diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-08 22:43:04 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-08 22:43:04 +0100 |
commit | da8bfbd7a61c805259b3711e9f0981884aca8569 (patch) | |
tree | 2733df83aeca09f2f2f2f0f65f97fcb0b6f23ab0 | |
parent | 170c5f2b6dbe23aa33eb344dd299863f30ae126f (diff) | |
download | ap01-da8bfbd7a61c805259b3711e9f0981884aca8569.tar ap01-da8bfbd7a61c805259b3711e9f0981884aca8569.tar.gz ap01-da8bfbd7a61c805259b3711e9f0981884aca8569.tar.bz2 ap01-da8bfbd7a61c805259b3711e9f0981884aca8569.tar.xz ap01-da8bfbd7a61c805259b3711e9f0981884aca8569.zip |
...
-rw-r--r-- | files/.config | 28 | ||||
-rw-r--r-- | files/files/etc/config/firewall | 16 |
2 files changed, 30 insertions, 14 deletions
diff --git a/files/.config b/files/.config index a5789dc..80044c5 100644 --- a/files/.config +++ b/files/.config | |||
@@ -3967,19 +3967,20 @@ CONFIG_GOLANG_BUILD_CACHE_DIR="" | |||
3967 | # CONFIG_PACKAGE_dkjson is not set | 3967 | # CONFIG_PACKAGE_dkjson is not set |
3968 | # CONFIG_PACKAGE_json4lua is not set | 3968 | # CONFIG_PACKAGE_json4lua is not set |
3969 | # CONFIG_PACKAGE_ldbus is not set | 3969 | # CONFIG_PACKAGE_ldbus is not set |
3970 | # CONFIG_PACKAGE_libiwinfo-lua is not set | 3970 | CONFIG_PACKAGE_libiwinfo-lua=y |
3971 | # CONFIG_PACKAGE_linotify is not set | 3971 | # CONFIG_PACKAGE_linotify is not set |
3972 | # CONFIG_PACKAGE_lpeg is not set | 3972 | # CONFIG_PACKAGE_lpeg is not set |
3973 | # CONFIG_PACKAGE_lsqlite3 is not set | 3973 | # CONFIG_PACKAGE_lsqlite3 is not set |
3974 | # CONFIG_PACKAGE_lua is not set | 3974 | CONFIG_PACKAGE_lua=y |
3975 | # CONFIG_PACKAGE_lua-argparse is not set | 3975 | # CONFIG_PACKAGE_lua-argparse is not set |
3976 | # CONFIG_PACKAGE_lua-bencode is not set | 3976 | # CONFIG_PACKAGE_lua-bencode is not set |
3977 | # CONFIG_PACKAGE_lua-bit32 is not set | 3977 | CONFIG_PACKAGE_lua-bit32=y |
3978 | # CONFIG_PACKAGE_lua-cjson is not set | 3978 | # CONFIG_PACKAGE_lua-cjson is not set |
3979 | # CONFIG_PACKAGE_lua-copas is not set | 3979 | # CONFIG_PACKAGE_lua-copas is not set |
3980 | # CONFIG_PACKAGE_lua-coxpcall is not set | 3980 | # CONFIG_PACKAGE_lua-coxpcall is not set |
3981 | # CONFIG_PACKAGE_lua-curl-v3 is not set | 3981 | # CONFIG_PACKAGE_lua-curl-v3 is not set |
3982 | # CONFIG_PACKAGE_lua-ev is not set | 3982 | # CONFIG_PACKAGE_lua-ev is not set |
3983 | # CONFIG_PACKAGE_lua-examples is not set | ||
3983 | # CONFIG_PACKAGE_lua-libmodbus is not set | 3984 | # CONFIG_PACKAGE_lua-libmodbus is not set |
3984 | # CONFIG_PACKAGE_lua-lzlib is not set | 3985 | # CONFIG_PACKAGE_lua-lzlib is not set |
3985 | # CONFIG_PACKAGE_lua-md5 is not set | 3986 | # CONFIG_PACKAGE_lua-md5 is not set |
@@ -4006,7 +4007,7 @@ CONFIG_GOLANG_BUILD_CACHE_DIR="" | |||
4006 | # CONFIG_PACKAGE_luarocks is not set | 4007 | # CONFIG_PACKAGE_luarocks is not set |
