mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

Update TTL settings to nftables

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2024-10-29 09:34:53 +01:00
parent ebce49935a
commit d11f409225
2 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
openmptcprouter/files/etc/firewall.ttl
View file

@ -5,8 +5,12 @@
_set_ttl() {
device=$(uci -q get network.$1.name)
ttl=$(uci -q get network.$1.ttl)
if [ -n "$ttl" ] && [ -z "$(iptables-save 2>/dev/null | grep TTL | grep $device)" ]; then
iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl 2>&1 >/dev/null
if [ -n "$ttl" ]; then
if [ -e /usr/sbin/iptables-nft ] && [ -z "$(nft list ruleset 2>/dev/null | grep ttl | grep $device)" ]; then
nft add rule inet fw4 mangle_forward oifname $device ip ttl set $ttl >/dev/null 2>&1
elif [ ! -e /usr/sbin/iptables-nft ] && [ -z "$(iptables-save 2>/dev/null | grep TTL | grep $device)" ]; then
iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl >/dev/null 2>&1
fi
fi
}

4
openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
View file

@ -155,13 +155,15 @@ if [ "$(uci -q get firewall.ttl)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.ttl=include
set firewall.ttl.path=/etc/firewall.ttl
set firewall.ttl.type='script'
set firewall.ttl.fw4_compatible='1'
commit firewall
EOF
fi
if [ "$(uci -q get firewall.upnp)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.upnp=include
set firewall.upnp.path='/etc/firewall.ttl'
set firewall.upnp.path='/etc/firewall.upnp'
set firewall.upnp.type='script'
set firewall.upnp.fw4_compatible='1'
commit firewall