diff --git a/image-extras/tplink_archer-c7-v5/etc/uci-defaults/99defaults b/image-extras/tplink_archer-c7-v5/etc/uci-defaults/99defaults index 1237e73..cd71b41 100644 --- a/image-extras/tplink_archer-c7-v5/etc/uci-defaults/99defaults +++ b/image-extras/tplink_archer-c7-v5/etc/uci-defaults/99defaults @@ -1,12 +1,16 @@ +#!/bin/sh +# # Beware! This script will be in /rom/etc/uci-defaults/ as part of the image. # Uncomment lines to apply: -wlan_name="office" -wlan_password="fuckingwep" +WIFI_2G_SSID="fta-bgn" +WIFI_5G_SSID="fta-nac" +WIFI_2G_PASSWORD="fuckingwep" +WIFI_5G_PASSWORD="fuckingwep" root_password="AsD7fg" -lan_ip_address="192.168.77.4" +lan_ip_address="192.168.77.1" hostname="gw-elmash" # dhcp server 1 disable, 0 enable -dhcpsrv="1" +dhcpsrv="0" # log potential errors exec >/tmp/setup.log 2>&1 @@ -24,20 +28,26 @@ fi # Configure WLAN # More options: https://openwrt.org/docs/guide-user/network/wifi/basic#wi-fi_interfaces -if [ -n "$wlan_name" -a -n "$wlan_password" -a ${#wlan_password} -ge 8 ]; then - uci set wireless.@wifi-device[0].disabled='0' - uci set wireless.@wifi-device[0].channel='11' - uci set wireless.@wifi-device[0].txpower='15' - uci set wireless.@wifi-device[0].disabled='0' - uci set wireless.@wifi-device[0].country='RU' - uci set wireless.@wifi-iface[0].mode='ap' - uci set wireless.@wifi-iface[0].encryption='psk2' - uci set wireless.@wifi-iface[0].ssid="$wlan_name" - uci set wireless.@wifi-iface[0].key="$wlan_password" - #uci set wireless.@wifi-iface[0].macfilter='allow' - #uci add_list wireless.@wifi-iface[0].maclist='' - uci commit wireless -fi +echo 'Configuring Wi-Fi...' +uci set wireless.radio0.channel='6' +uci set wireless.radio0.country='RU' +uci set wireless.radio0.legacy_rates='0' +uci set wireless.radio0.noscan='1' +uci del wireless.radio0.disabled &> /dev/null +uci set wireless.default_radio0.ssid="${WIFI_5G_SSID}" +uci set wireless.default_radio0.encryption='psk2' +uci set wireless.default_radio0.key="${WIFI_5G_PASSWORD}" + +uci set wireless.radio1.channel='64' +uci set wireless.radio1.country='RU' +uci set wireless.radio1.legacy_rates='0' +uci set wireless.radio1.noscan='1' +uci del wireless.radio1.disabled &> /dev/null +uci set wireless.default_radio1.ssid="${WIFI_2G_SSID}" +uci set wireless.default_radio1.encryption='psk2' +uci set wireless.default_radio1.key="${WIFI_2G_PASSWORD}" + +uci commit wireless # Configure system uci set system.@system[0].hostname="$hostname" @@ -45,28 +55,17 @@ uci set system.@system[0].timezone='<+05>-5' uci set system.ntp.enable_server='1' uci set system.ntp.interface='lan' uci set system.@system[0].zonename='Asia/Yekaterinburg' -commit system +uci commit system /etc/init.d/system restart # Configure ssh dropbear -USER_NAME="admin" -USER_SSHPUB="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSZsnOKXMTO7GTdrDUzuemE2h+SAIwMBbsrLVtx/CFoYidtT5qQ4ukAJG5JvRIkmZUl0t2C69z0nEEZXInTycsqQW7IlYpiy9yTlImd9QmyckZcHptTtEzyNdcCDOXOcW2Q0YEykpOoccTCkk2PHa3Xufel67jTwXfaqAVzaN5fXy6uO2I1ab5HHwCFX8zTuagBXKSYDMlHxrz9friu8ipuiPsEgl5n1LOvasypnZkpjhb5XnJi7tyRHfbzx+X+DIZc/ZW21BPtcExSXn+mmVhTD0vQh9MGG/hnfdvCXGPSKGGHMPiZEL9vzN3PvBYVchp/8DDSKtRZtJnBpNhdtl+8LjGsOgDPN51otOxcDtIQgOiMGbgX6fzMB7EN642b3f8tlFp3aVswtH3isBz6AgeVO+qqI/nW6Io7mayNXrDXVIULh0Ol4TKTZ61KGLCUhX/ZL9ifXdXWlTVeXzidaxIZ7BGF5SaTRlHJhRfqVc8fZI9BBaPFFSqxBYzybYkGzU= jeka@x220" -USER_SHELL="/bin/ash" -SUDO_USER="root" -SUDO_GROUP="sudo" -groupadd -r "${SUDO_GROUP}" -useradd -m -G "${SUDO_GROUP}" -s "${USER_SHELL}" "${USER_NAME}" -passwd -l "${SUDO_USER}" -cat << EOI > /etc/sudoers.d/00-custom -%${SUDO_GROUP} ALL=(ALL) ALL +SSHPUB="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSZsnOKXMTO7GTdrDUzuemE2h+SAIwMBbsrLVtx/CFoYidtT5qQ4ukAJG5JvRIkmZUl0t2C69z0nEEZXInTycsqQW7IlYpiy9yTlImd9QmyckZcHptTtEzyNdcCDOXOcW2Q0YEykpOoccTCkk2PHa3Xufel67jTwXfaqAVzaN5fXy6uO2I1ab5HHwCFX8zTuagBXKSYDMlHxrz9friu8ipuiPsEgl5n1LOvasypnZkpjhb5XnJi7tyRHfbzx+X+DIZc/ZW21BPtcExSXn+mmVhTD0vQh9MGG/hnfdvCXGPSKGGHMPiZEL9vzN3PvBYVchp/8DDSKtRZtJnBpNhdtl+8LjGsOgDPN51otOxcDtIQgOiMGbgX6fzMB7EN642b3f8tlFp3aVswtH3isBz6AgeVO+qqI/nW6Io7mayNXrDXVIULh0Ol4TKTZ61KGLCUhX/ZL9ifXdXWlTVeXzidaxIZ7BGF5SaTRlHJhRfqVc8fZI9BBaPFFSqxBYzybYkGzU= jeka@x220" +cat << EOI > /etc/dropbear/authorized_keys +${SSHPUB} EOI -USER_HOME="$(eval echo ~"${USER_NAME}")" -mkdir -p "${USER_HOME}"/.ssh -cat << EOI > "${USER_HOME}"/.ssh/authorized_keys -${USER_SSHPUB} -EOI -uci set dropbear.@dropbear[0].PasswordAuth="1" -uci set dropbear.@dropbear[0].RootPasswordAuth="1" +chmod 600 /etc/dropbear/authorized_keys +uci set dropbear.@dropbear[0].PasswordAuth="0" +uci set dropbear.@dropbear[0].RootPasswordAuth="0" uci set dropbear.@dropbear[0].GatewayPorts='on' uci commit dropbear /etc/init.d/dropbear restart @@ -74,11 +73,14 @@ uci commit dropbear # Configure uhttpd uci set uhttpd.main.listen_http='0.0.0.0:8080' uci set uhttpd.main.listen_https='0.0.0.0:4431' -commit uhttpd +uci commit uhttpd /etc/init.d/uhttpd restart # DHCP server on/off uci set dhcp.lan.ignore="$dhcpsrv" +# DHCP ip range +uci set dhcp.lan.start='50' +uci set dhcp.lan.limit='100' uci add host uci set dhcp.@host[-1].name='jeka-office' uci set dhcp.@host[-1].mac='4c:cc:6a:01:5d:30' @@ -107,10 +109,467 @@ uci commit dhcp /etc/init.d/dnsmasq restart # Configure network +# VPN LAN BAUMANA +uci set network.vpn0=interface +uci set network.vpn0.proto='wireguard' +uci set network.vpn0.private_key='gFr1rme9kPAo6qJ4ss9wT8GYlwqIaPP0Tk+Y0VT8smo=' +uci set network.vpn0.listen_port='23555' +uci add network wireguard_vpn0 +uci set network.@wireguard_vpn0[0].description='Site Baumana Home' +uci set network.@wireguard_vpn0[0].public_key='ZNRTOIidJnKA34g1pDHVi0F1q2n7goNcJjDfGrTUnTM=' +uci set network.@wireguard_vpn0[0].preshared_key='qBhqDIizi2rR8DduM+LPedXcuTm02XQWSmtJ3s3r+NA=' +uci set network.@wireguard_vpn0[0].allowed_ips='192.168.75.0/24' '192.168.3.0/24' +uci set network.@wireguard_vpn0[0].route_allowed_ips='1' +uci set network.@wireguard_vpn0[0].persistent_keepalive='25' +uci set network.@wireguard_vpn0[0].endpoint_host='wg.npau.ru' +uci set network.@wireguard_vpn0[0].endpoint_port='23555' +# VPN LAN ARAMIL +uci set network.vpn1=interface +uci set network.vpn1.proto='wireguard' +uci set network.vpn1.private_key='uGb0lzBp6xeG3QW9YX1JOe47o9j8oY3fqtRdbH4gz3c=' +uci set network.vpn1.listen_port='23556' +uci add network wireguard_vpn1 +uci set network.