Commit Graph

23 Commits

Author SHA1 Message Date
Tim Wilkinson 806f137ae0 Add xlinks to vpn firewall zone 2022-10-04 22:06:04 -07:00
Tim Wilkinson e1ddbabb85 Migrate LAN-to-WAN options to advance configuration 2022-08-15 11:16:24 -07:00
Tim Wilkinson ac012ae7b2 Improve non-WAN firewalling 2022-08-15 11:16:24 -07:00
Tim Wilkinson c240d8a4a9 Block forwarding between LAN and WAN when necessary.
When "Prevent LAN devices from accessing WAN" is enabled
2022-08-15 11:16:24 -07:00
Tim Wilkinson b23ab5ee8a
Link Quality Management (#360)
* Link Quality Management experiment (built in)

* Protect LQM pages

* Omit "empty" mac addresses

* Integrate LQM v0.2
Includes proposed UI if this were built-in.
When LQM is enabled (advanced settings) the usual distance inputs are
replaced with "min snr' and "max distance" inputs which are the major
ones you might tweak, as well as a link to the LQM status page.
Other controls are now available (so protected) in advanced settings.

* Improve LQM updating

* Use running snr averages

* Merge app changes

* AREDN-ize the UI

* Improve status language

* Improved DtD detection

* Improve quality reporting

* Link Quality category

* Enable by default

* Better intergration

* Link => Neighbor

* Formatting

* Make sure initial page is populated without extra fetch

* Handle empty lqm.info

* Update with latest experiment algorithm changes

* Validate LQM settings before applying them

* Algorithm updates

* Improve quality reporting

* %% -> %

* Default max distance now 50 miles

* Get actual noise if radio will provide it

* low_snr => min_snr

* Dont print node description if we dont have one

* Remove properties duplicated from setup page

* Localize max distance. Miles in GB and US, Kilometers everywhere else.

* Ping link quality testing

* UDP 'ping' for quality check

* Change Active Settings title

* Expand ping test

* Improve messaging

* Add a ping penalty for neighbors which cannot be contacted in a timely manner.

* Remove user_blocks config option. No one needs to use this anymore.

* Localize distances on lqm page

* Improve status reporting

* First run emergency node setup.
When a node first runs LQM, if the default settings fail to connect to
a node we will now adjust them so that at least one node is viable.

* Restore blocking of mac addresses

* LQM now off by default
fixed #47
2022-05-18 12:49:00 -05:00
dman776 02ffc1e1b9
Revert "Prevent mesh from accessing internal LAN (#175)" (#240)
This reverts commit 86473b642e.
2022-02-28 15:45:46 -06:00
battlehax 86473b642e
Prevent mesh from accessing internal LAN (#175) 2022-02-28 14:41:22 -06:00
Joe AE6XE b53ce1e817
bugfix: aredn firewall blocking traffic when using tunnel feature (#524)
fixes #522
tested by: Matthew KB9OIV <Matthew.annen@gmail.com>
tested by: Chris K3ADA <sutehk.cs@gmail.com>

Resolves 2 issues with tunnel iptable rules.  A rule needed to be
shifted down by 1 position in chain given upgrade to openwrt 19.07.
Reload of rules was not correctly retaining chain order and creating
duplicate entries, inadvertantly blocking intended traffic.
2020-04-29 20:54:29 -05:00
Joe AE6XE 9ce76e1e7e aredn: preserve custom firewall rules across sysupgrade
groups with custom rules created in /etc/local/mesh-firewall
for echolink, ampr.net, and other integrations with internet
based appications can preserve rules across a firmware
upgrade by locating the custom rules in this directory
using a file named 59-custom-rules
2018-09-06 19:45:42 -07:00
Trevor Paskett af0e26dd84 config change to make uhttpd listen on port 80 and 8080 (#142)
* config change to make uhttpd listen on port 80 and 8080

