Mirrors
/
aredn
mirror of https://github.com/aredn/aredn.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add xlinks to vpn firewall zone

This commit is contained in:
Tim Wilkinson 2022-10-03 17:50:31 -07:00 committed by Joe AE6XE
parent 64e4c1e3cd
commit 806f137ae0
1 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
files/etc/local/mesh-firewall/05-xlink Executable file
View File

@ -0,0 +1,70 @@
#! /usr/bin/lua
--[[
Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
Copyright (C) 2022 Tim Wilkinson
Original Perl Copyright (C) 2015 Conrad Lara
See Contributors file for additional contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 3 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Additional Terms:
Additional use restrictions exist on the AREDN(TM) trademark and logo.
See AREDNLicense.txt for more info.
Attributions to the AREDN Project must be retained in the source code.
If importing this code into a new or existing project attribution
to the AREDN project must be added to the source code.
You must not misrepresent the origin of the material contained within.
Modified versions must be modified to attribute to the original source
and be marked in reasonable ways as differentiate it from the original
version
--]]
require("nixio")
require("uci")
if nixio.fs.stat("/etc/config.mesh/xlink") then
uci.cursor("/etc/config.mesh"):foreach("xlink", "interface",
function(section)
local ifname = section.ifname
os.execute("/usr/sbin/iptables -D FORWARD -i " .. ifname .. " -j zone_vpn_forward 2>/dev/null")
os.execute("/usr/sbin/iptables -D INPUT -i " .. ifname .. " -j zone_vpn_input 2>/dev/null")
os.execute("/usr/sbin/iptables -D OUTPUT -o " .. ifname .. " -j zone_vpn_ACCEPT 2>/dev/null")
os.execute("/usr/sbin/iptables -D zone_vpn_ACCEPT -o " .. ifname .. " -j ACCEPT")
os.execute("/usr/sbin/iptables -D zone_vpn_ACCEPT -i " .. ifname .. " -j ACCEPT")
os.execute("/usr/sbin/iptables -D zone_vpn_REJECT -o " .. ifname .. " -j reject")
os.execute("/usr/sbin/iptables -D zone_vpn_REJECT -i " .. ifname .. " -j reject")
os.execute("/usr/sbin/iptables -D zone_vpn_dest_ACCEPT -o " .. ifname .. " -j ACCEPT")
os.execute("/usr/sbin/iptables -D zone_vpn_dest_REJECT -o " .. ifname .. " -j reject")
end
)
uci.cursor("/etc/config.mesh"):foreach("xlink", "interface",
function(section)
local ifname = section.ifname
os.execute("/usr/sbin/iptables -I FORWARD -i " .. ifname .. " -j zone_vpn_forward")
os.execute("/usr/sbin/iptables -I INPUT -i " .. ifname .. " -j zone_vpn_input")
os.execute("/usr/sbin/iptables -I OUTPUT -o " .. ifname .. " -j zone_vpn_ACCEPT")
os.execute("/usr/sbin/iptables -A zone_vpn_ACCEPT -o " .. ifname .. " -j ACCEPT")
os.execute("/usr/sbin/iptables -A zone_vpn_ACCEPT -i " .. ifname .. " -j ACCEPT")
os.execute("/usr/sbin/iptables -A zone_vpn_REJECT -o " .. ifname .. " -j reject")
os.execute("/usr/sbin/iptables -A zone_vpn_REJECT -i " .. ifname .. " -j reject")
os.execute("/usr/sbin/iptables -A zone_vpn_dest_ACCEPT -o " .. ifname .. " -j ACCEPT")
os.execute("/usr/sbin/iptables -A zone_vpn_dest_REJECT -o " .. ifname .. " -j reject")
end
)
end