William Petit
707a8c6f30
All checks were successful
arcad/emissary-firmware/pipeline/head This commit looks good
37 lines
1008 B
Bash
37 lines
1008 B
Bash
#/bin/sh
|
|
|
|
set -e
|
|
|
|
main() {
|
|
# Update default firewall ruleset
|
|
uci add firewall rule
|
|
uci set firewall.@rule[-1].name='Allow SSH on WAN'
|
|
uci set firewall.@rule[-1].src='wan'
|
|
uci set firewall.@rule[-1].proto='tcp'
|
|
uci set firewall.@rule[-1].dest_port='22'
|
|
uci set firewall.@rule[-1].target='ACCEPT'
|
|
|
|
uci add firewall rule
|
|
uci set firewall.@rule[-1].name='Allow HTTP on WAN'
|
|
uci set firewall.@rule[-1].src='wan'
|
|
uci set firewall.@rule[-1].proto='tcp'
|
|
uci set firewall.@rule[-1].dest_port='80'
|
|
uci set firewall.@rule[-1].target='ACCEPT'
|
|
|
|
uci add firewall rule
|
|
uci set firewall.@rule[-1].name='Allow HTTPS on WAN'
|
|
uci set firewall.@rule[-1].src='wan'
|
|
uci set firewall.@rule[-1].proto='tcp'
|
|
uci set firewall.@rule[-1].dest_port='443'
|
|
uci set firewall.@rule[-1].target='ACCEPT'
|
|
|
|
uci commit firewall
|
|
|
|
# Disable DNS-rebind protection
|
|
uci set dhcp.@dnsmasq[0].rebind_protection='0'
|
|
uci commit dhcp
|
|
|
|
reload_config
|
|
}
|
|
|
|
main |