LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25146 Commits
1 Branch
46 MiB
Tree: 50500bddda
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '50500bddda'
${ noResults }
openwrt-packages-dist/net/fwknop/files/fwknopd

25 lines
805 B
Raw Normal View History

Fwknop: add flexibility to uci support Styling cleanups signed-off-by: Jonathan Bennett <jbennett@incomsystems.biz>
10 years ago
fwknop: Add start-up dependency on network interface for fwknopd. Added new "network" section with option "network", which takes network interface name. The start-up is migrated to use procd and depend either on the "network" interface (after resolving it to a physical device), or on the PCAP_INTF option from "config" section (usual place for raw interface name for fwknopd). When the uci_enabled option is disabled, the value of PCAP_INTF is taken from the user-provided fwknopd.conf. Also fixed UCI_ENABLED variable evaluation. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
7 years ago
fwknopd: More reliable network dependency Two issues: 1. The fwknopd init script did not handle unprepared logical networks. This is fixed by A) not defining instance for procd when the physical interface is unknown, and B) by watching the logical network for changes. 2. When using PPPoE, there are two physical interfaces -- one for raw PPPoE communication and one for wrapped communication. The function network_get_physdev returns the physical device, while the function network_get_device returns the wrapped one -- we shall use the wrapped interface. Usually (for non-wrapped interfaces) the physdev and device are the same, also other network scripts use the latter function. Both issues found by and thanks are going to @lucize. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
7 years ago
fwknop: Add start-up dependency on network interface for fwknopd. Added new "network" section with option "network", which takes network interface name. The start-up is migrated to use procd and depend either on the "network" interface (after resolving it to a physical device), or on the PCAP_INTF option from "config" section (usual place for raw interface name for fwknopd). When the uci_enabled option is disabled, the value of PCAP_INTF is taken from the user-provided fwknopd.conf. Also fixed UCI_ENABLED variable evaluation. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
7 years ago
Fwknop: add flexibility to uci support Styling cleanups signed-off-by: Jonathan Bennett <jbennett@incomsystems.biz>
10 years ago
fwknop: Use sensible defaults. * Change KEY/HMAC_KEY to __CHANGEME__, which is rejected by fwknopd during start-up. The value CHANGEME is used only by LuCI package luci-app-fwknopd - pull request for generating keys directly from LuCI has been created already. * Add sensible defaults for ENABLE_IPT_FORWARDING and ENABLE_NAT_DNS, which both are/were set by luci-app-fwknopd. Move the defaults here. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
4 years ago
Fwknop: add flexibility to uci support Styling cleanups signed-off-by: Jonathan Bennett <jbennett@incomsystems.biz>
10 years ago
fwknopd: More reliable network dependency Two issues: 1. The fwknopd init script did not handle unprepared logical networks. This is fixed by A) not defining instance for procd when the physical interface is unknown, and B) by watching the logical network for changes. 2. When using PPPoE, there are two physical interfaces -- one for raw PPPoE communication and one for wrapped communication. The function network_get_physdev returns the physical device, while the function network_get_device returns the wrapped one -- we shall use the wrapped interface. Usually (for non-wrapped interfaces) the physdev and device are the same, also other network scripts use the latter function. Both issues found by and thanks are going to @lucize. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
7 years ago
fwknop: Use sensible defaults. * Change KEY/HMAC_KEY to __CHANGEME__, which is rejected by fwknopd during start-up. The value CHANGEME is used only by LuCI package luci-app-fwknopd - pull request for generating keys directly from LuCI has been created already. * Add sensible defaults for ENABLE_IPT_FORWARDING and ENABLE_NAT_DNS, which both are/were set by luci-app-fwknopd. Move the defaults here. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
4 years ago
 
  1. config global
  2. #	option uci_enabled '1'
  3. 

  4. config network
  5. 	# Logical network dependency, fully tracked, fwknopd gets restarted when
  6. 	# necessary. Specifying network takes precedence over config.PCAP_INTF
  7. #	option network 'wan'
  8. 

  9. config access
  10. 	option SOURCE 'ANY'
  11. 	option HMAC_KEY '__CHANGEME__'
  12. 	option KEY '__CHANGEME__'
  13. 

  14. config config
  15. 	# Alternative direct physical interface definition, but untracked - you
  16. 	# are on your own to correctly start/stop the service when needed
  17. #	option PCAP_INTF 'eth0'
  18. 

  19. 	# Allow SPA clients to request access to services through an iptables
  20. 	# firewall instead of just to it (i.e. access through the FWKNOP_FORWARD
  21. 	# chain instead of the INPUT chain
  22. 	option ENABLE_IPT_FORWARDING 'Y'
  23. 

  24. 	# Allow fwknopd to resolve hostnames in NAT access messages
  25. 	option ENABLE_NAT_DNS 'Y'