emissary-firmware/misc/common/uci-defaults/99-emissary-common-uci-cust...

44 lines
1.2 KiB
Bash

#/bin/sh
set -e
main() {
# Update default firewall ruleset
uci add firewall rule
uci set firewall.@rule[-1].name='Allow SSH on WAN'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='22'
uci set firewall.@rule[-1].target='ACCEPT'
uci add firewall rule
uci set firewall.@rule[-1].name='Allow HTTP on WAN'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='80'
uci set firewall.@rule[-1].target='ACCEPT'
uci add firewall rule
uci set firewall.@rule[-1].name='Allow HTTPS on WAN'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='443'
uci set firewall.@rule[-1].target='ACCEPT'
uci add firewall rule
uci set firewall.@rule[-1].name='Allow 42521 on WAN'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='42521'
uci set firewall.@rule[-1].target='ACCEPT'
uci commit firewall
# Disable DNS-rebind protection
uci set dhcp.@dnsmasq[0].rebind_protection='0'
uci commit dhcp
reload_config
}
main