config mode does now support wifi and iptable rules are adjusted in f…

…irst boot
ffbsee · Jan 16, 2022 · dfe8668 · dfe8668
1 parent 35d4961
commit dfe8668
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 16 deletions.
diff --git a/ffbsee-setup-mode/Makefile b/ffbsee-setup-mode/Makefile
@@ -4,7 +4,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ffbsee-setup-mode
-PKG_VERSION:=0.2
+PKG_VERSION:=0.3
 
 include $(TOPDIR)/../package/gluon.mk
 
@@ -43,6 +43,8 @@ define Package/ffbsee-setup-mode/install
 	for link in $(init_links); do \
 		$(LN) "/etc/init.d/$$$${link:3}" "$(1)/lib/gluon/setup-mode/rc.d/$$$${link}"; \
 	done
+
+	$(LN) /etc/rc.d/S19dnsmasq $(1)/lib/gluon/setup-mode/rc.d/S21dnsmasq
 endef
 
 $(eval $(call BuildPackageGluon,ffbsee-setup-mode))
diff --git a/ffbsee-setup-mode/files/lib/gluon/setup-mode/rc.d/S19firewall-adjustment b/ffbsee-setup-mode/files/lib/gluon/setup-mode/rc.d/S19firewall-adjustment
@@ -0,0 +1,29 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+-- disallow ssh from outside world
+uci:foreach('firewall', 'zone', function(zone)
+  local name = zone['.name']
+  if not name == 'loc_client' then
+    uci:section('firewall', 'rule', name .. '_ssh', {
+        src = name,
+        dest_port = '22',
+        proto = 'tcp',
+        target = 'REJECT',
+    })
+  end
+end)
+
+-- no need to adjust 443 since this is only local anyway
+
+-- allow local dhcp
+uci:section('firewall', 'rule', 'loc_client' .. '_bootp', {
+    src = 'loc_client',
+    dest_port = '67',
+    proto = 'udp',
+    dest_ip = '10.15.239.127',
+    target = 'ACCEPT',
+})
+
+uci:save('firewall')
diff --git a/ffbsee-setup-mode/files/lib/gluon/setup-mode/rc.d/S20network b/ffbsee-setup-mode/files/lib/gluon/setup-mode/rc.d/S20network
@@ -9,29 +9,20 @@ STOP=90
 USE_PROCD=1
 
 
-delete_interface() {
-        [ "$1" = 'loopback' ] || uci_remove network "$1"
-}
-
 prepare_config() {
 (
 	export UCI_CONFIG_DIR=/var/gluon/setup-mode/config
 
 	mkdir -p "$UCI_CONFIG_DIR"
 
 	cp /etc/config/network "$UCI_CONFIG_DIR"
+	cp /etc/config/wireless "$UCI_CONFIG_DIR"
 
 	config_load network
-	config_foreach delete_interface interface
-
-	uci_add network interface setup
-	uci_set network setup ifname "$(lua -e 'print(require("gluon.sysconfig").setup_ifname)')"
-	uci_set network setup macaddr "$(lua -e 'print(require("gluon.sysconfig").primary_mac)')"
-	uci_set network setup type 'bridge'
-	uci_set network setup proto 'static'
-	uci_set network setup ipaddr "$SETUP_MODE_ADDR"
-	uci_set network setup netmask "$SETUP_MODE_NETMASK"
-#TODO wifi here
+	config_load wireless
+
+	interfaces=$(uci_get network client ifname | sed 's# bat[a-zA-Z0-9]*##')
+	uci_set network client ifname "$interfaces"
 	uci_commit network
 )
 }

diff --git a/ffbsee-setup-mode/files/lib/gluon/setup-mode/rc.d/S60dnsmasq b/ffbsee-setup-mode/files/lib/gluon/setup-mode/rc.d/S60dnsmasq
@@ -11,7 +11,8 @@ PROG=/usr/sbin/dnsmasq
 
 start_service() {
 	procd_open_instance
-	procd_set_param command $PROG -k -p 0 -F $SETUP_MODE_DHCP_RANGE -l /tmp/dhcp.leases -O option:router
+
+	procd_set_param command $PROG -k -p 0 -F $SETUP_MODE_DHCP_RANGE -l /tmp/dhcp.leases -O option:router -i local-node
 	procd_set_param respawn
 	procd_close_instance
 }