fff-network: enable forwarding; filter forwarding

Fixes #83 Signed-off-by: Tim Niemeyer <tim@tn-x.org> Reviewed-by: Robert Langhammer <rlanghammer@web.de> Reviewed-by: Christian Dresel <fff@chrisi01.de> Tested-by: Christian Dresel <fff@chrisi01.de>

fff-network: enable forwarding; filter forwarding
Fixes #83 Signed-off-by: Tim Niemeyer <tim@tn-x.org> Reviewed-by: Robert Langhammer <rlanghammer@web.de> Reviewed-by: Christian Dresel <fff@chrisi01.de> Tested-by: Christian Dresel <fff@chrisi01.de>
bd5985e9 · Tim Niemeyer · 6863c623 · bd5985e9 · bd5985e9 · bd5985e9
Commit bd5985e9 authored 7 years ago by Tim Niemeyer
--- a/src/packages/fff/fff-network/Makefile
+++ b/src/packages/fff/fff-network/Makefile
@@ -13,7 +13,7 @@ define Package/$(PKG_NAME)
    CATEGORY:=Freifunk
    TITLE:= Freifunk-Franken network configuration
    URL:=http://www.freifunk-franken.de
-    DEPENDS:=+fff-uradvd +fff-boardname
+    DEPENDS:=+fff-uradvd +fff-boardname +fff-firewall
 endef

 define Package/$(PKG_NAME)/description

--- a/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
+++ b/src/packages/fff/fff-network/files/etc/sysctl.d/50-fff-network.conf
@@ -26,7 +26,6 @@ net.ipv4.conf.default.accept_redirects=0
 net.ipv4.icmp_echo_ignore_broadcasts=1
 net.ipv4.icmp_ignore_bogus_error_responses=1
 net.ipv4.ip_forward=0
-# net.ipv6.conf.all.forwarding=1

 # disable bridge firewalling by default
 net.bridge.bridge-nf-call-arptables=0
@@ -65,6 +64,6 @@ net.ipv6.conf.all.autoconf = 0
 net.ipv6.conf.default.dad_transmits = 3
 net.ipv6.conf.all.dad_transmits = 3

-# How many global unicast IPv6 addresses can be assigned to each interface?
-net.ipv6.conf.default.max_addresses = 0
-net.ipv6.conf.all.max_addresses = 0
+# Enable forwarding, otherwise not all local route are examined
+net.ipv6.conf.all.forwarding=1
+net.ipv6.conf.default.forwarding=0
--- a/src/packages/fff/fff-network/files/usr/lib/firewall.d/06-disable-forwarding
+++ b/src/packages/fff/fff-network/files/usr/lib/firewall.d/06-disable-forwarding
+/sbin/iptables -P FORWARD DROP
+/sbin/ip6tables -P FORWARD DROP
--- a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
+++ b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
@@ -40,6 +40,7 @@ setAutoConf() {
    echo "net.ipv6.conf.$iface.accept_ra_pinfo = $on" >> "/etc/sysctl.d/51-fff-network-$iface.conf"
    echo "net.ipv6.conf.$iface.autoconf = $on" >> "/etc/sysctl.d/51-fff-network-$iface.conf"
    echo "net.ipv6.conf.$iface.accept_ra_rtr_pref = $on" >> "/etc/sysctl.d/51-fff-network-$iface.conf"
+    echo "net.ipv6.conf.$iface.forwarding = 0" >> "/etc/sysctl.d/51-fff-network-$iface.conf"

    /sbin/sysctl -p "/etc/sysctl.d/51-fff-network-$iface.conf"
 }