@wireguard_vpn1[0].description='Site Aramil Office' +uci set network.@wireguard_vpn1[0].public_key='UrNRptLKi9GEKY/NgViIzK9F63oDNsMjuUgqQApQCQE=' +uci set network.@wireguard_vpn1[0].preshared_key='GdSszP+e86Vhs+/GD7uHpsLCnBCpyBZwMmOlxbS6OOg=' +uci set network.@wireguard_vpn1[0].allowed_ips='192.168.47.0/24' +uci set network.@wireguard_vpn1[0].route_allowed_ips='1' +uci set network.@wireguard_vpn1[0].persistent_keepalive='25' +uci set network.@wireguard_vpn1[0].endpoint_host='aramil.npau.ru' +uci set network.@wireguard_vpn1[0].endpoint_port='23556' +# VPN LAN OLGA +uci set network.vpn2=interface +uci set network.vpn2.proto='wireguard' +uci set network.vpn2.private_key='2IOKg/anbXm5yV7CteOAL02Ae6ewVIZu1E/+V/nM2lo=' +uci set network.vpn2.listen_port='23559' +uci add network wireguard_vpn2 +uci set network.@wireguard_vpn2[0].description='Site Olga Office' +uci set network.@wireguard_vpn2[0].public_key='SWZxuUR4tFoHbS/0jQm670X4Ex8TDyHRiW8u2D8QMHw=' +uci set network.@wireguard_vpn2[0].preshared_key='aUBTNiL5mBjMa2WXxSjdAUHkDr3laEv5py8tavNjndI=' +uci set network.@wireguard_vpn2[0].allowed_ips='192.168.97.0/24' +uci set network.@wireguard_vpn2[0].route_allowed_ips='1' +uci set network.@wireguard_vpn2[0].persistent_keepalive='25' +uci set network.@wireguard_vpn2[0].endpoint_host='olga.npau.ru' +uci set network.@wireguard_vpn2[0].endpoint_port='23559' +# VPN LAN PIVKO +uci set network.vpn3=interface +uci set network.vpn3.proto='wireguard' +uci set network.vpn3.private_key='iJl+I4d7lako5lJuwbm3jDeuStT4SAA4AE11tStVQVc=' +uci set network.vpn3.listen_port='23560' +uci add network wireguard_vpn3 +uci set network.@wireguard_vpn3[0].description='Site Pivko' +uci set network.@wireguard_vpn3[0].public_key='Fa1MCMOZ5V55ApFY6OGcmg3YnWwScYH4QKpbQ9jDhzM=' +uci set network.@wireguard_vpn3[0].preshared_key='tPDt9HWswEEGyW0qjTwD7h5GMqDhitNAGojiMt2rxNI=' +uci set network.@wireguard_vpn3[0].allowed_ips='192.168.76.0/24' +uci set network.@wireguard_vpn3[0].route_allowed_ips='1' +uci set network.@wireguard_vpn3[0].persistent_keepalive='25' +uci set network.@wireguard_vpn3[0].endpoint_host='pivko.npau.ru' +uci set network.@wireguard_vpn3[0].endpoint_port='23560' +# VPN OFFICE REMOTE USERS +uci set network.wg777=interface +uci set network.wg777.proto='wireguard' +uci set network.wg777.private_key='QCOLeGs/F2dBSCzW677Tb7b0H2vuEkZXFsSDl6ZSoGI=' +uci set network.wg777.listen_port='27027' +uci set network.wg777.addresses='10.14.0.1/24' +uci add network wireguard_wg777 +uci set network.@wireguard_wg777[0].description='julia' +uci set network.@wireguard_wg777[0].route_allowed_ips='1' +uci set network.@wireguard_wg777[0].persistent_keepalive='25' +uci set network.@wireguard_wg777[0].public_key='tZvwcrN/wsxq8kTWKWnueoF0LFcSg6jppbtWWnObJzo=' +uci set network.@wireguard_wg777[0].allowed_ips='10.14.0.2/32' +uci set network.@wireguard_wg777[1]=wireguard_wg777 +uci set network.@wireguard_wg777[1].description='julia-andorid' +uci set network.@wireguard_wg777[1].route_allowed_ips='1' +uci set network.@wireguard_wg777[1].persistent_keepalive='25' +uci set network.