cambios en openwrt

openwrt-files/etc/config/dhcp

@@ -1,25 +1,25 @@
 
 config dnsmasq
 	option domainneeded '1'
-	option boguspriv '1'
-	option filterwin2k '0'
 	option localise_queries '1'
 	option rebind_protection '1'
 	option rebind_localhost '1'
-	option local '/lan/'
-	option domain 'lan'
 	option expandhosts '1'
-	option nonegcache '0'
 	option authoritative '1'
 	option readethers '1'
 	option leasefile '/tmp/dhcp.leases'
 	option resolvfile '/tmp/resolv.conf.auto'
 	option nonwildcard '1'
 	option localservice '1'
+	option local '/redcomani.org/'
+	option domain 'redcomani.org'
 
 config dhcp 'lan'
 	option interface 'lan'
+	option dhcpv6 'server'
+	option ra 'server'
 	option ignore '1'
+	option ra_management '1'
 
 config dhcp 'wan'
 	option interface 'wan'

openwrt-files/etc/config/firewall

@@ -1,125 +1,195 @@
-
 config defaults
-	option syn_flood '1'
-	option input 'ACCEPT'
-	option output 'ACCEPT'
-	option forward 'REJECT'
+	option syn_flood	1
+	option input		ACCEPT
+	option output		ACCEPT
+	option forward		REJECT
+# Uncomment this line to disable ipv6 rules
+#	option disable_ipv6	1
 
 config zone
-	option name 'lan'
-	option input 'ACCEPT'
-	option output 'ACCEPT'
-	option forward 'ACCEPT'
-	option network 'lan'
+	option name		lan
+	list   network		'lan'
+	option input		ACCEPT
+	option output		ACCEPT
+	option forward		ACCEPT
 
 config zone
-	option name 'wan'
-	option input 'REJECT'
-	option output 'ACCEPT'
-	option forward 'REJECT'
-	option masq '1'
-	option mtu_fix '1'
-	option network ' '
+	option name		wan
+	list   network		'wan'
+	list   network		'wan6'
+	option input		REJECT
+	option output		ACCEPT
+	option forward		REJECT
+	option masq		1
+	option mtu_fix		1
 
 config forwarding
-	option src 'lan'
-	option dest 'wan'
+	option src		lan
+	option dest		wan
+
+# We need to accept udp packets on port 68,
+# see https://dev.openwrt.org/ticket/4108
+config rule
+	option name		Allow-DHCP-Renew
+	option src		wan
+	option proto		udp
+	option dest_port	68
+	option target		ACCEPT
+	option family		ipv4
+
+# Allow IPv4 ping
+config rule
+	option name		Allow-Ping
+	option src		wan
+	option proto		icmp
+	option icmp_type	echo-request
+	option family		ipv4
+	option target		ACCEPT
 
 config rule
-	option name 'Allow-DHCP-Renew'
-	option src 'wan'
-	option proto 'udp'
-	option dest_port '68'
-	option target 'ACCEPT'
-	option family 'ipv4'
+	option name		Allow-IGMP
+	option src		wan
+	option proto		igmp
+	option family		ipv4
+	option target		ACCEPT
+
+# Allow DHCPv6 replies
+# see https://dev.openwrt.org/ticket/10381
+config rule
+	option name		Allow-DHCPv6
+	option src		wan
+	option proto		udp
+	option src_ip		fc00::/6
+	option dest_ip		fc00::/6
+	option dest_port	546
+	option family		ipv6
+	option target		ACCEPT
 
 config rule
-	option name 'Allow-Ping'
-	option src 'wan'
-	option proto 'icmp'
-	option icmp_type 'echo-request'
-	option family 'ipv4'
-	option target 'ACCEPT'
+	option name		Allow-MLD
+	option src		wan
+	option proto		icmp
+	option src_ip		fe80::/10
+	list icmp_type		'130/0'
+	list icmp_type		'131/0'
+	list icmp_type		'132/0'
+	list icmp_type		'143/0'
+	option family		ipv6
+	option target		ACCEPT
+
+# Allow essential incoming IPv6 ICMP traffic
+config rule
+	option name		Allow-ICMPv6-Input
+	option src		wan
+	option proto	icmp
+	list icmp_type		echo-request
+	list icmp_type		echo-reply
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	list icmp_type		router-solicitation
+	list icmp_type		neighbour-solicitation
+	list icmp_type		router-advertisement
+	list icmp_type		neighbour-advertisement
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
+
+# Allow essential forwarded IPv6 ICMP traffic
+config rule
+	option name		Allow-ICMPv6-Forward
+	option src		wan
+	option dest		*
+	option proto		icmp
+	list icmp_type		echo-request
+	list icmp_type		echo-reply
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
 
