diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2018-12-30 20:55:47 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2018-12-30 20:55:47 +0100 |
| commit | a9513fe0df182429380d61b54bf83654256ee73c (patch) | |
| tree | 3fa5a750dbf09faa4c7c91cb765c9c8aca81c213 /inventory/group_vars/dolmetsch-ctl/main.yml | |
| parent | accesspoints: added basic firewall (diff) | |
dolmetsch-ctl basic install works now
Diffstat (limited to 'inventory/group_vars/dolmetsch-ctl/main.yml')
| -rw-r--r-- | inventory/group_vars/dolmetsch-ctl/main.yml | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/inventory/group_vars/dolmetsch-ctl/main.yml b/inventory/group_vars/dolmetsch-ctl/main.yml index d81a141f..8c1ace83 100644 --- a/inventory/group_vars/dolmetsch-ctl/main.yml +++ b/inventory/group_vars/dolmetsch-ctl/main.yml @@ -26,6 +26,8 @@ openwrt_packages_add: - tcpdump-mini - kmod-usb-audio - alsa-lib + - alsa-utils + - alsa-utils-seq openwrt_mixin: @@ -63,10 +65,20 @@ openwrt_mixin: MGMT_IF=$(uci get network.mgmt.ifname) MGMT_IPADDR=$(uci get network.mgmt.ipaddr) MGMT_NETMASK=$(uci get network.mgmt.netmask) + MIXER_IF=br-mixer + MIXER_IPADDR=$(uci get network.mixer.ipaddr) + MIXER_NETMASK=$(uci get network.mixer.netmask) start() { - iptables -A INPUT -i lo -j ACCEPT - iptables -A INPUT -i "$MGMT_IF" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT + iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT + iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT + + iptables -A INPUT -i "$MIXER_IF" -p tcp --dport 22000 -d "$MIXER_IPADDR" -j REJECT --reject-with tcp-reset + iptables -A INPUT -i "$MIXER_IF" -p icmp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT + iptables -A INPUT -i "$MIXER_IF" -p udp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT + iptables -A INPUT -i "$MIXER_IF" -p tcp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT + iptables -A INPUT -i "$MIXER_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -P INPUT DROP iptables -P FORWARD DROP } @@ -133,3 +145,5 @@ openwrt_uci: proto: static ipaddr: "{{ network_mixer_zone.prefix | ipaddr(network_mixer_zone.offsets[inventory_hostname]) | ipaddr('address') }}" netmask: "{{ network_mixer_zone.prefix | ipaddr('netmask') }}" + gateway: "{{ network_mixer_zone.gw }}" + dns: "{{ network_mixer_zone.dns }}" |