Move essential firewall rules from gluon-firewall to gluon-core and gluon-mesh-batman-adv

The now empty gluon-firewall is removed.

Move essential firewall rules from gluon-firewall to gluon-core and gluon-mesh-batman-adv
16060d25 · Matthias Schiffer · efe81b1c · 16060d25 · 16060d25 · efe81b1c
Commit 16060d25 authored 10 years ago by Matthias Schiffer
--- a/package/gluon-core/Makefile
+++ b/package/gluon-core/Makefile
@@ -12,7 +12,7 @@ define Package/gluon-core
  SECTION:=gluon
  CATEGORY:=Gluon
  TITLE:=Base files of Gluon
-  DEPENDS:=+gluon-config +lua-platform-info +luci-lib-core +odhcp6c
+  DEPENDS:=+gluon-config +lua-platform-info +luci-lib-core +odhcp6c +firewall
 endef

 define Package/gluon-core/description

--- a/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
+++ b/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
@@ -26,16 +26,5 @@ c:section('firewall', 'rule', 'wan_ssh',
 	  }
 )

-
-c:section('firewall', 'rule', 'client_dns',
-	  {
-		  name = 'client_dns',
-		  src = 'client',
-		  dest_port = '53',
-		  target = 'REJECT',
-	  }
-)
-
-
 c:save('firewall')
 c:commit('firewall')
--- a/package/gluon-firewall/Makefile
+++ b/package/gluon-firewall/Makefile
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=gluon-firewall
-PKG_VERSION:=1
-
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/gluon-firewall
-  SECTION:=gluon
-  CATEGORY:=Gluon
-  TITLE:=Restrictive firewall rules
-  DEPENDS:=+gluon-core +firewall
-endef
-
-define Package/gluon-firewall/description
-	Gluon community wifi mesh firmware framework:
-	Firewall rules which try to ensure a node can't be abused
-	(e.g. for DNS amplification attacks)
-endef
-
-define Build/Prepare
-	mkdir -p $(PKG_BUILD_DIR)
-endef
-
-define Build/Configure
-endef
-
-define Build/Compile
-endef
-
-define Package/gluon-firewall/install
-	$(CP) ./files/* $(1)/
-endef
-
-$(eval $(call BuildPackage,gluon-firewall))
--- a/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
+++ b/package/gluon-mesh-batman-adv/files/lib/gluon/upgrade/mesh-batman-adv/invariant/011-mesh
@@ -31,6 +31,7 @@ uci:section('network', 'interface', 'bat0',
 uci:save('network')
 uci:commit('network')

+
 uci:delete('firewall', 'client')
 uci:section('firewall', 'zone', 'client',
 	    {
@@ -41,9 +42,20 @@ uci:section('firewall', 'zone', 'client',
 		    forward = 'REJECT',
 	    }
 )
+
+c:section('firewall', 'rule', 'client_dns',
+	  {
+		  name = 'client_dns',
+		  src = 'client',
+		  dest_port = '53',
+		  target = 'REJECT',
+	  }
+)
+
 uci:save('firewall')
 uci:commit('firewall')

+
 local dnsmasq = uci:get_first('dhcp', 'dnsmasq')
 uci:set('dhcp', dnsmasq, 'boguspriv', 0)
 uci:set('dhcp', dnsmasq, 'localise_queries', 0)