gluon-core: firewall: Allow custom gluon_wired interfaces (#2041)

This allows for multiple mesh legs out of one box. Useful for offloaders and networks using vlan for separate mesh transport. Custom mesh interfaces in a VXLAN domain are otherwise firewalled. This fixes #1479

gluon-core: firewall: Allow custom gluon_wired interfaces (#2041)
ed094bc6 · Jan-Jonas Sämann · GitHub · 97e5434b · ed094bc6
Unverified Commit ed094bc6 authored 4 years ago by Jan-Jonas Sämann Committed by GitHub 4 years ago
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules
@@ -80,9 +80,18 @@ for _, zone in ipairs({ 'wan', 'local_client', 'mesh' }) do
 end


-- We can't put mesh_wan into this zone, as mesh_wan is the same
-- interface as wan, which has its own zone
-uci:set('firewall', 'wired_mesh', 'network', {'mesh_lan'})
+local wired_mesh_ifaces = {}
+uci:foreach('network', 'interface',
+	function(iface)
+		-- Select all interfaces with proto gluon_wired except for
+		-- mesh_wan into this zone, as mesh_wan is the same
+		-- interface as wan, which has its own zone
+		if iface['proto'] == 'gluon_wired' and iface['.name'] ~= 'mesh_wan' then
+			table.insert(wired_mesh_ifaces, iface['.name'])
+		end
+	end
+)
+uci:set('firewall', 'wired_mesh', 'network', wired_mesh_ifaces)

 -- VXLAN for wired meshing
 for _, zone in ipairs({'wired_mesh', 'wan'}) do