mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-12-17 17:31:27 +00:00
35e1cbd15b
Default firewall rules apply to unauthenticated clients, there is no need to specifically fwmark their packets. This reduces the firewall complexity and makes very clear what happens "by default". Add a preliminary README with a sample firewall illustrating this setup. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
128 lines
2.8 KiB
Plaintext
Executable File
128 lines
2.8 KiB
Plaintext
Executable File
#!/usr/bin/ucode
|
|
|
|
let ubus = require('ubus').connect();
|
|
let uci = require('uci').cursor();
|
|
|
|
function restart() {
|
|
system('/etc/init.d/spotfilter restart');
|
|
system('/etc/init.d/uspot restart');
|
|
system('/etc/init.d/uhttpd restart');
|
|
}
|
|
|
|
function interfaces() {
|
|
let interfaces = [];
|
|
uci.foreach('uspot', 'uspot', (d) => {
|
|
if (!d[".anonymous"])
|
|
push(interfaces, d[".name"]);
|
|
});
|
|
return uniq(interfaces);
|
|
}
|
|
|
|
function generate_spotfilter(name) {
|
|
function parse_bool(val) {
|
|
if (val == "1" || val == "on" || val == "true" || val == "yes")
|
|
return true;
|
|
else if (val == "0" || val == "off" || val == "false" || val == "no")
|
|
return false;
|
|
else
|
|
return null;
|
|
}
|
|
function fail(msg) {
|
|
warn(msg + '\n');
|
|
exit(1);
|
|
}
|
|
|
|
if (!parse_bool(uci.get('uspot', name, 'configure_spotfilter')))
|
|
exit(0);
|
|
|
|
let uspot = uci.get_all('uspot', name);
|
|
if (!uspot)
|
|
fail('Cannot load uspot config for "' + name);
|
|
|
|
let device_macaddr = uci.get('network', uspot.interface, 'device');
|
|
if (!device_macaddr)
|
|
fail('Cannot find target network interface');
|
|
if (uspot.wl_hosts && type(uspot.wl_hosts) != "array")
|
|
fail('Expecting list for wl_hosts');
|
|
if (uspot.wl_addrs && type(uspot.wl_addrs) != "array")
|
|
fail('Expecting list for wl_addrs');
|
|
|
|
let class = [
|
|
{
|
|
index: 0,
|
|
device_macaddr,
|
|
}, {
|
|
index: 1,
|
|
fwmark: 1,
|
|
fwmark_mask: 127
|
|
}
|
|
];
|
|
|
|
let whitelist = [{
|
|
class: 1,
|
|
hosts: uspot.wl_hosts || [],
|
|
address: uspot.wl_addrs || [],
|
|
}];
|
|
|
|
let conf = {
|
|
name,
|
|
devices: type(uspot.ifname) == "array" ? uspot.ifname : [ uspot.ifname ],
|
|
config: {
|
|
default_class: 0,
|
|
default_dns_class: 1,
|
|
client_autoremove: !!parse_bool(uspot.client_autoremove),
|
|
class,
|
|
whitelist
|
|
}
|
|
};
|
|
printf('%.J\n', conf);
|
|
}
|
|
|
|
switch(ARGV[0]) {
|
|
case 'dump':
|
|
for (let interface in interfaces()) {
|
|
let clients = ubus.call('spotfilter', 'client_list', { interface });
|
|
printf('%.J\n', clients);
|
|
}
|
|
break;
|
|
case 'clients':
|
|
for (let interface in interfaces()) {
|
|
let clients = ubus.call('spotfilter', 'client_list', { interface});
|
|
let res = {};
|
|
let t = time();
|
|
|
|
for (let c, val in clients) {
|
|
res[c] = {
|
|
status: val.state ? 'Authenticated' : 'Garden',
|
|
idle: val.idle || 0,
|
|
time: val.data.connect ? t - val.data.connect : 0,
|
|
ip4addr: val.ip4addr || '',
|
|
ip6addr: val.ip6addr || '',
|
|
packets_ul: val.acct_data.packets_ul || 0,
|
|
bytes_ul: val.acct_data.bytes_ul || 0,
|
|
packets_dl: val.acct_data.packets_dl || 0,
|
|
bytes_dl: val.acct_data.bytes_dl || 0,
|
|
};
|
|
}
|
|
printf('%.J\n', res);
|
|
}
|
|
break;
|
|
case 'restart':
|
|
restart();
|
|
break;
|
|
case 'log':
|
|
system('logread -f | grep uspot:');
|
|
break;
|
|
case 'debugon':
|
|
case 'debugoff':
|
|
uci.set('uspot', 'def_captive', 'debug', 'debugon'==ARGV[0]);
|
|
uci.commit();
|
|
restart();
|
|
break;
|
|
case 'generate':
|
|
generate_spotfilter(ARGV[1]);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|