X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=wrt-setup-local;h=73eaeba8bdd2cc3462dfd5756d446c17e6578fda;hp=d9f11ab9aac9701ef8dc22ebe50bfd8b8c630add;hb=HEAD;hpb=d8024901625ccaec69197c28a7c6db34cc7ce616

diff --git a/wrt-setup-local b/wrt-setup-local
index d9f11ab..3d2edb8 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -666,6 +666,7 @@ config rule
  option target REJECT
 ## end no external dns for ziva
 
+$(. /root/cmc-firewall-data)
 
 config rule
  option src              wan
@@ -684,32 +685,6 @@ config rule
  option target           ACCEPT
  option dest_port        9091
 
-
-config redirect
- option name nagioskd
- option src              wan
- option src_dport        3005
- option dest_port        3005
- option dest_ip          $l.2
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        3005
-
-
-config redirect
- option name sshkd
- option src              wan
- option src_dport        2202
- option dest_port        22
- option dest_ip          $l.2
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2202
-
 # was working on an openvpn server, didn't finish
 # config redirect
 #  option name vpnkd
@@ -737,67 +712,6 @@ config rule
  option dest_port        8989
 
 
-config redirect
- option name sshx2
- option src              wan
- option src_dport        2205
- option dest_port        22
- option dest_ip          $l.5
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2205
-
-config redirect
- option name sshx3
- option src              wan
- option src_dport        2207
- option dest_port        22
- option dest_ip          $l.7
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2207
-
-config redirect
- option name sshtp
- option src              wan
- option src_dport        2208
- option dest_port        22
- option dest_ip          $l.8
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2208
-
-config redirect
- option name sshbb8
- option src              wan
- option src_dport        2209
- option dest_port        22
- option dest_ip          $l.9
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2209
-
-
-config redirect
- option name sshfrodo
- option src              wan
- option src_dport        2234
- option dest_port        34
- option dest_ip          $l.34
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2228
-
 
 config redirect
  option name icecast
@@ -848,7 +762,7 @@ config rule
  option target           ACCEPT
  option dest_port        4533
 
-# So a client can just have i.b8.nz dns even when they
+# So a client can just have b8.nz dns even when they
 # are on the lan.
 #config redirect
 # option name navidromelan
@@ -876,7 +790,7 @@ config redirect
  option src              wan
  option src_dport        80
  option dest             lan
- option dest_ip          $l.12
+ option dest_ip          $l.7
  option proto            tcp
 config rule
  option src              wan
@@ -889,7 +803,7 @@ config redirect
  option src              wan
  option src_dport        443
  option dest             lan
- option dest_ip          $l.12
+ option dest_ip          $l.7
  option proto            tcp
 config rule
  option src              wan
@@ -1113,32 +1027,13 @@ EOF
   # https dns will need to be blocked by ip in
   # order to be comprehensive
 
+
   cedit /etc/unbound/unbound_ext.conf <<EOF || unbound_restart=true
 
-$(cat /root/ptr-data)
+$(. /root/ptr-data)
 
 local-data-ptr: "10.2.0.1 cmc.b8.nz"
-local-data-ptr: "10.2.0.4 wrt2.b8.nz"
-local-data-ptr: "10.2.0.6 x2w.b8.nz"
-local-data-ptr: "10.2.0.7 syw.b8.nz"
-local-data-ptr: "10.2.0.9 bb8.b8.nz"
-local-data-ptr: "10.2.0.14 wrt3.b8.nz"
-local-data-ptr: "10.2.0.17 x3w.b8.nz"
-local-data-ptr: "10.2.0.18 tp.b8.nz"
-local-data-ptr: "10.2.0.19 brother.b8.nz"
-local-data-ptr: "10.2.0.23 tpw.b8.nz"
-local-data-ptr: "10.2.0.24 one9p.b8.nz"
-local-data-ptr: "10.2.0.25 hp.b8.nz"
-local-data-ptr: "10.2.0.29 bow.b8.nz"
-local-data-ptr: "10.2.0.31 amazontab.b8.nz"
-local-data-ptr: "10.2.0.32 samsungtab.b8.nz"
-local-data-ptr: "10.2.0.38 x8.b8.nz"
-local-data-ptr: "10.2.0.48 bigs.b8.nz"
-local-data-ptr: "10.2.0.49 pi4.b8.nz"
-local-data-ptr: "10.2.0.50 pi4w.b8.nz"
-local-data-ptr: "10.2.0.52 s22.b8.nz"
-local-data-ptr: "10.2.0.53 cmcap.b8.nz"
-local-data-ptr: "10.2.0.88 demohost.b8.nz"
+
 local-data-ptr: "10.174.2.2 transmission.b8.nz"
 local-data-ptr: "10.173.8.1 defaultnn.b8.nz"
 local-data-ptr: "10.173.8.2 nn.b8.nz"
@@ -1209,11 +1104,15 @@ fi # end if $ap
 # to start.
 mkdir -p /mnt/usb/tftpboot
 cedit /etc/dnsmasq.conf  <<EOF || dnsmasq_restart=true
+
 # no dns
 port=0
 server=/b8.nz/#
 ptr-record=1.0.2.10.in-addr.arpa.,cmc.b8.nz
 
