From 0cf6fade94a46d19aae7cc5732948483a1b23670 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Thu, 16 Jun 2022 19:05:26 +0200
Subject: [PATCH] gluon-mmfd: add firewall rules

---
 .../lib/gluon/upgrade/310-gluon-mmfd-firewall | 55 +++++++++++++++++++
 .../gluon/upgrade/430-gluon-mmfd-interface    | 11 ++++
 2 files changed, 66 insertions(+)
 create mode 100755 package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall
 create mode 100755 package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface

diff --git a/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall
new file mode 100755
index 000000000..5b533809a
--- /dev/null
+++ b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall
@@ -0,0 +1,55 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+local site = require "gluon.site"
+
+uci:section('firewall', 'zone', 'mmfd', {
+	name = 'mmfd',
+	input = 'REJECT',
+	output = 'accept',
+	forward = 'REJECT',
+	device = 'mmfd+',
+	log = '1',
+})
+
+uci:section('firewall', 'rule',  'mesh_mmfd', {
+	src = 'mesh',
+	src_ip = 'fe80::/64',
+	dest_port = '27275',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
+	src = 'mesh',
+	src_ip = 'fe80::/64' ,
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast2', {
+	src = 'mesh',
+	src_ip = site.node_prefix6() or site.prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_ll', {
+	src = 'mmfd',
+	src_ip = 'fe80::/64',
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_mesh', {
+	src = 'mmfd',
+	src_ip = site.node_prefix6() or site.prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:save('firewall')
diff --git a/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface
new file mode 100755
index 000000000..8e500d16a
--- /dev/null
+++ b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface
@@ -0,0 +1,11 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+uci:section('network', 'interface', 'mmfd', {
+	proto = 'static',
+	ifname = 'mmfd0',
+	ip6addr = 'fe80::1/64'
+})
+
+uci:save('network')
-- 
GitLab