uci:save("wireless")
-- Create firewall zone and add default rules (first time)
- local newzone = tools.firewall_create_zone("freifunk", "DROP", "ACCEPT", "DROP", true)
+ local newzone = tools.firewall_create_zone("freifunk", "REJECT", "ACCEPT", "REJECT", true)
if newzone then
uci:foreach("freifunk", "fw_forwarding", function(section)
uci:section("firewall", "forwarding", nil, section)
uci:foreach(external, "fw_rule", function(section)
uci:section("firewall", "rule", nil, section)
end)
+ end
+
+ -- Enforce firewall include
+ local has_include = false
+ uci:foreach("firewall", "include",
+ function(section)
+ if section.path == "/etc/firewall.freifunk" then
+ has_include = true
+ end
+ end)
+
+ if not has_include then
+ uci:section("firewall", "include", nil,
+ { path = "/etc/firewall.freifunk" })
+ end
- uci:save("firewall")
+ -- Allow state: invalid packets
+ uci:foreach("firewall", "defaults",
+ function(section)
+ uci:set("firewall", section[".name"], "drop_invalid", "0")
+ end)
+
+ -- Prepare advanced config
+ local has_advanced = false
+ uci:foreach("firewall", "advanced",
+ function(section) has_advanced = true end)
+
+ if not has_advanced then
+ uci:section("firewall", "advanced", nil,
+ { tcp_ecn = "0" })
end
+ uci:save("firewall")
+
-- Crate network interface
local netconfig = uci:get_all("freifunk", "interface")
projects / project / luci.git / blobdiff