From 5d6b96cd2d87fda14a6569e74382f7513e168e46 Mon Sep 17 00:00:00 2001 From: bdobe Date: Sun, 4 Oct 2015 11:28:02 +0200 Subject: [PATCH] Add package gluon-ebtables-filter-multicast-ffhh This package provides some additional ebtables multicast rules to gluon-ebtables-filter-multicast for the Freifunk Hamburg network. current changes: drop icmpv6 echo-requests to all-nodes & all-routers --- gluon-ebtables-filter-multicast-ffhh/Makefile | 42 +++++++++++++++++++ .../lib/gluon/ebtables/105-mcast-drop-icmpv6 | 2 + 2 files changed, 44 insertions(+) create mode 100644 gluon-ebtables-filter-multicast-ffhh/Makefile create mode 100644 gluon-ebtables-filter-multicast-ffhh/files/lib/gluon/ebtables/105-mcast-drop-icmpv6 diff --git a/gluon-ebtables-filter-multicast-ffhh/Makefile b/gluon-ebtables-filter-multicast-ffhh/Makefile new file mode 100644 index 0000000..428419e --- /dev/null +++ b/gluon-ebtables-filter-multicast-ffhh/Makefile @@ -0,0 +1,42 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=gluon-ebtables-filter-multicast-ffhh +PKG_VERSION:=1 +PKG_RELEASE:=1 + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) + +include $(INCLUDE_DIR)/package.mk + +define Package/gluon-ebtables-filter-multicast-ffhh + SECTION:=gluon + CATEGORY:=Gluon + TITLE:=Ebtables filters for multicast packets + DEPENDS:=+gluon-core +gluon-ebtables gluon-ebtables-filter-multicast +endef + +define Package/gluon-ebtables-filter-multicast-ffhh/description + Gluon community wifi mesh firmware framework: Ebtables filters for multicast packets + + These filters drop non-essential multicast traffic before it enters the mesh. + + Allowed protocols are: DHCP, DHCPv6, ARP, ICMP, ICMPv6, BitTorrent local peer discovery, BABEL and OSPF + + This package provides some additional rules for the Freifunk Hamburg network +endef + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/gluon-ebtables-filter-multicast-ffhh/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,gluon-ebtables-filter-multicast-ffhh)) diff --git a/gluon-ebtables-filter-multicast-ffhh/files/lib/gluon/ebtables/105-mcast-drop-icmpv6 b/gluon-ebtables-filter-multicast-ffhh/files/lib/gluon/ebtables/105-mcast-drop-icmpv6 new file mode 100644 index 0000000..f364989 --- /dev/null +++ b/gluon-ebtables-filter-multicast-ffhh/files/lib/gluon/ebtables/105-mcast-drop-icmpv6 @@ -0,0 +1,2 @@ +rule 'MULTICAST_OUT -p IPv6 --ip6-destination ff02::1 --ip6-protocol ipv6-icmp --ip6-icmp-type echo-request -j DROP' +rule 'MULTICAST_OUT -p IPv6 --ip6-destination ff02::2 --ip6-protocol ipv6-icmp --ip6-icmp-type echo-request -j DROP'