Skip to content

Commit

Permalink
[firewall] add switches to turn on/off iptables firewall (#1997)
Browse files Browse the repository at this point in the history
  • Loading branch information
superwhd authored Sep 15, 2023
1 parent b425da1 commit ff2f24c
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 0 deletions.
2 changes: 2 additions & 0 deletions etc/docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ ARG RELEASE
ARG REST_API
ARG WEB_GUI
ARG MDNS
ARG FIREWALL

ENV INFRA_IF_NAME=${INFRA_IF_NAME:-eth0}
ENV BORDER_ROUTING=${BORDER_ROUTING:-1}
Expand All @@ -59,6 +60,7 @@ ENV NAT64_DYNAMIC_POOL=${NAT64_DYNAMIC_POOL:-192.168.255.0/24}
ENV DNS64=${DNS64:-0}
ENV WEB_GUI=${WEB_GUI:-1}
ENV REST_API=${REST_API:-1}
ENV FIREWALL=${FIREWALL:-1}
ENV DOCKER 1

RUN env
Expand Down
10 changes: 10 additions & 0 deletions script/_firewall
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,12 @@ FIREWALL_SERVICE=/etc/init.d/otbr-firewall

sudo modprobe ip6table_filter || true

FIREWALL="${FIREWALL:-1}"

firewall_uninstall()
{
with FIREWALL || return 0

firewall_stop
if have systemctl; then
sudo systemctl disable otbr-firewall || true
Expand All @@ -46,6 +50,8 @@ firewall_uninstall()

firewall_install()
{
with FIREWALL || return 0

sudo cp script/otbr-firewall $FIREWALL_SERVICE
sudo chmod a+x $FIREWALL_SERVICE
if have systemctl; then
Expand All @@ -56,6 +62,8 @@ firewall_install()

firewall_start()
{
with FIREWALL || return 0

if with DOCKER; then
service otbr-firewall start || die 'Failed to start firewall service'
elif have systemctl; then
Expand All @@ -65,6 +73,8 @@ firewall_start()

firewall_stop()
{
with FIREWALL || return 0

if with DOCKER; then
service otbr-firewall stop || true
elif have systemctl; then
Expand Down
10 changes: 10 additions & 0 deletions script/_otbr
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,16 @@ otbr_install()
)
fi

if with FIREWALL; then
otbr_options+=(
"-DOT_FIREWALL=ON"
)
else
otbr_options+=(
"-DOT_FIREWALL=OFF"
)
fi

(./script/cmake-build "${otbr_options[@]}" \
&& cd "${OTBR_TOP_BUILDDIR}" \
&& ninja \
Expand Down
2 changes: 2 additions & 0 deletions script/bootstrap
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@

NAT64_SERVICE="${NAT64_SERVICE:-openthread}"

FIREWALL="${FIREWALL:-1}"

install_packages_apt()
{
sudo apt-get update
Expand Down

0 comments on commit ff2f24c

Please sign in to comment.