diff options
Diffstat (limited to 'contrib/package/freifunk-firewall/files')
-rw-r--r-- | contrib/package/freifunk-firewall/files/etc/firewall.freifunk | 40 | ||||
-rw-r--r-- | contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan | 65 |
2 files changed, 0 insertions, 105 deletions
diff --git a/contrib/package/freifunk-firewall/files/etc/firewall.freifunk b/contrib/package/freifunk-firewall/files/etc/firewall.freifunk deleted file mode 100644 index d2805f668c..0000000000 --- a/contrib/package/freifunk-firewall/files/etc/firewall.freifunk +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -# Freifunk Firewall addons - -. /lib/functions.sh - -# -# Apply advanced settings -# -apply_advanced() { - local tcp_ecn - local tcp_window_scaling - local accept_redirects - local accept_source_route - - config_get_bool tcp_ecn $1 tcp_ecn 1 - config_get_bool tcp_window_scaling $1 tcp_window_scaling 1 - config_get_bool accept_redirects $1 accept_redirects 0 - config_get_bool accept_source_route $1 accept_source_route 0 - - logger -t firewall.freifunk "tcp_ecn is $tcp_ecn" - logger -t firewall.freifunk "tcp_window_scaling is $tcp_window_scaling" - logger -t firewall.freifunk "accept_redirects is $accept_redirects" - logger -t firewall.freifunk "accept_source_route is $accept_source_route" - - sysctl -w net.ipv4.tcp_ecn=$tcp_ecn >/dev/null - sysctl -w net.ipv4.tcp_window_scaling=$tcp_window_scaling >/dev/null - - for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do - echo $accept_redirects > $f - done - - for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do - echo $accept_source_route > $f - done -} - -config_foreach apply_advanced advanced - -[ -x /etc/init.d/freifunk-p2pblock ] && /etc/init.d/freifunk-p2pblock enabled && \ - ( sleep 3; /etc/init.d/freifunk-p2pblock restart )& diff --git a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan deleted file mode 100644 index e71c852dfd..0000000000 --- a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -clear_restricted_gw() -{ - local state="$1" - local iface - local ifname - local subnet - - config_get iface "$state" iface - - if [ "$iface" = "$INTERFACE" ]; then - config_get ifname "$state" ifname - config_get subnet "$state" subnet - - logger -t firewall.freifunk "removing local restriction to the network connected to $ifname ($iface)" - iptables -D forwarding_freifunk_rule -o $ifname -d $subnet -j REJECT --reject-with icmp-host-prohibited - uci_revert_state firewall "$state" - fi -} - -get_enabled() -{ - local name - config_get name "$1" name - - if [ "$name" = "$ZONE" ]; then - config_get_bool local_restrict "$1" local_restrict - fi -} - -if [ "$ACTION" = add ]; then - local enabled - local subnet - - . /lib/functions/network.sh - - network_find_wan wan - - [ "$INTERFACE" = "$wan" ] || return 0 - - network_get_subnet subnet $INTERFACE - - if [ -n "$subnet" ]; then - config_load firewall - - local_restrict=0 - config_foreach get_enabled zone - - if [ "$local_restrict" = 1 ]; then - logger -t firewall.freifunk "restricting local access to the network connected to $INTERFACE ($DEVICE)" - iptables -I forwarding_freifunk_rule -o $DEVICE -d $subnet -j REJECT --reject-with icmp-host-prohibited - local state="restricted_gw_${INTERFACE}" - uci_set_state firewall "$state" "" restricted_gw_state - uci_set_state firewall "$state" iface "$INTERFACE" - uci_set_state firewall "$state" ifname "$DEVICE" - uci_set_state firewall "$state" subnet "$subnet" - fi - fi - -elif [ "$ACTION" = remove ]; then - config_load firewall - config_foreach clear_restricted_gw restricted_gw_state -fi - |