c6918fec00
firewall: use extraText for zone set contents
...
* the lua necessary is quite wordy, but it's less of a hack than
post-processing the rules file with pseudo-sed to get rid of `elements
= { }` lines
* also switch from stop/starting the firewall service to using a
signal, so that we don't go briefly offline every time a new interface
appears
2025-03-09 20:42:02 +00:00
d4e46dbe28
secrets/subscriber don't depend on the services we're watching
...
this means a watched service can stop and start without killing
the subscriber, and that we can watch for services that don't
yet exist
2025-03-09 20:35:40 +00:00
d1f87a56e0
secrets/subscriber: use correct numbers for signals to s6-svc
2025-03-09 20:34:29 +00:00
8c39b47cae
output-template: allow splicing statements instead of expression
...
if the text inside the delimiters begins with ; (a semicolon) then
the rest of it is expected to be one or more Lua statements. It needs
to say `return "foo"` to interpolate anything, as there is no
implicit return of the value of the last statement
2025-03-05 22:38:48 +00:00
2c7a16d792
firewallgen: add extraText param to set
...
anything in here is added verbatim to the set definition
2025-03-05 22:36:35 +00:00
d6b06abb63
delet second copy of output-template
2025-03-02 21:34:02 +00:00
6b32aa569e
think
2025-03-02 21:21:45 +00:00
234d1bd87e
basic unit tests for output-template
2025-03-02 21:14:46 +00:00
c38f180fb7
output-template expose table module
2025-03-02 21:14:16 +00:00
9a8b22997c
output-template: pass the tests
2025-03-02 21:09:32 +00:00
c32d09bd83
output-template: run the tests
2025-03-02 21:09:11 +00:00
6649ebeccd
firewall: use watch-outputs to track changes in zone->interface map
...
includes a horrible hack to work around (claimed (by me)) deficiencies
in the nftables parser
2025-02-28 00:43:20 +00:00
929226ed9e
delete commented code
2025-02-27 20:55:30 +00:00
a98f026210
think
2025-02-27 20:54:44 +00:00
f4dc001b71
check firewall zones in pppoe test
2025-02-25 23:32:05 +00:00
024c018262
run the output-template test
2025-02-22 00:10:19 +00:00
e1293e3778
think
2025-02-21 23:22:39 +00:00
0c406058e9
remove acceotance of udp sport 5 on wan
...
this was added for replies to dns queries but isn't needed for
that purpose as connection tracking does that anyway
2025-02-12 21:54:01 +00:00
19d441333c
remove duplicate rule
2025-02-10 23:50:07 +00:00
a726c09ae4
improve explanaton of reverse path filtering rule
...
thanks RoS for the references :-)
2025-02-10 23:48:29 +00:00
7e2b0068e6
nixfmt-rfc-style
...
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."
If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
2025-02-10 21:55:08 +00:00
13cc5a8992
Merge pull request 'support firewall zones: don't hardcode interface names in rules' ( #16 ) from firescape into main
...
Reviewed-on: #16
2025-02-10 21:23:15 +00:00
3f889c7119
default firewall zones in gateway profile
2025-02-10 21:21:08 +00:00
7f17125039
firewall: update zones with interface names as they appear
2025-02-10 21:21:08 +00:00
4bb081ffcf
export anoia.svc:fileno so it can be used with event loops
2025-02-10 21:21:08 +00:00
6587813577
WIP add zones to firewall module
...
- zones are an attrset of name -> [interface-service]
- the firewall will create empty "ifname" sets for each zone name
in each address family (ip, ip6)
- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear
This commit only adds the empty sets
2025-02-10 21:21:08 +00:00
1d780de0f1
add (very basic) set support in firewallgen
...
and add sets for lan/wan/dmz/guest interface names to default
firewall rules
2025-02-10 21:17:43 +00:00
8cf602da91
think
2025-02-10 21:17:43 +00:00
c92aacc6fd
firewall rules: use @lan and @wan sets instead of ifnames
...
we don't have anything yet to create or populate the sets
2025-02-06 09:22:41 +00:00
eff255fe12
boot.expect: sleep more, for gl-ar750
...
the bootloader on gl-ar750 loses characters if we shovel them too fast
2025-02-05 20:35:04 +00:00
453baede61
rt3200: add installer compatibility note
2025-02-05 20:35:04 +00:00
2295ed3110
Merge pull request 'OpenWrt One device support' ( #13 ) from raboof/liminix:openwrt-one into main
...
Reviewed-on: #13
2025-01-08 13:57:39 +00:00
Arnout Engelen
e71d92eb3d
OpenWrt One support
...
https://openwrt.org/toh/openwrt/one
2025-01-07 16:10:04 +01:00
f77da6f14c
remove remaining refs to kexecboot
2025-01-05 17:22:30 +00:00
61eaaa82eb
drivel
2025-01-05 17:17:44 +00:00
95dd1a1fab
add missing code-block
2025-01-05 15:45:04 +00:00
2f9b0f12f9
switch uid
2025-01-05 12:57:51 +00:00
9fd9b8b878
rt3200 kconfig for 6.6.x
...
* DMA stuff needed for wired ethernet
* DSA MDIO _probably_ (based on guessing from openwrt dmesg) needed
for wired ethernet
* some or all of NVMEM so that wireless drivers can read their eeprom
2025-01-05 00:16:03 +00:00
26f206d0e1
phram dtb reserved-memory needs no-map
...
c.f. 69429404ab
2025-01-04 23:50:44 +00:00
8cd068ea68
belkin rt3200: set tftp loadAddress to match u-boot
...
the old value of 0x4007ff28 was originally copied from something
upstreamy but I have no record of what. 0x48000000 is $loadaddr
in u-boot so let's use that instead
2025-01-04 23:48:19 +00:00
350ddde260
add pkgs.openwrt_24_10
...
is needed by Belkin RT3200 and might also be handy for OpenWrt One?
this is very copy-pastey, will tidy it up after it
stops being a moving target
2025-01-03 23:52:08 +00:00
13cb8d3692
sort imports
2025-01-03 15:41:22 +00:00
62b7aea8ab
add btrfs.nix to outputs imports
2025-01-03 15:40:33 +00:00
76e3fd9a55
add rt3200 to CI
2025-01-03 15:39:08 +00:00
92284fa9ba
mtdimage can't be a default import
...
it adds kernel config that depend on openwrt patches,
which aren't used/needed on all devices
2025-01-03 00:19:17 +00:00
a2bb55e885
oops fix syntax error
2025-01-03 00:07:00 +00:00
74027b44d7
extract log persistence config from s6 to new module
...
because it frobs kernel config, it breaks levitate
as levitate evalModules doesn't include the kernel
2025-01-02 23:56:49 +00:00
ea5370b3f4
import mtdimage in outputs
2025-01-02 23:37:07 +00:00
55ed365920
turris omnia: default rootfs and bootloader settings
2025-01-02 23:36:15 +00:00
aa2160dd05
logtap: fix indentation
...
spaces not tabs
2025-01-02 22:45:00 +00:00
