From aba0a3bc0cc1626bf66df4ff2c3255d1fba7babc Mon Sep 17 00:00:00 2001
From: Daniel Ehlers <danielehlers@mindeye.net>
Date: Tue, 6 May 2014 21:24:04 +0200
Subject: [PATCH] gluon-mesh-batman-adv: Do not ACCEPT incoming packets.

For security reasons we should not accept incoming packets per default
and instead allow specific services on specific interfaces.
---
 .../lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh   | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh b/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
index d48bb684a..6bbf63f69 100755
--- a/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
+++ b/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
@@ -29,13 +29,6 @@ uci_set firewall client input 'ACCEPT'
 uci_set firewall client output 'ACCEPT'
 uci_set firewall client forward 'REJECT'
 
-config_load firewall
-accept_input_on_wan() {
-	config_get name "$1" name
-	[ "$name" = 'wan' ] && uci_set firewall "$1" input 'ACCEPT'
-}
-config_foreach accept_input_on_wan 'zone'
-
 uci_commit firewall
 
 uci_set dhcp '@dnsmasq[0]' boguspriv '0'
-- 
GitLab