Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#!/usr/bin/lua
local uci = require('simple-uci').cursor()
local site = require "gluon.site"
uci:section('firewall', 'zone', 'l3roamd', {
name = 'l3roamd',
input = 'ACCEPT',
output = 'ACCEPT',
forward = 'REJECT',
device = 'l3roam+',
log = '1',
})
uci:section('firewall', 'zone', 'mmfd', {
name = 'mmfd',
input = 'REJECT',
output = 'accept',
forward = 'REJECT',
device = 'mmfd+',
log = '1',
})
-- forwardings and respective rules
uci:section('firewall', 'forwarding', 'fcc', {
src = 'local_client',
dest = 'local_client',
})
uci:section('firewall', 'forwarding', 'fcm', {
src = 'local_client',
dest = 'mesh',
})
uci:section('firewall', 'forwarding', 'fmc', {
src = 'mesh',
dest = 'local_client',
})
uci:section('firewall', 'forwarding', 'fmm', {
src = 'mesh',
dest = 'mesh',
})
uci:section('firewall', 'forwarding', 'flc', {
src = 'l3roamd',
dest = 'local_client',
})
uci:section('firewall', 'forwarding', 'fcl', {
src = 'local_client',
dest = 'l3roamd',
})
uci:section('firewall', 'rule', 'mesh_respondd_mcast_ll', {
src = 'mesh',
src_ip = 'fe80::/64' ,
dest_port = '1001',
proto = 'udp',
target = 'ACCEPT',
})
uci:section('firewall', 'rule', 'mesh_respondd_mcast2', {
src = 'mesh',
src_ip = site.node_prefix6(),
dest_port = '1001',
proto = 'udp',
target = 'ACCEPT',
})
uci:section('firewall', 'rule', 'mmfd_respondd_ll', {
src = 'mmfd',
src_ip = 'fe80::/64',
dest_port = '1001',
proto = 'udp',
target = 'ACCEPT',
})
uci:section('firewall', 'rule', 'mmfd_respondd_mesh', {
src = 'mmfd',
src_ip = site.node_prefix6(),
dest_port = '1001',
proto = 'udp',
target = 'ACCEPT',
})
uci:section('firewall', 'rule', 'mesh_mmfd', {
src = 'mesh',
src_ip = 'fe80::/64',
dest_port = '27275',
proto = 'udp',
target = 'ACCEPT',
})
uci:section('firewall', 'rule', 'mesh_babel', {
src = 'mesh',
src_ip = 'fe80::/64',
dest_port = '6696',
proto = 'udp',
target = 'ACCEPT',
})
uci:save('firewall')