[openwrt] begin to add default firewall

This commit is contained in:
Nico Schottelius 2022-01-26 17:27:47 +01:00
parent 0e44b7587c
commit 0b2ef8216d

View file

@ -0,0 +1,49 @@
#!/bin/sh
# 2022-01-21, Nico Schottelius
# Firewall configuration
if ! uci show firewall | grep "name='Allow-SSH'"; then
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-SSH'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest='lan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='22'
uci set firewall.@rule[-1].target='ACCEPT'
fi
if ! uci show firewall | grep "name='Allow-HTTPS'"; then
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-HTTPS'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest='lan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='443'
uci set firewall.@rule[-1].target='ACCEPT'
fi
if ! uci show firewall | grep "name='Allow-HTTP'"; then
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-HTTP'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest='lan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='80'
uci set firewall.@rule[-1].target='ACCEPT'
fi
if ! uci show firewall | grep "name='Allow-Remote-SSH-Access'"; then
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-Remote-SSH-Access'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='22'
uci set firewall.@rule[-1].enabled='0'
uci set firewall.@rule[-1].target='ACCEPT'
fi
# Add interfaces to the right network zone
uci set firewall.@zone[1].network='wan wan6 wg0'
uci commit