diff options
Diffstat (limited to 'contrib/package/freifunk-firewall')
3 files changed, 0 insertions, 158 deletions
diff --git a/contrib/package/freifunk-firewall/Makefile b/contrib/package/freifunk-firewall/Makefile deleted file mode 100644 index b9d328c66..000000000 --- a/contrib/package/freifunk-firewall/Makefile +++ /dev/null @@ -1,53 +0,0 @@ -# -# Copyright (C) 2009 Jo-Philipp Wich <jow@openwrt.org> -# -# This is free software, licensed under the Apache 2.0 license. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=freifunk-firewall -PKG_RELEASE:=3 - -PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) - -include $(INCLUDE_DIR)/package.mk - -define Package/freifunk-firewall - SECTION:=luci - CATEGORY:=LuCI - SUBMENU:=9. Freifunk - TITLE:=Freifunk Firewall Addon - DEPENDS:=+firewall -endef - -define Package/freifunk-firewall/description - Various firewall extensions for Freifunk. Includes NAT fixes and advanced settings. -endef - -define Build/Prepare - mkdir -p $(PKG_BUILD_DIR) -endef - -define Build/Configure -endef - -define Build/Compile -endef - -define Package/freifunk-firewall/postinst -#!/bin/sh -[ -n "$${IPKG_INSTROOT}" ] || { - if ! grep -q /etc/firewall.freifunk /etc/config/firewall; then - uci add firewall include >/dev/null - uci set firewall.@include[-1].path=/etc/firewall.freifunk - uci commit firewall - fi -} -endef - -define Package/freifunk-firewall/install - $(CP) ./files/* $(1)/ -endef - -$(eval $(call BuildPackage,freifunk-firewall)) diff --git a/contrib/package/freifunk-firewall/files/etc/firewall.freifunk b/contrib/package/freifunk-firewall/files/etc/firewall.freifunk deleted file mode 100644 index d2805f668..000000000 --- a/contrib/package/freifunk-firewall/files/etc/firewall.freifunk +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -# Freifunk Firewall addons - -. /lib/functions.sh - -# -# Apply advanced settings -# -apply_advanced() { - local tcp_ecn - local tcp_window_scaling - local accept_redirects - local accept_source_route - - config_get_bool tcp_ecn $1 tcp_ecn 1 - config_get_bool tcp_window_scaling $1 tcp_window_scaling 1 - config_get_bool accept_redirects $1 accept_redirects 0 - config_get_bool accept_source_route $1 accept_source_route 0 - - logger -t firewall.freifunk "tcp_ecn is $tcp_ecn" - logger -t firewall.freifunk "tcp_window_scaling is $tcp_window_scaling" - logger -t firewall.freifunk "accept_redirects is $accept_redirects" - logger -t firewall.freifunk "accept_source_route is $accept_source_route" - - sysctl -w net.ipv4.tcp_ecn=$tcp_ecn >/dev/null - sysctl -w net.ipv4.tcp_window_scaling=$tcp_window_scaling >/dev/null - - for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do - echo $accept_redirects > $f - done - - for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do - echo $accept_source_route > $f - done -} - -config_foreach apply_advanced advanced - -[ -x /etc/init.d/freifunk-p2pblock ] && /etc/init.d/freifunk-p2pblock enabled && \ - ( sleep 3; /etc/init.d/freifunk-p2pblock restart )& diff --git a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan deleted file mode 100644 index e71c852df..000000000 --- a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -clear_restricted_gw() -{ - local state="$1" - local iface - local ifname - local subnet - - config_get iface "$state" iface - - if [ "$iface" = "$INTERFACE" ]; then - config_get ifname "$state" ifname - config_get subnet "$state" subnet - - logger -t firewall.freifunk "removing local restriction to the network connected to $ifname ($iface)" - iptables -D forwarding_freifunk_rule -o $ifname -d $subnet -j REJECT --reject-with icmp-host-prohibited - uci_revert_state firewall "$state" - fi -} - -get_enabled() -{ - local name - config_get name "$1" name - - if [ "$name" = "$ZONE" ]; then - config_get_bool local_restrict "$1" local_restrict - fi -} - -if [ "$ACTION" = add ]; then - local enabled - local subnet - - . /lib/functions/network.sh - - network_find_wan wan - - [ "$INTERFACE" = "$wan" ] || return 0 - - network_get_subnet subnet $INTERFACE - - if [ -n "$subnet" ]; then - config_load firewall - - local_restrict=0 - config_foreach get_enabled zone - - if [ "$local_restrict" = 1 ]; then - logger -t firewall.freifunk "restricting local access to the network connected to $INTERFACE ($DEVICE)" - iptables -I forwarding_freifunk_rule -o $DEVICE -d $subnet -j REJECT --reject-with icmp-host-prohibited - local state="restricted_gw_${INTERFACE}" - uci_set_state firewall "$state" "" restricted_gw_state - uci_set_state firewall "$state" iface "$INTERFACE" - uci_set_state firewall "$state" ifname "$DEVICE" - uci_set_state firewall "$state" subnet "$subnet" - fi - fi - -elif [ "$ACTION" = remove ]; then - config_load firewall - config_foreach clear_restricted_gw restricted_gw_state -fi - |