From 8e064cce69bc3d4a4407a2a0f807d8cbdf5883c1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 14 Apr 2021 06:54:18 -0400 Subject: [PATCH 1/8] Update iiab-internet-on --- roles/network/templates/gateway/iiab-internet-on | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/templates/gateway/iiab-internet-on b/roles/network/templates/gateway/iiab-internet-on index 23aadd8b1..708049112 100644 --- a/roles/network/templates/gateway/iiab-internet-on +++ b/roles/network/templates/gateway/iiab-internet-on @@ -4,6 +4,10 @@ sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=True/" {{ iiab_env_fil cat << EOF +IIAB Firewall Documentation +http://box.lan/info/IIAB-Networking.html#firewall-iptables +https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables + WARNING: If you want to _permanently_ change your IIAB's default behavior (i.e. to specify whether student client devices should have Internet or not, in general!) then modify variable 'iiab_gateway_enabled' in From acdbf503d8fe4406108970b81b1dbc574d4f98a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 14 Apr 2021 06:55:41 -0400 Subject: [PATCH 2/8] Update iiab-internet-off --- roles/network/templates/gateway/iiab-internet-off | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/templates/gateway/iiab-internet-off b/roles/network/templates/gateway/iiab-internet-off index 0e3e73ac1..53c3a3ee5 100644 --- a/roles/network/templates/gateway/iiab-internet-off +++ b/roles/network/templates/gateway/iiab-internet-off @@ -4,6 +4,10 @@ sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=False/" {{ iiab_env_fi cat << EOF +IIAB Firewall Documentation +http://box.lan/info/IIAB-Networking.html#firewall-iptables +https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables + WARNING: If you want to _permanently_ change your IIAB's default behavior (i.e. to specify whether student client devices should have Internet or not, in general!) then modify variable 'iiab_gateway_enabled' in From e631ea392c7c353db74b4e4166357a4b0b64ce57 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 14 Apr 2021 07:21:30 -0400 Subject: [PATCH 3/8] Update iiab-gen-iptables --- roles/network/templates/gateway/iiab-gen-iptables | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 1175157af..e8287e261 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -45,7 +45,6 @@ echo -e "WAN: $wan\n" # "Good thing we replace this file; should be treated like Squid below" ? ports_externally_visible={{ ports_externally_visible }} -#services_externally_visible= [deprecated] gw_block_https={{ gw_block_https }} sshd_port={{ sshd_port }} #gui_wan= [no longer needed] From 5471f28462f7ba541cce049453c078d834332d6b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 14 Apr 2021 08:00:27 -0400 Subject: [PATCH 4/8] Update iiab-internet-on --- roles/network/templates/gateway/iiab-internet-on | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-internet-on b/roles/network/templates/gateway/iiab-internet-on index 708049112..be99c1533 100644 --- a/roles/network/templates/gateway/iiab-internet-on +++ b/roles/network/templates/gateway/iiab-internet-on @@ -9,7 +9,7 @@ http://box.lan/info/IIAB-Networking.html#firewall-iptables https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables WARNING: If you want to _permanently_ change your IIAB's default behavior -(i.e. to specify whether student client devices should have Internet or not, +(i.e. to specify whether student/client devices should have Internet or not, in general!) then modify variable 'iiab_gateway_enabled' in /etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network' EOF From 16ed017392eb05ef90f24b5111e41684b406a0a3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 14 Apr 2021 08:00:55 -0400 Subject: [PATCH 5/8] Update iiab-internet-off --- roles/network/templates/gateway/iiab-internet-off | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-internet-off b/roles/network/templates/gateway/iiab-internet-off index 53c3a3ee5..d2c4c404d 100644 --- a/roles/network/templates/gateway/iiab-internet-off +++ b/roles/network/templates/gateway/iiab-internet-off @@ -9,7 +9,7 @@ http://box.lan/info/IIAB-Networking.html#firewall-iptables https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables WARNING: If you want to _permanently_ change your IIAB's default behavior -(i.e. to specify whether student client devices should have Internet or not, +(i.e. to specify whether student/client devices should have Internet or not, in general!) then modify variable 'iiab_gateway_enabled' in /etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network' EOF From 057db8f3a7483d9c9d06332b6497386879515905 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 14 Apr 2021 08:17:22 -0400 Subject: [PATCH 6/8] sysd-netd-debian.yml typo? --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 2d6d200b8..ca7cd1cbe 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -62,7 +62,7 @@ name: systemd-networkd state: restarted -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway$ +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway systemd: name: hostapd state: restarted From a8df90c3a462bb3cc3f953224b0e3907201f7308 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 14 Apr 2021 13:01:37 -0400 Subject: [PATCH 7/8] network/tasks/rpi_debian.yml: Restore explanation of hostapd restart --- roles/network/tasks/rpi_debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index f31fb8842..c3f40eac9 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -68,7 +68,7 @@ state: restarted when: iiab_wired_lan_iface is defined -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: name: hostapd state: restarted From e4d9e6306b66e6b32d2dd0deb6000bab6de5ac44 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 14 Apr 2021 13:01:44 -0400 Subject: [PATCH 8/8] network/tasks/sysd-netd-debian.yml: Restore explanation of hostapd restart --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index ca7cd1cbe..c334d6688 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -62,7 +62,7 @@ name: systemd-networkd state: restarted -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: name: hostapd state: restarted