Skip to content

Commit

Permalink
save
Browse files Browse the repository at this point in the history
  • Loading branch information
superwhd committed Sep 6, 2023
1 parent 869d62c commit 557043d
Show file tree
Hide file tree
Showing 7 changed files with 37 additions and 4 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/macOS.yml
Original file line number Diff line number Diff line change
Expand Up @@ -63,4 +63,4 @@ jobs:
brew reinstall boost cmake cpputest dbus jsoncpp ninja protobuf@21 pkg-config
- name: Build
run: |
OTBR_OPTIONS='-DOTBR_BORDER_AGENT=OFF -DOTBR_MDNS=OFF -DOT_FIREWALL=OFF -DOTBR_DBUS=OFF' ./script/test build
OTBR_OPTIONS='-DOTBR_BORDER_AGENT=OFF -DOTBR_MDNS=OFF -DOT_IPTABLES_FIREWALL=OFF -DOTBR_DBUS=OFF' ./script/test build
4 changes: 4 additions & 0 deletions etc/docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ ARG RELEASE
ARG REST_API
ARG WEB_GUI
ARG MDNS
ARG IPTABLES_FIREWALL
ARG CORE_FIREWALL

ENV INFRA_IF_NAME=${INFRA_IF_NAME:-eth0}
ENV BORDER_ROUTING=${BORDER_ROUTING:-1}
Expand All @@ -59,6 +61,8 @@ ENV NAT64_DYNAMIC_POOL=${NAT64_DYNAMIC_POOL:-192.168.255.0/24}
ENV DNS64=${DNS64:-0}
ENV WEB_GUI=${WEB_GUI:-1}
ENV REST_API=${REST_API:-1}
ENV IPTABLES_FIREWALL=${IPTABLES_FIREWALL:-1}
ENV CORE_FIREWALL=${CORE_FIREWALL:-0}
ENV DOCKER 1

RUN env
Expand Down
10 changes: 10 additions & 0 deletions script/_firewall
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,12 @@ FIREWALL_SERVICE=/etc/init.d/otbr-firewall

sudo modprobe ip6table_filter || true

IPTABLES_FIREWALL="${IPTABLES_FIREWALL:-1}"

firewall_uninstall()
{
with IPTABLES_FIREWALL || return 0

firewall_stop
if have systemctl; then
sudo systemctl disable otbr-firewall || true
Expand All @@ -46,6 +50,8 @@ firewall_uninstall()

firewall_install()
{
with IPTABLES_FIREWALL || return 0

sudo cp script/otbr-firewall $FIREWALL_SERVICE
sudo chmod a+x $FIREWALL_SERVICE
if have systemctl; then
Expand All @@ -56,6 +62,8 @@ firewall_install()

firewall_start()
{
with IPTABLES_FIREWALL || return 0

if with DOCKER; then
service otbr-firewall start || die 'Failed to start firewall service'
elif have systemctl; then
Expand All @@ -65,6 +73,8 @@ firewall_start()

firewall_stop()
{
with IPTABLES_FIREWALL || return 0

if with DOCKER; then
service otbr-firewall stop || true
elif have systemctl; then
Expand Down
16 changes: 16 additions & 0 deletions script/_otbr
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,22 @@ otbr_install()
)
fi

if with IPTABLES_FIREWALL; then
otbr_options+=(
"-DOT_IPTABLES_FIREWALL=ON"
)
else
otbr_options+=(
"-DOT_IPTABLES_FIREWALL=OFF"
)
fi

if with CORE_FIREWALL; then
otbr_options+=(
"-DOT_CORE_FIREWALL=ON"
)
fi

(./script/cmake-build "${otbr_options[@]}" \
&& cd "${OTBR_TOP_BUILDDIR}" \
&& ninja \
Expand Down
2 changes: 2 additions & 0 deletions script/bootstrap
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@

NAT64_SERVICE="${NAT64_SERVICE:-openthread}"

IPTABLES_FIREWALL="${IPTABLES_FIREWALL:-1}"

install_packages_apt()
{
sudo apt-get update
Expand Down
4 changes: 2 additions & 2 deletions src/openwrt/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,9 @@ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/otbr-agent.uci-config
RENAME otbr-agent)


if(OT_FIREWALL)
if(OT_IPTABLES_FIREWALL)
configure_file(otbr-firewall.init.in otbr-firewall.init)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/otbr-firewall.init
DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/init.d
RENAME otbr-firewall)
endif(OT_FIREWALL)
endif(OT_IPTABLES_FIREWALL)
3 changes: 2 additions & 1 deletion third_party/openthread/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,14 @@ set(OT_CHILD_SUPERVISION ON CACHE STRING "enable child supervision" FORCE)
set(OT_COAP ON CACHE STRING "Enable CoAP in OpenThread")
set(OT_COAPS ON CACHE STRING "Enable secure CoAP in OpenThread")
set(OT_COMMISSIONER ON CACHE STRING "enable commissioner")
set(OT_CORE_FIREWALL OFF CACHE STRING "disable firewall in OpenThread core")
set(OT_DAEMON ON CACHE STRING "enable daemon mode" FORCE)
set(OT_DATASET_UPDATER ON CACHE STRING "enable dataset updater" FORCE)
set(OT_DNS_CLIENT ON CACHE STRING "enable DNS client" FORCE)
set(OT_DNS_UPSTREAM_QUERY ${OTBR_DNS_UPSTREAM_QUERY} CACHE STRING "enable sending DNS queries to upstream" FORCE)
set(OT_DNSSD_SERVER ${OTBR_DNSSD_DISCOVERY_PROXY} CACHE STRING "enable DNS-SD server support" FORCE)
set(OT_ECDSA ON CACHE STRING "enable ECDSA" FORCE)
set(OT_FIREWALL ON CACHE STRING "enable firewall feature")
set(OT_IPTABLES_FIREWALL OFF CACHE STRING "enable firewall feature")
set(OT_HISTORY_TRACKER ON CACHE STRING "enable history tracker" FORCE)
set(OT_JOINER ON CACHE STRING "enable joiner" FORCE)
set(OT_LOG_LEVEL_DYNAMIC ON CACHE STRING "enable dynamic log level control" FORCE)
Expand Down

0 comments on commit 557043d

Please sign in to comment.