesh-firewall
|
||||
option reload 1
|
||||
|
||||
config include
|
||||
option path /etc/firewall.user
|
||||
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
## This directory includes shell scripts that will be auto executed each time the firewall is reloaded
|
||||
## Some variables are set in the environment to make checks easier.
|
||||
## Files should follow the ##-name structure and be marked executable.
|
||||
## This directory is NOT saved during an OTA Upgrade
|
|
@ -0,0 +1,67 @@
|
|||
#!/bin/sh
|
||||
<<'LICENSE'
|
||||
Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
|
||||
Copyright (C) 2015 Conrad Lara
|
||||
See Contributors file for additional contributors
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation version 3 of the License.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Additional Terms:
|
||||
|
||||
Additional use restrictions exist on the AREDN(TM) trademark and logo.
|
||||
See AREDNLicense.txt for more info.
|
||||
|
||||
Attributions to the AREDN Project must be retained in the source code.
|
||||
If importing this code into a new or existing project attribution
|
||||
to the AREDN project must be added to the source code.
|
||||
|
||||
You must not misrepresent the origin of the material conained within.
|
||||
|
||||
Modified versions must be modified to attribute to the original source
|
||||
and be marked in reasonable ways as differentiate it from the original
|
||||
version.
|
||||
|
||||
LICENSE
|
||||
|
||||
|
||||
### Lets export some variables to help other scripts we call later.
|
||||
|
||||
#Are we in NAT mode
|
||||
if [ -f "/etc/config/dmz-mode" ]
|
||||
then
|
||||
export MESHFW_NATLAN=0
|
||||
else
|
||||
export MESHFW_NATLAN=1
|
||||
fi
|
||||
|
||||
#Is this node a meshgw
|
||||
export MESHFW_MESHGW
|
||||
MESHFW_MESHGW=$(grep -i olsrd_gw /etc/config.mesh/_setup|cut -d ' ' -f 3)
|
||||
|
||||
# Are tunnels 'enabled'
|
||||
if [ -x "/usr/sbin/vtund" ]
|
||||
then
|
||||
export MESHFW_TUNNELS_ENABLED=1
|
||||
else
|
||||
export MESHFW_TUNNELS_ENABLED=0
|
||||
fi
|
||||
|
||||
# Lets execute each include file
|
||||
|
||||
for file in /etc/local/mesh-firewall/*
|
||||
do
|
||||
if ( [ -x "$file" ] && [ -f "$file" ] ); then
|
||||
echo "mesh-firewall: Executing $file"
|
||||
$file
|
||||
fi
|
||||
done
|
Loading…
Reference in New Issue