@wireguard_wg777[1].public_key='wGgvktRg+mokhs3WQu5ou0IfLp11cWRQDq/0beEQHWE=' +uci set network.@wireguard_wg777[1].allowed_ips='10.14.0.21/32' +uci set network.@wireguard_wg777[2]=wireguard_wg777 +uci set network.@wireguard_wg777[2].description='ksusha' +uci set network.@wireguard_wg777[2].route_allowed_ips='1' +uci set network.@wireguard_wg777[2].persistent_keepalive='25' +uci set network.@wireguard_wg777[2].public_key='UUpi9cY9oETIlOYtKF4HI4+peLqrBjMmIMlH8yf0NR4=' +uci set network.@wireguard_wg777[2].allowed_ips='10.14.0.3/32' +uci set network.@wireguard_wg777[3]=wireguard_wg777 +uci set network.@wireguard_wg777[3].description='ksusha-android' +uci set network.@wireguard_wg777[3].route_allowed_ips='1' +uci set network.@wireguard_wg777[3].persistent_keepalive='25' +uci set network.@wireguard_wg777[3].public_key='W0ZPGHV+jybC6Kzr279+/L+2TVjCVm8v7tHZFE6vbX4=' +uci set network.@wireguard_wg777[3].allowed_ips='10.14.0.22/32' +uci set network.@wireguard_wg777[4]=wireguard_wg777 +uci set network.@wireguard_wg777[4].description='dan' +uci set network.@wireguard_wg777[4].route_allowed_ips='1' +uci set network.@wireguard_wg777[4].persistent_keepalive='25' +uci set network.@wireguard_wg777[4].public_key='0prJyJ5Up0hXuKorhMJakvOQK/583+w1yJTxvoz+GH0=' +uci set network.@wireguard_wg777[4].allowed_ips='10.14.0.4/32' +uci set network.@wireguard_wg777[5]=wireguard_wg777 +uci set network.@wireguard_wg777[5].description='dan-android' +uci set network.@wireguard_wg777[5].route_allowed_ips='1' +uci set network.@wireguard_wg777[5].persistent_keepalive='25' +uci set network.@wireguard_wg777[5].public_key='VGPLY5IB/Ml35UJwhAOdT54hH+obEXGfaDZvi1QMwkQ=' +uci set network.@wireguard_wg777[5].allowed_ips='10.14.0.23/32' +uci set network.@wireguard_wg777[6]=wireguard_wg777 +uci set network.@wireguard_wg777[6].description='lev' +uci set network.@wireguard_wg777[6].route_allowed_ips='1' +uci set network.@wireguard_wg777[6].persistent_keepalive='25' +uci set network.@wireguard_wg777[6].public_key='D2FU7Za9VLcHvh6gp+vqViSYsiZY4BOjleVzBm2gx0E=' +uci set network.@wireguard_wg777[6].allowed_ips='10.14.0.5/32' +uci set network.@wireguard_wg777[7]=wireguard_wg777 +uci set network.@wireguard_wg777[7].description='lev-android' +uci set network.@wireguard_wg777[7].route_allowed_ips='1' +uci set network.@wireguard_wg777[7].persistent_keepalive='25' +uci set network.@wireguard_wg777[7].public_key='LS2C/943tsBS0SdtU4aRCYJAFOfCW93hsNF+9WdwZSc=' +uci set network.@wireguard_wg777[7].allowed_ips='10.14.0.27/32' +uci set network.@wireguard_wg777[8]=wireguard_wg777 +uci set network.@wireguard_wg777[8].description='natasha' +uci set network.@wireguard_wg777[8].route_allowed_ips='1' +uci set network.@wireguard_wg777[8].persistent_keepalive='25' +uci set network.@wireguard_wg777[8].public_key='BAPSq8QDxVSRsB3jFDFlWygh3dXoWeBF0WkV6W7ljEk=' +uci set network.@wireguard_wg777[8].allowed_ips='10.14.0.6/32' +uci set network.@wireguard_wg777[9]=wireguard_wg777 +uci set network.@wireguard_wg777[9].description='natasha-android' +uci set network.@wireguard_wg777[9].route_allowed_ips='1' +uci set network.