 config rule
-	option name 'Allow-IGMP'
-	option src 'wan'
-	option proto 'igmp'
-	option family 'ipv4'
-	option target 'ACCEPT'
+	option name		Allow-IPSec-ESP
+	option src		wan
+	option dest		lan
+	option proto		esp
+	option target		ACCEPT
 
 config rule
-	option name 'Allow-DHCPv6'
-	option src 'wan'
-	option proto 'udp'
-	option src_ip 'fc00::/6'
-	option dest_ip 'fc00::/6'
-	option dest_port '546'
-	option family 'ipv6'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-MLD'
-	option src 'wan'
-	option proto 'icmp'
-	option src_ip 'fe80::/10'
-	list icmp_type '130/0'
-	list icmp_type '131/0'
-	list icmp_type '132/0'
-	list icmp_type '143/0'
-	option family 'ipv6'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-ICMPv6-Input'
-	option src 'wan'
-	option proto 'icmp'
-	list icmp_type 'echo-request'
-	list icmp_type 'echo-reply'
-	list icmp_type 'destination-unreachable'
-	list icmp_type 'packet-too-big'
-	list icmp_type 'time-exceeded'
-	list icmp_type 'bad-header'
-	list icmp_type 'unknown-header-type'
-	list icmp_type 'router-solicitation'
-	list icmp_type 'neighbour-solicitation'
-	list icmp_type 'router-advertisement'
-	list icmp_type 'neighbour-advertisement'
-	option limit '1000/sec'
-	option family 'ipv6'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-ICMPv6-Forward'
-	option src 'wan'
-	option dest '*'
-	option proto 'icmp'
-	list icmp_type 'echo-request'
-	list icmp_type 'echo-reply'
-	list icmp_type 'destination-unreachable'
-	list icmp_type 'packet-too-big'
-	list icmp_type 'time-exceeded'
-	list icmp_type 'bad-header'
-	list icmp_type 'unknown-header-type'
-	option limit '1000/sec'
-	option family 'ipv6'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-IPSec-ESP'
-	option src 'wan'
-	option dest 'lan'
-	option proto 'esp'
-	option target 'ACCEPT'
-
-config rule
-	option name 'Allow-ISAKMP'
-	option src 'wan'
-	option dest 'lan'
-	option dest_port '500'
-	option proto 'udp'
-	option target 'ACCEPT'
+	option name		Allow-ISAKMP
+	option src		wan
+	option dest		lan
+	option dest_port	500
+	option proto		udp
+	option target		ACCEPT
 
+# include a file with users custom iptables rules
 config include
-	option path '/etc/firewall.user'
+	option path /etc/firewall.user
 
+
+### EXAMPLE CONFIG SECTIONS
+# do not allow a specific ip to access wan
+#config rule
+#	option src		lan
+#	option src_ip	192.168.45.2
+#	option dest		wan
+#	option proto	tcp
+#	option target	REJECT
+
+# block a specific mac on wan
+#config rule
+#	option dest		wan
+#	option src_mac	00:11:22:33:44:66
+#	option target	REJECT
+
+# block incoming ICMP traffic on a zone
+#config rule
+#	option src		lan
+#	option proto	ICMP
+#	option target	DROP
+
+# port redirect port coming in on wan to lan
+#config redirect
+#	option src			wan
+#	option src_dport	80
+#	option dest			lan
+#	option dest_ip		192.168.16.235
+#	option dest_port	80
+#	option proto		tcp
+
+# port redirect of remapped ssh port (22001) on wan
+#config redirect
+#	option src		wan
+#	option src_dport	22001
+#	option dest		lan
+#	option dest_port	22
+#	option proto		tcp
+
+### FULL CONFIG SECTIONS
+#config rule
+#	option src		lan
+#	option src_ip	192.168.45.2
+#	option src_mac	00:11:22:33:44:55
+#	option src_port	80
+#	option dest		wan
+#	option dest_ip	194.25.2.129
+#	option dest_port	120
+#	option proto	tcp
+#	option target	REJECT
+
+#config redirect
+#	option src		lan
+#	option src_ip	192.168.45.2
+#	option src_mac	00:11:22:33:44:55
+#	option src_port		1024
+#	option src_dport	80
+#	option dest_ip	194.25.2.129
+#	option dest_port	120
+#	option proto	tcp

openwrt-files/etc/config/network

@@ -6,11 +6,11 @@ config interface 'loopback'
 	option netmask '255.0.0.0'
 
 config globals 'globals'
-	option ula_prefix 'fd20:a9a3:4c8a::/48'
+	option ula_prefix 'fda8:6c9c:aee9::/48'
 
 config interface 'lan'
 	option type 'bridge'
-	option ifname 'eth0.1'
+	option ifname 'eth0'
 	option proto 'static'
 	option ip6assign '60'
 	option ipaddr '10.17.0.101'
@@ -19,25 +19,10 @@ config interface 'lan'
 	option dns '10.17.95.1'
 
 config interface 'wan'
-	option ifname 'eth0.2'
+	option ifname 'eth1'
 	option proto 'dhcp'
 
 config interface 'wan6'
-	option ifname 'eth0.2'
+	option ifname 'eth1'
 	option proto 'dhcpv6'
 