4007 | # CONFIG_PACKAGE_luasec is not set | 4008 | # CONFIG_PACKAGE_luasec is not set |
4008 | # CONFIG_PACKAGE_luasoap is not set | 4009 | # CONFIG_PACKAGE_luasoap is not set |
4009 | # CONFIG_PACKAGE_luasocket is not set | 4010 | CONFIG_PACKAGE_luasocket=y |
4010 | # CONFIG_PACKAGE_luasocket5.3 is not set | 4011 | # CONFIG_PACKAGE_luasocket5.3 is not set |
4011 | # CONFIG_PACKAGE_luasql-mysql is not set | 4012 | # CONFIG_PACKAGE_luasql-mysql is not set |
4012 | # CONFIG_PACKAGE_luasql-pgsql is not set | 4013 | # CONFIG_PACKAGE_luasql-pgsql is not set |
@@ -5092,7 +5093,7 @@ CONFIG_PACKAGE_libjson-c=y | |||
5092 | # CONFIG_PACKAGE_libleptonica is not set | 5093 | # CONFIG_PACKAGE_libleptonica is not set |
5093 | # CONFIG_PACKAGE_libloragw is not set | 5094 | # CONFIG_PACKAGE_libloragw is not set |
5094 | # CONFIG_PACKAGE_libltdl is not set | 5095 | # CONFIG_PACKAGE_libltdl is not set |
5095 | # CONFIG_PACKAGE_liblua is not set | 5096 | CONFIG_PACKAGE_liblua=y |
5096 | # CONFIG_PACKAGE_liblua5.3 is not set | 5097 | # CONFIG_PACKAGE_liblua5.3 is not set |
5097 | # CONFIG_PACKAGE_liblucihttp is not set | 5098 | # CONFIG_PACKAGE_liblucihttp is not set |
5098 | # CONFIG_PACKAGE_liblucihttp-lua is not set | 5099 | # CONFIG_PACKAGE_liblucihttp-lua is not set |
@@ -5263,7 +5264,7 @@ CONFIG_PACKAGE_libss=y | |||
5263 | CONFIG_PACKAGE_libubox=y | 5264 | CONFIG_PACKAGE_libubox=y |
5264 | # CONFIG_PACKAGE_libubox-lua is not set | 5265 | # CONFIG_PACKAGE_libubox-lua is not set |
5265 | CONFIG_PACKAGE_libubus=y | 5266 | CONFIG_PACKAGE_libubus=y |
5266 | # CONFIG_PACKAGE_libubus-lua is not set | 5267 | CONFIG_PACKAGE_libubus-lua=y |
5267 | CONFIG_PACKAGE_libuci=y | 5268 | CONFIG_PACKAGE_libuci=y |
5268 | # CONFIG_PACKAGE_libuci-lua is not set | 5269 | # CONFIG_PACKAGE_libuci-lua is not set |
5269 | # CONFIG_PACKAGE_libuci2 is not set | 5270 | # CONFIG_PACKAGE_libuci2 is not set |
@@ -6357,7 +6358,7 @@ CONFIG_PACKAGE_wireguard-tools=y | |||
6357 | CONFIG_PACKAGE_hostapd-common=y | 6358 | CONFIG_PACKAGE_hostapd-common=y |
6358 | # CONFIG_PACKAGE_hostapd-mini is not set | 6359 | # CONFIG_PACKAGE_hostapd-mini is not set |
6359 | # CONFIG_PACKAGE_hostapd-openssl is not set | 6360 | # CONFIG_PACKAGE_hostapd-openssl is not set |
6360 | # CONFIG_PACKAGE_hostapd-utils is not set | 6361 | CONFIG_PACKAGE_hostapd-utils=y |
6361 | # CONFIG_PACKAGE_hostapd-wolfssl is not set | 6362 | # CONFIG_PACKAGE_hostapd-wolfssl is not set |
6362 | # CONFIG_PACKAGE_hs20-client is not set | 6363 | # CONFIG_PACKAGE_hs20-client is not set |
6363 | # CONFIG_PACKAGE_hs20-common is not set | 6364 | # CONFIG_PACKAGE_hs20-common is not set |
@@ -7203,7 +7204,18 @@ CONFIG_PACKAGE_libjson-script=y | |||
7203 | # CONFIG_PACKAGE_procps-ng is not set | 7204 | # CONFIG_PACKAGE_procps-ng is not set |
7204 | # CONFIG_PACKAGE_progress is not set | 7205 | # CONFIG_PACKAGE_progress is not set |