@wireguard_wg777[9].persistent_keepalive='25' +uci set network.@wireguard_wg777[9].public_key='CFH22K5ji7bDuhON2ELxVhn41bvJjy6aZC1nILNZeAg=' +uci set network.@wireguard_wg777[9].allowed_ips='10.14.0.24/32' +uci set network.@wireguard_wg777[10]=wireguard_wg777 +uci set network.@wireguard_wg777[10].description='sia' +uci set network.@wireguard_wg777[10].route_allowed_ips='1' +uci set network.@wireguard_wg777[10].persistent_keepalive='25' +uci set network.@wireguard_wg777[10].public_key='H4xEoK4mqf01i/8AAgkYbLAc0px7K/zoFk8gpkbqX3Q=' +uci set network.@wireguard_wg777[10].allowed_ips='10.14.0.7/32' +uci set network.@wireguard_wg777[11]=wireguard_wg777 +uci set network.@wireguard_wg777[11].description='tonya' +uci set network.@wireguard_wg777[11].route_allowed_ips='1' +uci set network.@wireguard_wg777[11].persistent_keepalive='25' +uci set network.@wireguard_wg777[11].public_key='5qgq0gGJ4xBcVLA3qU4oi7YmQMkdix62Br5NXvO0xGc=' +uci set network.@wireguard_wg777[11].allowed_ips='10.14.0.8/32' +uci set network.@wireguard_wg777[12]=wireguard_wg777 +uci set network.@wireguard_wg777[12].description='lva-android' +uci set network.@wireguard_wg777[12].route_allowed_ips='1' +uci set network.@wireguard_wg777[12].persistent_keepalive='25' +uci set network.@wireguard_wg777[12].public_key='heWrgu7oPmpYIqT0WbziNZ0tZUFTOp7rPCz7Su8yM3g=' +uci set network.@wireguard_wg777[12].allowed_ips='10.14.0.25/32' +# VPN ANTIZAPRET +uci set network.wg0=interface +uci set network.wg0.proto='wireguard' +uci set network.wg0.listen_port='51820' +uci set network.wg0.private_key='WFmfbE7X7MJ/769Ifd9ENEgkyzuWJItKErOht4X3iG8=' +uci set network.wg0.addresses='192.168.100.2/24' +uci add network wireguard_wg0 +uci set network.@wireguard_wg0[0].name='wg0_client' +uci set network.@wireguard_wg0[0].route_allowed_ips='0' +uci set network.@wireguard_wg0[0].persistent_keepalive='25' +uci set network.@wireguard_wg0[0].allowed_ips='0.0.0.0/0' +uci set network.@wireguard_wg0[0].endpoint_host='88.210.11.80' +uci set network.@wireguard_wg0[0].endpoint_port='51820' +uci set network.@wireguard_wg0[0].public_key='E/3AhjY3/nteAEy7uPR72kKbXwyJL3ANEhsEoMHP43o=' +uci set network.@wireguard_wg0[0].preshared_key='tI8KGVUFcPRn0h9BPXlr8gccVJqsxAsXgZPTWHsnUDI=' +uci commit network /etc/init.d/network restart # Configure firewall +uci set firewall.@defaults[0].drop_invalid='1' +uci set firewall.@defaults[0].synflood_protect='1' +# ADD ZONES +uci add firewall zone +uci set firewall.@zone[2].name='vpn0' +uci set firewall.@zone[2].input='ACCEPT' +uci set firewall.@zone[2].forward='ACCEPT' +uci set firewall.@zone[2].device='vpn0' +uci set firewall.@zone[2].output='ACCEPT' +uci set firewall.@zone[2].network='vpn0' +uci add firewall zone +uci set firewall.@zone[3].name='vpn1' +uci set firewall.@zone[3].input='ACCEPT' +uci set firewall.@zone[3].forward='ACCEPT' +uci set firewall.@zone[3].device='vpn1' +uci set firewall.@zone[3].output='ACCEPT' +uci set firewall.@zone[3].network='vpn1' +uci add firewall zone +uci set firewall.@zone[4].name='vpn2' +uci set firewall.@zone[4].input='ACCEPT' +uci set firewall.@zone[4].forward='ACCEPT' +uci set firewall.@zone[4].device='vpn2' +uci set firewall.