Coova Chilli creates "undo" firewall scripts that are intended to be run
when the daemon is shut down. Failure to do so results in leftover
entries in firewall and duplicated ones if chilli is subsequently
restarted.
Execute these scripts when the service stops.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Coova Chilli will fail to start if e.g. it cannot resolve names in its
configuration (like uamserver, radiusserver, etc) which is typically the
case when wan is unavailable. Prevent this situation by delaying startup
if wan is not available.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
isc-dhcp uses system ar tool so build fails on Darwin build host.
Embedded bind lib uses system ar and ranlib tools and fails on Darwin
This patch explicitly specifies ar and ranlib tools for target build
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Backported upstream pending pull request to fix following error:
CMake Error at /foo/staging_dir/host/share/cmake-3.19/Modules/FindPackageHandleStandardArgs.cmake:218 (message):
Could NOT find CURSES (missing: CURSES_LIBRARY)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Declare the nftables variant as the DEFAULT_VARIANT
as nftables firewall4 is the now default in OpenWrt.
Additionally,
* toggle CONFLICTS placement to avoid circular dependency warning
* use AUTORELEASE
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Maintainer: me
Build system: Arch Linux x86_64
Build tested: ipq806x/R7800
Run tested : ipq806x/R7800
Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
Add flag "--lookup-default-namespace" to signal that wg-installer should
look already established wireguard sessions in the default namespace.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This commit removes iptables backend support and leaves only the
netfilter backend support. This means that:
- iptables and nftables firewall based systems (firewall3 and firewall
4) are supported trough the netfilter instance mode
- the iptables/xtables mode support is disabled
For more information on the modes and how to use the new netfilter
instance checkout https://www.jool.mx/en/intro-jool.html
This move is made out of the commit upstream that sets firewall4 as the
default for new default buils and based on the conversation in #16818
and was decided that the netfilter interface is the priority since
iptables support will be dropped in the foreseeable future.
While at it update the templates provided.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
libreswan makefile detects macos (darwin) and changes build logic
but OpenWrt is always Linux so it is required to specify linux as
target platfrom
This patch specifies Linux as a target platfrom
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
crowdsec rename the binary from crowdsec-firewall-bouncer to cs-firewall-bouncer
the initd need the correct binary name to start the process
the link for github source need also to be fixed (only the information one)
fix the BuildDate
updated copyright
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
Check if a peer is already existing with a given public key. Introduce a
response code for signaling why the server rejected the request.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Use shellcheck to rework the code. Use "export" to return variables from
a function call. Further, fix typos.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* bump to 4.7.0
* enable DNS over TLS (uses libssl which was already a dependency)
* add libcurl dependency for new zone-to-cache feature.
Co-Authored-By: wout@wbnet.eu
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Latest Apple clang (v13) defines __cplusplus=199711 by default, but
protobuf requires at least 201103 (c++11)
Backported patch to fix c++ detection:
30fe936a88
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Version 1.0.1 brought the following changes:
[v1.0.1] - 2021-11-26
Primarily fixes a few issues in the kernel module that were found
during a quick review from Russell King:
https://lore.kernel.org/netdev/YYPThd7aX+TBWslz@shell.armlinux.org.uk/https://lore.kernel.org/netdev/YYPU1gOvUPa00JWg@shell.armlinux.org.uk/
- mdio: The mvls subcommand now supports flushing the ATU
- mdio-netlink: Plug some glaring holes around integer overflows of
the PC.
- mdio-netlink: Release reference to MDIO bus after a transaction
completes.
So, update to the latest version and switch the kernel module back
to fetching tarballs like the userspace tool does.
Signed-off-by: Robert Marko <robimarko@gmail.com>
* Updating i2pd package to 2.40.0
* Rewrite Makefile
* Remove usage of PKG_INSTALL (package's make install)
* Rewrite init.rc configuration and script
* Remove '--service' option from init, which only sets datadir to /var/lib/i2pd
* Use '--datadir' option in init, otherwise datadir changing via uci is not works
* Update patch for i2pd.conf
Signed-off-by: R4SAS I2P <r4sas@i2pmail.org>
When ModemManager is started on boot we may end up with hotplug events
reported directly to the daemon, plus some others already cached in
the cache file before the daemon was started.
If the cached events correspond to the same device that is still
notifying ports directly, we may end up with a modem object created
before the cached events have been emitted, so the modem may not
handle all control/data ports it should.
E.g.:
- modem detected
- hotplug event for wwan0 port, cached as MM not running
- hotplug event for cdc-wdm0 port, cached as MM not running
- hotplug event for ttyUSB0, cached as MM not running
- MM starts
- hotplug event for ttyUSB1, directly processed as MM is running
- hotplug event for ttyUSB2, directly processed as MM is running
- modem object created with ttyUSB1 and ttyUSB2
- 2s after MM starts, cached events for wwan0, cdc-wdm0 and ttyUSB0
happen, but are ignored because the modem object has already been
created
MM expects that ports of the same device are reported with less than
1500ms in between ports. In other words, if ports are reported more
than 1500ms after the last reported port, they may get ignored.
If we remove the 2s timeout, the report of the cached events will
happen as soon as MM starts, which makes it much more likely to happen
in the timeslot that MM expects for ports of the same device reported.
The logic is still not perfect, and we may also need to increase that
1500ms timeout inside MM, but removing the 2s timeout right away here
makes sense.
This 2s timeout was introduced along with the new wrapper launcher for
the daemon, it didn't exist before.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
This commit adds support for starting and running jool through init
scripts, with default config files as examples.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>