diff options
| author | Rosen Penev <rosenp@gmail.com> | 2019-03-26 18:11:23 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-26 18:11:23 -0700 |
| commit | d0b67d72a5a3661e299838b545e440d79275dc2f (patch) | |
| tree | 7b2eabc8c706cbda5d5d2bb6bf0045ca7bfbed17 /net/coova-chilli/files | |
| parent | b14087e53c158406e84b20603079259afe47078c (diff) | |
| parent | 272d234c0ad3416ab52a680fae297152eb689eb5 (diff) | |
Merge pull request #4911 from aleksander0m/coova-chili-fw-fix
net/coova-chili: update default firewall setup
Diffstat (limited to 'net/coova-chilli/files')
| -rw-r--r-- | net/coova-chilli/files/chilli.config | 8 | ||||
| -rw-r--r-- | net/coova-chilli/files/chilli.firewall | 41 |
2 files changed, 4 insertions, 45 deletions
diff --git a/net/coova-chilli/files/chilli.config b/net/coova-chilli/files/chilli.config index 4c037c62d..41ee6cd26 100644 --- a/net/coova-chilli/files/chilli.config +++ b/net/coova-chilli/files/chilli.config @@ -71,14 +71,14 @@ config chilli # Script executed after network interface has been brought up. # Executed with the following parameters: <devicename> <ip address> # <mask> - # Normally you do not need to uncomment this option. - #option ipup /etc/chilli.ipup + # Normally you do not need to modify this option. + option ipup /etc/chilli/up.sh # Script executed after network interface has been taken down. # Executed with the following parameters: <devicename> <ip address> # <mask> - # Normally you do not need to uncomment this option. - #option ipdown /etc/chilli.ipdown + # Normally you do not need to modify this option. + option ipdown /etc/chilli/down.sh # Radius parameters diff --git a/net/coova-chilli/files/chilli.firewall b/net/coova-chilli/files/chilli.firewall deleted file mode 100644 index a5b1d001e..000000000 --- a/net/coova-chilli/files/chilli.firewall +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh - -chilli_firewall() { - local cfg="$1" - - local network ifname tun - - config_get network "$cfg" network - - . /lib/functions/network.sh - network_get_device ifname ${network:-lan} - - if [ "$ifname" = "" ] - then - config_get ifname "$cfg" dhcpif - fi - - config_get tun "$cfg" tundev - - for n in ACCEPT DROP REJECT - do - iptables -F zone_${network}_${n} - iptables -I zone_${network}_${n} -i $tun -j $n - iptables -I zone_${network}_${n} -o $tun -j $n - done - - iptables -D forward -i ${ifname} -j zone_${network}_forward - iptables -A forward -i ${ifname} -j DROP - iptables -A forward -i $tun -j zone_${network}_forward - - iptables -D input -i ${ifname} -j zone_${network} - iptables -A input -i $tun -j zone_${network} - - iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT - iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT -} - -chilli_post_core_cb() { - config_load chilli - config_foreach chilli_firewall chilli -} |