@zone[4].output='ACCEPT' +uci set firewall.@zone[4].network='vpn2' +uci add firewall zone +uci set firewall.@zone[5].name='vpn3' +uci set firewall.@zone[5].input='ACCEPT' +uci set firewall.@zone[5].forward='ACCEPT' +uci set firewall.@zone[5].device='vpn3' +uci set firewall.@zone[5].output='ACCEPT' +uci set firewall.@zone[5].network='vpn3' +uci add firewall zone +uci set firewall.@zone[6].name='wg777' +uci set firewall.@zone[6].input='ACCEPT' +uci set firewall.@zone[6].forward='ACCEPT' +uci set firewall.@zone[6].output='ACCEPT' +uci set firewall.@zone[6].network='wg777' +uci add firewall zone +uci set firewall.@zone[7].name='wg' +uci set firewall.@zone[7].family='ipv4' +uci set firewall.@zone[7].masq='1' +uci set firewall.@zone[7].output='ACCEPT' +uci set firewall.@zone[7].forward='REJECT' +uci set firewall.@zone[7].input='REJECT' +uci set firewall.@zone[7].mtu_fix='1' +uci set firewall.@zone[7].network='wg0' + +# ADD RULES +uci add firewall rule +uci set firewall.@rule[10].target='ACCEPT' +uci set firewall.@rule[10].src='wan' +uci set firewall.@rule[10].proto='tcp udp' +uci set firewall.@rule[10].dest_port='5001' +uci set firewall.@rule[10].name='iperf ' +uci add firewall rule +uci set firewall.@rule[11].target='ACCEPT' +uci set firewall.@rule[11].proto='udp' +uci set firewall.@rule[11].dest_port='23555' +uci set firewall.@rule[11].name='Allow-Baumana-Elmash-Inbound' +uci set firewall.@rule[11].src='wan' +uci add firewall rule +uci set firewall.@rule[12].target='ACCEPT' +uci set firewall.@rule[12].proto='udp' +uci set firewall.@rule[12].dest_port='23556' +uci set firewall.@rule[12].name='Allow-Elmash-Aramil-Inbound' +uci set firewall.@rule[12].src='wan' +uci add firewall rule +uci set firewall.@rule[13].target='ACCEPT' +uci set firewall.@rule[13].proto='udp' +uci set firewall.@rule[13].dest_port='23559' +uci set firewall.@rule[13].name='Allow-Elmash-Olga-Inbound' +uci set firewall.@rule[13].src='wan' +uci add firewall rule +uci set firewall.@rule[14].target='ACCEPT' +uci set firewall.@rule[14].proto='udp' +uci set firewall.@rule[14].dest_port='51820' +uci set firewall.@rule[14].name='Allow-Wireguard-Hetzner' +uci set firewall.@rule[14].src='wan' +uci add firewall rule +uci set firewall.@rule[15].target='ACCEPT' +uci set firewall.@rule[15].proto='udp' +uci set firewall.@rule[15].dest_port='26261' +uci set firewall.@rule[15].name='Allow-Wireguard-VPS' +uci set firewall.@rule[15].src='wan' +uci add firewall rule +uci set firewall.@rule[16].target='ACCEPT' +uci set firewall.@rule[16].proto='udp' +uci set firewall.@rule[16].dest_port='23560' +uci set firewall.@rule[16].name='Allow-Elmash-Pivko-Inbound' +uci set firewall.@rule[16].src='wan' +uci add firewall rule +uci set firewall.@rule[17].target='ACCEPT' +uci set firewall.@rule[17].proto='udp' +uci set firewall.@rule[17].dest_port='27027' +uci set firewall.@rule[17].src='wan' +uci set firewall.@rule[17].name='Allow-Remote-Jurists-Inbound' + +#ADD IPSET +uci add firewall ipset +uci set firewall.@ipset[-1].name='vpn_domains' +uci set firewall.@ipset[-1].match='dst_net' + +#ADD MARK +uci add firewall rule +uci set firewall.