handle ssh redirects programatically

diff --git a/wrt-setup b/wrt-setup
index ec91ed78debea5fc272b88d5c9674f3338d95799..bce6a4ad98668a88fa4909cdabd4502695470e32 100755 (executable)
--- a/wrt-setup
+++ b/wrt-setup
@@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc
 #/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
 
 scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
-     /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/dnsmasq-data /b/bash-bear-trap/bash-bear $h:
+     /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/{dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:
 scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
 
 ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"

diff --git a/wrt-setup-local b/wrt-setup-local
index aabfca3fb5c030be02a9de91f34454fa27399a8f..3d2edb85e513645d678aea7c236f69787b5d8afe 100755 (executable)
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -666,6 +666,7 @@ config rule
  option target REJECT
 ## end no external dns for ziva
 
+$(. /root/cmc-firewall-data)
 
 config rule
  option src              wan
@@ -684,18 +685,6 @@ config rule
  option target           ACCEPT
  option dest_port        9091
 
-config redirect
- option name sshkd
- option src              wan
- option src_dport        2202
- option dest_port        22
- option dest_ip          $l.2
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2202
-
 # was working on an openvpn server, didn't finish
 # config redirect
 #  option name vpnkd
@@ -723,55 +712,6 @@ config rule
  option dest_port        8989
 
 
-config redirect
- option name sshx2
- option src              wan
- option src_dport        2205
- option dest_port        22
- option dest_ip          $l.5
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2205
-
-config redirect
- option name sshx3
- option src              wan
- option src_dport        2207
- option dest_port        22
- option dest_ip          $l.7
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2207
-
-config redirect
- option name sshbb8
- option src              wan
- option src_dport        2209
- option dest_port        22
- option dest_ip          $l.32
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2209
-
-
-config redirect
- option name sshfrodo
- option src              wan
- option src_dport        2234
- option dest_port        34
- option dest_ip          $l.34
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2234
-
 
 config redirect
  option name icecast
@@ -822,7 +762,7 @@ config rule
  option target           ACCEPT
  option dest_port        4533
 
-# So a client can just have i.b8.nz dns even when they
+# So a client can just have b8.nz dns even when they
 # are on the lan.
 #config redirect
 # option name navidromelan