gluon-mesh-batman-adv: Do not ACCEPT incoming packets.

For security reasons we should not accept incoming packets per default and instead allow specific services on specific interfaces.

gluon-mesh-batman-adv: Do not ACCEPT incoming packets.
aba0a3bc · Daniel Ehlers · Matthias Schiffer · acd60a22 · aba0a3bc
Commit aba0a3bc authored 10 years ago by Daniel Ehlers Committed by Matthias Schiffer 10 years ago
--- a/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
+++ b/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
@@ -29,13 +29,6 @@ uci_set firewall client input 'ACCEPT'
 uci_set firewall client output 'ACCEPT'
 uci_set firewall client forward 'REJECT'

-config_load firewall
-accept_input_on_wan() {
-	config_get name "$1" name
-	[ "$name" = 'wan' ] && uci_set firewall "$1" input 'ACCEPT'
-}
-config_foreach accept_input_on_wan 'zone'
-
 uci_commit firewall

 uci_set dhcp '@dnsmasq[0]' boguspriv '0'