iankelling.org
/
git
/
automated-distro-installer
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
5c8f49a
)
handle ssh redirects programatically
author
Ian Kelling
<iank@fsf.org>
Sat, 27 Apr 2024 21:03:04 +0000
(17:03 -0400)
committer
Ian Kelling
<iank@fsf.org>
Sat, 27 Apr 2024 21:03:04 +0000
(17:03 -0400)
wrt-setup
patch
|
blob
|
history
wrt-setup-local
patch
|
blob
|
history
diff --git
a/wrt-setup
b/wrt-setup
index ec91ed78debea5fc272b88d5c9674f3338d95799..bce6a4ad98668a88fa4909cdabd4502695470e32 100755
(executable)
--- a/
wrt-setup
+++ b/
wrt-setup
@@
-77,7
+77,7
@@
scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
- /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/
dnsmasq
-data /b/bash-bear-trap/bash-bear $h:
+ /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/
{dnsmasq,cmc-firewall}
-data /b/bash-bear-trap/bash-bear $h:
scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
diff --git
a/wrt-setup-local
b/wrt-setup-local
index aabfca3fb5c030be02a9de91f34454fa27399a8f..3d2edb85e513645d678aea7c236f69787b5d8afe 100755
(executable)
--- a/
wrt-setup-local
+++ b/
wrt-setup-local
@@
-666,6
+666,7
@@
config rule
option target REJECT
## end no external dns for ziva
option target REJECT
## end no external dns for ziva
+$(. /root/cmc-firewall-data)
config rule
option src wan
config rule
option src wan
@@
-684,18
+685,6
@@
config rule
option target ACCEPT
option dest_port 9091
option target ACCEPT
option dest_port 9091
-config redirect
- option name sshkd
- option src wan
- option src_dport 2202
- option dest_port 22
- option dest_ip $l.2
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2202
-
# was working on an openvpn server, didn't finish
# config redirect
# option name vpnkd
# was working on an openvpn server, didn't finish
# config redirect
# option name vpnkd
@@
-723,55
+712,6
@@
config rule
option dest_port 8989
option dest_port 8989
-config redirect
- option name sshx2
- option src wan
- option src_dport 2205
- option dest_port 22
- option dest_ip $l.5
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2205
-
-config redirect
- option name sshx3
- option src wan
- option src_dport 2207
- option dest_port 22
- option dest_ip $l.7
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2207
-
-config redirect
- option name sshbb8
- option src wan
- option src_dport 2209
- option dest_port 22
- option dest_ip $l.32
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2209
-
-
-config redirect
- option name sshfrodo
- option src wan
- option src_dport 2234
- option dest_port 34
- option dest_ip $l.34
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2234
-
config redirect
option name icecast
config redirect
option name icecast
@@
-822,7
+762,7
@@
config rule
option target ACCEPT
option dest_port 4533
option target ACCEPT
option dest_port 4533
-# So a client can just have
i.
b8.nz dns even when they
+# So a client can just have b8.nz dns even when they
# are on the lan.
#config redirect
# option name navidromelan
# are on the lan.
#config redirect
# option name navidromelan