+# generated with host-info-update
+$(. /root/dnsmasq-data)
+
 # https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
 stop-dns-rebind
 rebind-domain-ok=b8.nz
@@ -1269,54 +1168,6 @@ server=10.2.0.1
 
 
 # default dhcp range is 100-150
-# bottom port,  iPXE (PCI 03:00.0) in seabios boot menu
-dhcp-host=c8:60:00:31:6b:75,set:kd,$l.2,kd
-#dhcp-host=94:05:bb:1e:2c:2e,set:bo,$l.38,bo
-# top port, iPXE (PCI 04:00.0) in seabios boot menu
-#dhcp-host=c8:60:00:2b:15:07,set:kd,$l.2,kd
-# 4 is reserved for a staticly configured host wrt2
-
-
-dhcp-host=c4:8e:8f:60:63:cb,set:x2w,$l.6,x2w
-dhcp-host=10:51:07:f5:f1:b8,set:syw,$l.7,syw
-dhcp-host=80:fa:5b:1c:6e:cf,set:amy,$l.8,amy
-dhcp-host=a0:ce:c8:9f:7a:f3,set:sy,$l.12,sy
-# alternate dongle
-#dhcp-host=94:05:bb:1e:2c:2e,set:sy,$l.12,sy
-dhcp-host=00:1f:16:16:39:24,set:x2,$l.13,x2
-
-## for using different dhcp server
-#dhcp-host=52:54:00:9c:ef:ad,ignore
-# 14 = wrt3
-dhcp-host=ac:d1:b8:5c:eb:d7,set:x3w,$l.17,x3w
-dhcp-host=00:1f:16:14:01:d8,set:x3,$l.18,x3
-# BRN001BA98CA823 in dhcp logs
-dhcp-host=00:1b:a9:8c:a8:23,set:brother,$l.19,brother
-
-dhcp-host=00:26:b6:f7:d4:d8,set:amyw,$l.23,amyw
-dhcp-host=9a:c6:52:6f:ce:7c,set:onep9,$l.24,onep9
-dhcp-host=38:63:bb:07:5a:f9,set:hp,$l.25,hp
-dhcp-host=70:a6:cc:3a:bb:b4,set:bow,$l.29,bow
-dhcp-host=6c:56:97:88:7b:74,set:amazontab,$l.31,amazontab
-dhcp-host=0a:8a:9b:cf:b5:ec,set:samsungtab,$l.32,samsungtab
-dhcp-host=14:dd:a9:d5:31:7a,set:frodo,$l.34,frodo
-#dhcp-host=00:26:b6:f6:0f:e9,set:frodow,$l.34,frodow
-# server d16:
-dhcp-host=38:2c:4a:c9:33:13,set:bigs,$l.48,bigs
-dhcp-host=e4:5f:01:07:50:40,set:pi4,$l.49,pi4
-dhcp-host=e4:5f:01:07:50:3f,set:pi4w,$l.50,pi4w
-# samsung phone
-dhcp-host=a8:79:8d:71:54:68,set:s22,$l.52,s22
-
-# This is so fai can have an explicit name to use for testing,
-# or else any random machine which did a pxe boot would get
-# reformatted. The mac is from doing a virt-install, cancelling it,
-# and copying the generated mac, so it should be randomish.
-dhcp-host=52:54:00:9c:ef:ad,set:demohost,$l.88,demohost
-
-
-# faiserver vm
-#dhcp-host=52:54:00:56:09:f9,set:faiserver,$l.15,faiserver
 
 # template
 # dhcp-host=,$l.,