diff options
| -rw-r--r-- | inventory/group_vars/accesspoints/main.yml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/inventory/group_vars/accesspoints/main.yml b/inventory/group_vars/accesspoints/main.yml index 79d0ec75..632e7e95 100644 --- a/inventory/group_vars/accesspoints/main.yml +++ b/inventory/group_vars/accesspoints/main.yml @@ -97,6 +97,37 @@ openwrt_mixin: /etc/htoprc: file: "{{ global_files_dir }}/common/htoprc" + /etc/rc.d/S22network-fw: + link: "../init.d/network-fw" + + /etc/rc.d/K91network-fw: + link: "../init.d/network-fw" + + /etc/init.d/network-fw: + mode: "0755" + content: | + #!/bin/sh /etc/rc.common + + START=22 + STOP=91 + + MGMT_IF=$(uci get network.mgmt.ifname) + MGMT_IPADDR=$(uci get network.mgmt.ipaddr) + MGMT_NETMASK=$(uci get network.mgmt.netmask) + + start() { + iptables -A INPUT -i lo -j ACCEPT + iptables -A INPUT -i "$MGMT_IF" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT + iptables -P INPUT DROP + iptables -P FORWARD DROP + } + + stop() { + iptables -P INPUT ACCEPT + iptables -F INPUT + iptables -P FORWARD ACCEPT + } + openwrt_uci: system: |