-config switch
-	option name 'switch0'
-	option reset '1'
-	option enable_vlan '1'
-
-config switch_vlan
-	option device 'switch0'
-	option vlan '1'
-	option ports '2 3 4 5 0t'
-
-config switch_vlan
-	option device 'switch0'
-	option vlan '2'
-	option ports '1 0t'
-

openwrt-files/etc/config/system

@@ -14,22 +14,44 @@ config timeserver 'ntp'
 	list server '2.openwrt.pool.ntp.org'
 	list server '3.openwrt.pool.ntp.org'
 
-config led 'led_usb1'
-	option name 'USB1'
-	option sysfs 'tp-link:green:usb1'
-	option trigger 'usbdev'
-	option interval '50'
-	option dev '1-1.1'
+config gpio_switch 'poe_passthrough'
+	option name 'PoE Passthrough'
+	option gpio_pin '8'
+	option value '0'
 
-config led 'led_usb2'
-	option name 'USB2'
-	option sysfs 'tp-link:green:usb2'
-	option trigger 'usbdev'
-	option interval '50'
-	option dev '1-1.2'
+config led 'led_rssilow'
+	option sysfs 'ubnt:red:link1'
+	option trigger 'rssi'
+	option iface 'rssid_wlan0'
+	option minq '1'
+	option maxq '100'
+	option offset '0'
+	option factor '13'
 
-config led 'led_wlan2g'
-	option name 'WLAN2G'
-	option sysfs 'tp-link:blue:wlan2g'
-	option trigger 'phy0tpt'
+config led 'led_rssimediumlow'
+	option sysfs 'ubnt:orange:link2'
+	option trigger 'rssi'
+	option iface 'rssid_wlan0'
+	option minq '26'
+	option maxq '100'
+	option offset '-25'
+	option factor '13'
+
+config led 'led_rssimediumhigh'
+	option sysfs 'ubnt:green:link3'
+	option trigger 'rssi'
+	option iface 'rssid_wlan0'
+	option minq '51'
+	option maxq '100'
+	option offset '-50'
+	option factor '13'
+
+config led 'led_rssihigh'
+	option sysfs 'ubnt:green:link4'
+	option trigger 'rssi'
+	option iface 'rssid_wlan0'
+	option minq '76'
+	option maxq '100'
+	option offset '-75'
+	option factor '13'
 

openwrt-files/etc/config/wireless

@@ -1,32 +1,17 @@
 
 config wifi-device 'radio0'
 	option type 'mac80211'
+	option channel '11'
 	option hwmode '11g'
-	option path 'platform/ar934x_wmac'
-	option channel '6'
-	option htmode 'HT40'
+	option path 'pci0000:00/0000:00:00.0'
+	option htmode 'HT20'
 	option country 'US'
 	option legacy_rates '1'
 
 config wifi-iface 'default_radio0'
 	option device 'radio0'
+	option mode 'ap'
+	option ssid 'RedCoMani.org'
 	option network 'lan'
-	option mode 'ap'
-	option encryption 'none'
-	option ssid 'RedCoMani.org'
-
-config wifi-device 'radio1'
-	option type 'mac80211'
-	option hwmode '11a'
-	option path 'pci0000:00/0000:00:00.0'
-	option channel '120'
-	option htmode 'HT40'
-	option country 'US'
-	option legacy_rates '1'
-
-config wifi-iface 'default_radio1'
-	option device 'radio1'
-	option mode 'ap'
-	option ssid 'RedCoMani.org'
 	option encryption 'none'
 

openwrt-files/etc/shadow

@@ -1,4 +1,4 @@
-root:$1$o0K13DIt$44HqwLkJyp3ZpxHjNjMh//:17926:0:99999:7:::
+root:$1$xhU4xtec$6BYy6N10k/XgXJVFYtKmu/:17926:0:99999:7:::
 daemon:*:0:0:99999:7:::
 ftp:*:0:0:99999:7:::
 network:*:0:0:99999:7:::