7205 | # CONFIG_PACKAGE_prometheus is not set | 7206 | # CONFIG_PACKAGE_prometheus is not set |
7206 | # CONFIG_PACKAGE_prometheus-node-exporter-lua is not set | 7207 | CONFIG_PACKAGE_prometheus-node-exporter-lua=y |
7208 | # CONFIG_PACKAGE_prometheus-node-exporter-lua-dawn is not set | ||
7209 | CONFIG_PACKAGE_prometheus-node-exporter-lua-hostapd_stations=y | ||
7210 | # CONFIG_PACKAGE_prometheus-node-exporter-lua-hostapd_ubus_stations is not set | ||
7211 | CONFIG_PACKAGE_prometheus-node-exporter-lua-nat_traffic=y | ||
7212 | CONFIG_PACKAGE_prometheus-node-exporter-lua-netstat=y | ||
7213 | CONFIG_PACKAGE_prometheus-node-exporter-lua-openwrt=y | ||
7214 | # CONFIG_PACKAGE_prometheus-node-exporter-lua-snmp6 is not set | ||
7215 | # CONFIG_PACKAGE_prometheus-node-exporter-lua-textfile is not set | ||
7216 | # CONFIG_PACKAGE_prometheus-node-exporter-lua-uci_dhcp_host is not set | ||
7217 | CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi=y | ||
7218 | CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi_stations=y | ||
7207 | # CONFIG_PACKAGE_prometheus-statsd-exporter is not set | 7219 | # CONFIG_PACKAGE_prometheus-statsd-exporter is not set |
7208 | # CONFIG_PACKAGE_pservice is not set | 7220 | # CONFIG_PACKAGE_pservice is not set |
7209 | # CONFIG_PACKAGE_psmisc is not set | 7221 | # CONFIG_PACKAGE_psmisc is not set |
diff --git a/files/files/etc/config/firewall b/files/files/etc/config/firewall index 5997399..f2675d4 100644 --- a/files/files/etc/config/firewall +++ b/files/files/etc/config/firewall | |||
@@ -1,6 +1,6 @@ | |||
1 | config defaults | 1 | config defaults |
2 | option syn_flood '1' | 2 | option synflood_protect '1' |
3 | option input 'ACCEPT' | 3 | option input 'REJECT' |
4 | option output 'ACCEPT' | 4 | option output 'ACCEPT' |
5 | option forward 'REJECT' | 5 | option forward 'REJECT' |
6 | 6 | ||
@@ -14,9 +14,6 @@ config zone 'lan' | |||
14 | config zone 'mgmt' | 14 | config zone 'mgmt' |
15 | option name 'mgmt' | 15 | option name 'mgmt' |
16 | list network 'mgmt' | 16 | list network 'mgmt' |
17 | option input 'ACCEPT' | ||
18 | option output 'ACCEPT' | ||
19 | option forward 'REJECT' | ||
20 | 17 | ||
21 | config rule | 18 | config rule |
22 | option name 'Allow-Ping' | 19 | option name 'Allow-Ping' |
@@ -63,7 +60,14 @@ config rule | |||
63 | 60 | ||
64 | config rule | 61 | config rule |
65 | option name 'Allow-SSH' | 62 | option name 'Allow-SSH' |
66 | option src '*' | 63 | option src 'mgmt' |
67 | option dest_port '22' | 64 | option dest_port '22' |
68 | option proto 'tcp' | 65 | option proto 'tcp' |
69 | option target 'ACCEPT' | 66 | option target 'ACCEPT' |
67 | |||
68 | config rule | ||
69 | option name 'Allow-Prometheus' | ||
70 | option src 'mgmt' | ||
71 | option dest_port '9100' | ||
72 | option proto 'tcp' | ||
73 | option target 'ACCEPT' | ||