* add port 80 to tunnel firewall rules

* add port 80 to tunnel firewall rules in config, update help

* firewall rules for wan + dtdlink
2018-08-20 14:09:47 -05:00
Joe AE6XE 53fd55b345 aredn: tunnel firewall rules upgrade to openwrt 18.06
fixes: #68
2018-07-14 21:34:00 -07:00
Conrad Lara - KG6JEI c592f44ab0 Sourcecode license text spelling correction.
Inside the source files the word "contained" was mispelled
as "conained"

The website currently lists this correctly as "contained"

This was an error in the intial stamping of the source files in
changeset:5c3ee1d0686c6e6f2907fe4fc393d86d6c5a69b5/aredn_ar71xx

Line is part of "Additional Conditions" permitted by GPLv3.
Line does not impact coders prior to the AREDN setup date
as it was added by the AREDN team.

Change-Id: I3bc09aea548100f35c08aebe8686b8d4808d56d8
Signed-off-by: Conrad Lara - KG6JEI <KG6JEI@amsat.org>
Signed-off-by: Joe Ayers <ae6xe@arrl.net>
Signed-off-by: Darryl Quinn <k5dlq@arrl.net>
Signed-off-by: Trevor Paskett - K7FPV <snoopytjp@gmail.com>
2016-12-30 18:54:05 +00:00
Darryl Quinn 35b8278b34 bugfix: traffic generated from the tun client would not forward thru the server 2016-02-23 13:20:19 -06:00
Conrad Lara - KG6JEI 29ba1c0419 bugfix: Tunnel Firewall: Accept SNMP and default to block on input chain instead of accept 2016-01-21 20:39:59 -08:00
Conrad Lara - KG6JEI 0f837d601a bugfix: Tunnel firewall rules throw a chain does not exist on firewall restart.
This chain may not exist by design of the check.

Redirect the iptables error to /dev/null so it doesn't clog logs
2016-01-16 21:20:22 -08:00
Conrad Lara - KG6JEI 5663741cb1 bugfix: On firewall reload some tunnel rules were not being inserted into the default chains which are flushed on both reload and restart of firewall by OpenWRT fw scripts. 2016-01-16 21:20:22 -08:00
AE6XE 2be20cbde2 bugfix: Tunnel firewall rule chain names are incorrect.
Based on previously reverted commit 646702aab9
2016-01-16 21:20:16 -08:00
AE6XE 06eb7fa688 bugfix: Remove erroneous reference in license header of 01-tunnels script.
Script is a new file created after the split from BBHN and did not use code from a file BBHN worked on.
2016-01-16 19:58:38 -08:00
Conrad Lara - KG6JEI 921967d5f9 Revert "bugfix: resolve bad chain ref and port from hotplug to a firewall include"
This reverts commit 646702aab9.

Needs to be broken up into separate commits and doesn't cleanly fix issue with tunnel firewall
2016-01-16 19:55:20 -08:00
AE6XE 646702aab9 bugfix: resolve bad chain ref and port from hotplug to a firewall include 2016-01-16 13:26:14 -08:00
Conrad Lara - KG6JEI e8b2ffd7ea feature: FirewallIncludes: Migrate tunnel firewal rules to new include format.
These rules setup chains that may be needed by other firewall rules as such we need to set them up early to be sure includes work.
2016-01-09 16:24:54 -08:00
Conrad Lara - KG6JEI 477a20d55a feature: FirewallIncludes: Add program that will auto include firewall rules that are in a set directory.
This is the basis for allowing packages to contain firewall rules that can be just dropped in a folder at install time.
2016-01-09 16:24:45 -08:00
Conrad Lara - KG6JEI b948d97423 Merge SDWG Mesh progress with 1.0.0 BBHN
Includes removing files that are provided by packages instead
of being embedded as binaries.

Changes made for UBNT hardware AND for newer base openwrt (Backfire)
2013-12-02 12:04:54 -08:00