Fix firewall rules. (#1041)

1. Allow wireguard tunnels in iface mesh setup (treat like vtuns) 2. Fix incorrectly setting up dtd/wifi to wan rules
2023-12-21 11:06:15 -08:00 · 2023-12-21 11:06:15 -08:00 · 509d475133
parent 56043e0e0b
commit 509d475133
2 changed files with 2 additions and 2 deletions
--- a/files/etc/hotplug.d/iface/11-meshrouting
+++ b/files/etc/hotplug.d/iface/11-meshrouting
@ -50,7 +50,7 @@ if [ "$ACTION" = "ifup" ] ; then

  echo "Setting routing rules."

-  if [ "$INTERFACE" == "wifi" ] || [ "$INTERFACE" == "dtdlink" ] || [ "${INTERFACE:0:3}" = "tun" ] || [ "$xlink" != "" ]; then
+  if [ "$INTERFACE" == "wifi" ] || [ "$INTERFACE" == "dtdlink" ] || [ "${INTERFACE:0:3}" = "tun" ] || [ "${INTERFACE:0:2}" = "wg" ] || [ "$xlink" != "" ]; then
    if [ "$(/sbin/uci -q get aredn.@dmz[0].mode)" != "0" ] ; then 
      ip rule add pref 20010 iif $DEVICE lookup 29
    fi
--- a/files/usr/local/bin/node-setup
+++ b/files/usr/local/bin/node-setup
@ -584,7 +584,7 @@ if fw then
        fw:write("\nconfig 'include'\n        option 'path' '/etc/firewall.natmode'\n        option 'reload' '1'\n")
    end

-    if c:get("aredn", "@wan[0]", "olsrd_gw") == "1" then
+    if nc:get("aredn", "@wan[0]", "olsrd_gw") == "1" then
        fw:write("\nconfig forwarding\n        option src    wifi\n        option dest   wan\n")
        fw:write("\nconfig forwarding\n        option src    dtdlink\n        option dest   wan\n")
    end