From 5bb4316f717b498c56bfe4c0fbc5842c9035a20a Mon Sep 17 00:00:00 2001
From: Jan-Philipp Litza <janphilipp@litza.de>
Date: Tue, 2 Feb 2016 13:03:41 +0100
Subject: [PATCH] gluon-neighbour-info: Open firewall on WAN for respondd
 replies

If the query was via multicast, the response isn't matched by
--state ESTABLISHED,RELATED

This fixes #619
---
 package/gluon-neighbour-info/Makefile         |  2 ++
 .../gluon/upgrade/400-neighbour-info-firewall | 20 +++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100755 package/gluon-neighbour-info/files/lib/gluon/upgrade/400-neighbour-info-firewall

diff --git a/package/gluon-neighbour-info/Makefile b/package/gluon-neighbour-info/Makefile
index 74aa6e8f0..63586920b 100644
--- a/package/gluon-neighbour-info/Makefile
+++ b/package/gluon-neighbour-info/Makefile
@@ -32,6 +32,8 @@ define Build/Compile
 endef
 
 define Package/gluon-neighbour-info/install
+	$(CP) ./files/* $(1)/
+
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/gluon-neighbour-info $(1)/usr/bin/
 endef
diff --git a/package/gluon-neighbour-info/files/lib/gluon/upgrade/400-neighbour-info-firewall b/package/gluon-neighbour-info/files/lib/gluon/upgrade/400-neighbour-info-firewall
new file mode 100755
index 000000000..a6d7f4908
--- /dev/null
+++ b/package/gluon-neighbour-info/files/lib/gluon/upgrade/400-neighbour-info-firewall
@@ -0,0 +1,20 @@
+#!/usr/bin/lua
+
+local uci = require('luci.model.uci').cursor()
+
+-- Allow incoming respondd replies to queries on WAN
+-- If the query was via multicast, the response isn't matched by --state RELATED
+uci:section('firewall', 'rule', 'wan_respondd_reply',
+  {
+    name = 'wan_respondd_reply',
+    src = 'wan',
+    src_ip = 'fe80::/64',
+    src_port = '1001',
+    dest_port = '32768:61000', -- see /proc/sys/net/ipv4/ip_local_port_range
+    proto = 'udp',
+    target = 'ACCEPT',
+  }
+)
+
+uci:save('firewall')
+uci:commit('firewall')
-- 
GitLab