From e61239f2039fc678761ed75a6711923ef1a55661 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 7 Aug 2022 20:08:50 +0200 Subject: [PATCH 1/3] Fix https://github.com/Ysurac/openmptcprouter/issues/2454 --- openmptcprouter/files/etc/uci-defaults/1940-omr-dns | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/openmptcprouter/files/etc/uci-defaults/1940-omr-dns b/openmptcprouter/files/etc/uci-defaults/1940-omr-dns index ecb75b2f5..d9986be6d 100755 --- a/openmptcprouter/files/etc/uci-defaults/1940-omr-dns +++ b/openmptcprouter/files/etc/uci-defaults/1940-omr-dns @@ -8,6 +8,11 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then set unbound.@unbound[-1].recursion="aggressive" set unbound.@unbound[-1].validator='1' set unbound.@unbound[-1].validator_ntp='1' + del unbound.ub_main.dns64_prefix + del unbound.ub_main.iface_wan + del unbound.ub_main.dhcp4_slaac6 + del unbound.ub_main.query_minimize + del unbound.ub_main.query_min_strict commit unbound EOF fi From d700848f06a924d2bd71b6cc1ff57102be88bafb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 7 Aug 2022 20:09:41 +0200 Subject: [PATCH 2/3] Fix https://github.com/Ysurac/openmptcprouter/issues/2456 --- openmptcprouter/files/etc/init.d/openvpnbonding | 2 +- openmptcprouter/files/etc/uci-defaults/2020-omr-vpn | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/openmptcprouter/files/etc/init.d/openvpnbonding b/openmptcprouter/files/etc/init.d/openvpnbonding index 2df9d5897..77d0b8c75 100755 --- a/openmptcprouter/files/etc/init.d/openvpnbonding +++ b/openmptcprouter/files/etc/init.d/openvpnbonding @@ -55,7 +55,7 @@ _disable_openvpnbonding() { name=$1 if [ "$(echo $name | grep omr_bonding)" != "" ]; then - uci -q set openvpn.${name}.enabled='0' + uci -q del openvpn.${name}.enabled uci -q batch <<-EOF >/dev/null del network.omrvpn.bonding_policy del network.omrvpn.packets_per_slave diff --git a/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn b/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn index 4cb5a524c..75a947d27 100755 --- a/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn +++ b/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn @@ -38,7 +38,6 @@ if [ "$(uci -q get openvpn.omr.proto)" != "tcp-client" ]; then set openvpn.omr.port=65301 set openvpn.omr.cipher=AES-256-CBC set openvpn.omr.proto=tcp-client - set openvpn.omr.enabled=0 set openvpn.omr.ncp_disable=1 set openvpn.omr.auth_nocache=1 set openvpn.omr.client=1 From b9d5d51d428525d9334bac317268a938c12d1a47 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 7 Aug 2022 20:10:15 +0200 Subject: [PATCH 3/3] Fix https://github.com/Ysurac/openmptcprouter/issues/2453 and add a limit on ICMP --- openmptcprouter/files/etc/uci-defaults/1980-omr-firewall | 3 +++ 1 file changed, 3 insertions(+) diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall index 3719a41b0..b4493bb18 100755 --- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall +++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall @@ -77,6 +77,7 @@ if [ "$(uci -q show firewall | grep Allow-All-Ping)" = "" ]; then set firewall.@rule[-1].dest='*' set firewall.@rule[-1].src='*' set firewall.@rule[-1].icmp_type='echo-request' + set firewall.@rule[-1].limit='1000/sec' commit firewall EOF fi @@ -195,6 +196,7 @@ if [ "$(uci -q get firewall.allowicmpipv6)" = "" ]; then set firewall.allowicmpipv6.src='wan' set firewall.allowicmpipv6.name='Allow IPv6 ICMP' set firewall.allowicmpipv6.family='ipv6' + set firewall.@rule[-1].limit='1000/sec' set firewall.allowicmpipv6.icmp_type='neighbour-advertisement neighbour-solicitation router-advertisement router-solicitation' commit firewall EOF @@ -244,6 +246,7 @@ if [ "$(uci -q get openmptcprouter.settings.sipalg)" != "1" ]; then uci -q batch <<-EOF >/dev/null set firewall.zone_lan.auto_helper='0' set firewall.zone_wan.auto_helper='0' + set firewall.zone_vpn.auto_helper='0' commit firewall EOF rmmod nf_nat_sip 2>&1 >/dev/null