mirror of https://github.com/aredn/aredn.git
More xlink firewall fixes (#581)
This commit is contained in:
parent
2ce44832cf
commit
9ee849eb3f
|
@ -54,7 +54,7 @@ if nixio.fs.stat("/etc/config.mesh/xlink") then
|
||||||
local ifname = section.ifname
|
local ifname = section.ifname
|
||||||
nft_delete("forward", "iifname \"" .. ifname .. "\".*jump forward_dtdlink")
|
nft_delete("forward", "iifname \"" .. ifname .. "\".*jump forward_dtdlink")
|
||||||
nft_delete("input", "iifname \"" .. ifname .. "\".*jump input_dtdlink")
|
nft_delete("input", "iifname \"" .. ifname .. "\".*jump input_dtdlink")
|
||||||
nft_delete("output", "oifname \"" .. ifname .. "\".*jump accept_to_dtdlink")
|
nft_delete("output", "oifname \"" .. ifname .. "\".*jump output_dtdlink")
|
||||||
nft_delete("accept_to_dtdlink", "oifname \"" .. ifname .. "\".*accept")
|
nft_delete("accept_to_dtdlink", "oifname \"" .. ifname .. "\".*accept")
|
||||||
nft_delete("reject_to_dtdlink", "oifname \"" .. ifname .. "\".*reject")
|
nft_delete("reject_to_dtdlink", "oifname \"" .. ifname .. "\".*reject")
|
||||||
nft_delete("reject_from_dtdlink", "iifname \"" .. ifname .. "\".*reject")
|
nft_delete("reject_from_dtdlink", "iifname \"" .. ifname .. "\".*reject")
|
||||||
|
@ -66,8 +66,8 @@ if nixio.fs.stat("/etc/config.mesh/xlink") then
|
||||||
function(section)
|
function(section)
|
||||||
local ifname = section.ifname
|
local ifname = section.ifname
|
||||||
os.execute("/usr/sbin/nft insert rule ip fw4 forward iifname \"" .. ifname .. "\" counter jump forward_dtdlink")
|
os.execute("/usr/sbin/nft insert rule ip fw4 forward iifname \"" .. ifname .. "\" counter jump forward_dtdlink")
|
||||||
os.execute("/usr/sbin/nft insert rule ip fw4 input iifname \"" .. ifname .. "\" counter jump input_dtdlink")
|
os.execute("/usr/sbin/nft add rule ip fw4 input iifname \"" .. ifname .. "\" counter jump input_dtdlink")
|
||||||
os.execute("/usr/sbin/nft insert rule ip fw4 output oifname \"" .. ifname .. "\" counter jump accept_to_dtdlink")
|
os.execute("/usr/sbin/nft add rule ip fw4 output oifname \"" .. ifname .. "\" counter jump output_dtdlink")
|
||||||
os.execute("/usr/sbin/nft add rule ip fw4 accept_to_dtdlink oifname \"" .. ifname .. "\" counter accept")
|
os.execute("/usr/sbin/nft add rule ip fw4 accept_to_dtdlink oifname \"" .. ifname .. "\" counter accept")
|
||||||
os.execute("/usr/sbin/nft add rule ip fw4 reject_to_dtdlink oifname \"" .. ifname .. "\" counter reject")
|
os.execute("/usr/sbin/nft add rule ip fw4 reject_to_dtdlink oifname \"" .. ifname .. "\" counter reject")
|
||||||
os.execute("/usr/sbin/nft add rule ip fw4 reject_from_dtdlink iifname \"" .. ifname .. "\" counter reject")
|
os.execute("/usr/sbin/nft add rule ip fw4 reject_from_dtdlink iifname \"" .. ifname .. "\" counter reject")
|
||||||
|
|
Loading…
Reference in New Issue