summaryrefslogtreecommitdiffhomepage
path: root/contrib/package/freifunk-firewall/files
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/package/freifunk-firewall/files')
-rw-r--r--contrib/package/freifunk-firewall/files/etc/firewall.freifunk40
-rw-r--r--contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan65
2 files changed, 0 insertions, 105 deletions
diff --git a/contrib/package/freifunk-firewall/files/etc/firewall.freifunk b/contrib/package/freifunk-firewall/files/etc/firewall.freifunk
deleted file mode 100644
index d2805f668c..0000000000
--- a/contrib/package/freifunk-firewall/files/etc/firewall.freifunk
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-# Freifunk Firewall addons
-
-. /lib/functions.sh
-
-#
-# Apply advanced settings
-#
-apply_advanced() {
- local tcp_ecn
- local tcp_window_scaling
- local accept_redirects
- local accept_source_route
-
- config_get_bool tcp_ecn $1 tcp_ecn 1
- config_get_bool tcp_window_scaling $1 tcp_window_scaling 1
- config_get_bool accept_redirects $1 accept_redirects 0
- config_get_bool accept_source_route $1 accept_source_route 0
-
- logger -t firewall.freifunk "tcp_ecn is $tcp_ecn"
- logger -t firewall.freifunk "tcp_window_scaling is $tcp_window_scaling"
- logger -t firewall.freifunk "accept_redirects is $accept_redirects"
- logger -t firewall.freifunk "accept_source_route is $accept_source_route"
-
- sysctl -w net.ipv4.tcp_ecn=$tcp_ecn >/dev/null
- sysctl -w net.ipv4.tcp_window_scaling=$tcp_window_scaling >/dev/null
-
- for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
- echo $accept_redirects > $f
- done
-
- for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
- echo $accept_source_route > $f
- done
-}
-
-config_foreach apply_advanced advanced
-
-[ -x /etc/init.d/freifunk-p2pblock ] && /etc/init.d/freifunk-p2pblock enabled && \
- ( sleep 3; /etc/init.d/freifunk-p2pblock restart )&
diff --git a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
deleted file mode 100644
index e71c852dfd..0000000000
--- a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-clear_restricted_gw()
-{
- local state="$1"
- local iface
- local ifname
- local subnet
-
- config_get iface "$state" iface
-
- if [ "$iface" = "$INTERFACE" ]; then
- config_get ifname "$state" ifname
- config_get subnet "$state" subnet
-
- logger -t firewall.freifunk "removing local restriction to the network connected to $ifname ($iface)"
- iptables -D forwarding_freifunk_rule -o $ifname -d $subnet -j REJECT --reject-with icmp-host-prohibited
- uci_revert_state firewall "$state"
- fi
-}
-
-get_enabled()
-{
- local name
- config_get name "$1" name
-
- if [ "$name" = "$ZONE" ]; then
- config_get_bool local_restrict "$1" local_restrict
- fi
-}
-
-if [ "$ACTION" = add ]; then
- local enabled
- local subnet
-
- . /lib/functions/network.sh
-
- network_find_wan wan
-
- [ "$INTERFACE" = "$wan" ] || return 0
-
- network_get_subnet subnet $INTERFACE
-
- if [ -n "$subnet" ]; then
- config_load firewall
-
- local_restrict=0
- config_foreach get_enabled zone
-
- if [ "$local_restrict" = 1 ]; then
- logger -t firewall.freifunk "restricting local access to the network connected to $INTERFACE ($DEVICE)"
- iptables -I forwarding_freifunk_rule -o $DEVICE -d $subnet -j REJECT --reject-with icmp-host-prohibited
- local state="restricted_gw_${INTERFACE}"
- uci_set_state firewall "$state" "" restricted_gw_state
- uci_set_state firewall "$state" iface "$INTERFACE"
- uci_set_state firewall "$state" ifname "$DEVICE"
- uci_set_state firewall "$state" subnet "$subnet"
- fi
- fi
-
-elif [ "$ACTION" = remove ]; then
- config_load firewall
- config_foreach clear_restricted_gw restricted_gw_state
-fi
-