From da8bfbd7a61c805259b3711e9f0981884aca8569 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 8 Jan 2022 22:43:04 +0100 Subject: ... --- files/.config | 28 ++++++++++++++++++++-------- files/files/etc/config/firewall | 16 ++++++++++------ 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/files/.config b/files/.config index a5789dc..80044c5 100644 --- a/files/.config +++ b/files/.config @@ -3967,19 +3967,20 @@ CONFIG_GOLANG_BUILD_CACHE_DIR="" # CONFIG_PACKAGE_dkjson is not set # CONFIG_PACKAGE_json4lua is not set # CONFIG_PACKAGE_ldbus is not set -# CONFIG_PACKAGE_libiwinfo-lua is not set +CONFIG_PACKAGE_libiwinfo-lua=y # CONFIG_PACKAGE_linotify is not set # CONFIG_PACKAGE_lpeg is not set # CONFIG_PACKAGE_lsqlite3 is not set -# CONFIG_PACKAGE_lua is not set +CONFIG_PACKAGE_lua=y # CONFIG_PACKAGE_lua-argparse is not set # CONFIG_PACKAGE_lua-bencode is not set -# CONFIG_PACKAGE_lua-bit32 is not set +CONFIG_PACKAGE_lua-bit32=y # CONFIG_PACKAGE_lua-cjson is not set # CONFIG_PACKAGE_lua-copas is not set # CONFIG_PACKAGE_lua-coxpcall is not set # CONFIG_PACKAGE_lua-curl-v3 is not set # CONFIG_PACKAGE_lua-ev is not set +# CONFIG_PACKAGE_lua-examples is not set # CONFIG_PACKAGE_lua-libmodbus is not set # CONFIG_PACKAGE_lua-lzlib is not set # CONFIG_PACKAGE_lua-md5 is not set @@ -4006,7 +4007,7 @@ CONFIG_GOLANG_BUILD_CACHE_DIR="" # CONFIG_PACKAGE_luarocks is not set # CONFIG_PACKAGE_luasec is not set # CONFIG_PACKAGE_luasoap is not set -# CONFIG_PACKAGE_luasocket is not set +CONFIG_PACKAGE_luasocket=y # CONFIG_PACKAGE_luasocket5.3 is not set # CONFIG_PACKAGE_luasql-mysql is not set # CONFIG_PACKAGE_luasql-pgsql is not set @@ -5092,7 +5093,7 @@ CONFIG_PACKAGE_libjson-c=y # CONFIG_PACKAGE_libleptonica is not set # CONFIG_PACKAGE_libloragw is not set # CONFIG_PACKAGE_libltdl is not set -# CONFIG_PACKAGE_liblua is not set +CONFIG_PACKAGE_liblua=y # CONFIG_PACKAGE_liblua5.3 is not set # CONFIG_PACKAGE_liblucihttp is not set # CONFIG_PACKAGE_liblucihttp-lua is not set @@ -5263,7 +5264,7 @@ CONFIG_PACKAGE_libss=y CONFIG_PACKAGE_libubox=y # CONFIG_PACKAGE_libubox-lua is not set CONFIG_PACKAGE_libubus=y -# CONFIG_PACKAGE_libubus-lua is not set +CONFIG_PACKAGE_libubus-lua=y CONFIG_PACKAGE_libuci=y # CONFIG_PACKAGE_libuci-lua is not set # CONFIG_PACKAGE_libuci2 is not set @@ -6357,7 +6358,7 @@ CONFIG_PACKAGE_wireguard-tools=y CONFIG_PACKAGE_hostapd-common=y # CONFIG_PACKAGE_hostapd-mini is not set # CONFIG_PACKAGE_hostapd-openssl is not set -# CONFIG_PACKAGE_hostapd-utils is not set +CONFIG_PACKAGE_hostapd-utils=y # CONFIG_PACKAGE_hostapd-wolfssl is not set # CONFIG_PACKAGE_hs20-client is not set # CONFIG_PACKAGE_hs20-common is not set @@ -7203,7 +7204,18 @@ CONFIG_PACKAGE_libjson-script=y # CONFIG_PACKAGE_procps-ng is not set # CONFIG_PACKAGE_progress is not set # CONFIG_PACKAGE_prometheus is not set -# CONFIG_PACKAGE_prometheus-node-exporter-lua is not set +CONFIG_PACKAGE_prometheus-node-exporter-lua=y +# CONFIG_PACKAGE_prometheus-node-exporter-lua-dawn is not set +CONFIG_PACKAGE_prometheus-node-exporter-lua-hostapd_stations=y +# CONFIG_PACKAGE_prometheus-node-exporter-lua-hostapd_ubus_stations is not set +CONFIG_PACKAGE_prometheus-node-exporter-lua-nat_traffic=y +CONFIG_PACKAGE_prometheus-node-exporter-lua-netstat=y +CONFIG_PACKAGE_prometheus-node-exporter-lua-openwrt=y +# CONFIG_PACKAGE_prometheus-node-exporter-lua-snmp6 is not set +# CONFIG_PACKAGE_prometheus-node-exporter-lua-textfile is not set +# CONFIG_PACKAGE_prometheus-node-exporter-lua-uci_dhcp_host is not set +CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi=y +CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi_stations=y # CONFIG_PACKAGE_prometheus-statsd-exporter is not set # CONFIG_PACKAGE_pservice is not set # CONFIG_PACKAGE_psmisc is not set diff --git a/files/files/etc/config/firewall b/files/files/etc/config/firewall index 5997399..f2675d4 100644 --- a/files/files/etc/config/firewall +++ b/files/files/etc/config/firewall @@ -1,6 +1,6 @@ config defaults - option syn_flood '1' - option input 'ACCEPT' + option synflood_protect '1' + option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' @@ -14,9 +14,6 @@ config zone 'lan' config zone 'mgmt' option name 'mgmt' list network 'mgmt' - option input 'ACCEPT' - option output 'ACCEPT' - option forward 'REJECT' config rule option name 'Allow-Ping' @@ -63,7 +60,14 @@ config rule config rule option name 'Allow-SSH' - option src '*' + option src 'mgmt' option dest_port '22' option proto 'tcp' option target 'ACCEPT' + +config rule + option name 'Allow-Prometheus' + option src 'mgmt' + option dest_port '9100' + option proto 'tcp' + option target 'ACCEPT' -- cgit v1.2.3