@rule[-1]=rule +uci set firewall.@rule[-1].name='mark_domains' +uci set firewall.@rule[-1].src='lan' +uci set firewall.@rule[-1].dest='*' +uci set firewall.@rule[-1].proto='all' +uci set firewall.@rule[-1].ipset='vpn_domains' +uci set firewall.@rule[-1].set_mark='0x1' +uci set firewall.@rule[-1].target='MARK' +uci set firewall.@rule[-1].family='ipv4' + +# ADD REDIRECT +uci add firewall redirect +uci set firewall.@redirect[0].target='DNAT' +uci set firewall.@redirect[0].src='wan' +uci set firewall.@redirect[0].dest='lan' +uci set firewall.@redirect[0].proto='tcp' +uci set firewall.@redirect[0].src_dport='5222' +uci set firewall.@redirect[0].dest_port='5222' +uci set firewall.@redirect[0].name='jabber1' +uci set firewall.@redirect[0].dest_ip='192.168.77.2' +uci add firewall redirect +uci set firewall.@redirect[1].target='DNAT' +uci set firewall.@redirect[1].src='wan' +uci set firewall.@redirect[1].dest='lan' +uci set firewall.@redirect[1].proto='tcp' +uci set firewall.@redirect[1].src_dport='5223' +uci set firewall.@redirect[1].dest_port='5223' +uci set firewall.@redirect[1].name='jabber2' +uci set firewall.@redirect[1].dest_ip='192.168.77.2' +uci add firewall redirect +uci set firewall.@redirect[2].target='DNAT' +uci set firewall.@redirect[2].src='wan' +uci set firewall.@redirect[2].dest='lan' +uci set firewall.@redirect[2].proto='tcp' +uci set firewall.@redirect[2].src_dport='5269' +uci set firewall.@redirect[2].dest_port='5269' +uci set firewall.@redirect[2].name='jabber3' +uci set firewall.@redirect[2].dest_ip='192.168.77.2' +uci add firewall redirect +uci set firewall.@redirect[3].target='DNAT' +uci set firewall.@redirect[3].src='wan' +uci set firewall.@redirect[3].dest='lan' +uci set firewall.@redirect[3].proto='tcp' +uci set firewall.@redirect[3].src_dport='5280' +uci set firewall.@redirect[3].dest_port='5280' +uci set firewall.@redirect[3].name='jabber4' +uci set firewall.@redirect[3].dest_ip='192.168.77.2' +uci add firewall redirect +uci set firewall.@redirect[4].target='DNAT' +uci set firewall.@redirect[4].src='wan' +uci set firewall.@redirect[4].dest='lan' +uci set firewall.@redirect[4].proto='tcp' +uci set firewall.@redirect[4].src_dport='5443' +uci set firewall.@redirect[4].dest_port='5443' +uci set firewall.@redirect[4].name='jabber5' +uci set firewall.@redirect[4].dest_ip='192.168.77.2' +uci add firewall redirect +uci set firewall.@redirect[5].target='DNAT' +uci set firewall.@redirect[5].src='wan' +uci set firewall.@redirect[5].dest='lan' +uci set firewall.@redirect[5].proto='udp' +uci set firewall.@redirect[5].dest_ip='192.168.77.3' +uci set firewall.@redirect[5].name='rtp' +uci set firewall.@redirect[5].src_dport='10000-20000' +uci set firewall.@redirect[5].dest_port='10000-20000' +uci add firewall redirect +uci set firewall.@redirect[6].dest='lan' +uci set firewall.@redirect[6].target='DNAT' +uci set firewall.@redirect[6].name='stunt' +uci set firewall.@redirect[6].src='wan' +uci set firewall.@redirect[6].src_dport='3478' +uci set firewall.@redirect[6].dest_ip='192.168.77.2' +uci add firewall redirect +uci set firewall.@redirect[7].dest='lan' +uci set firewall.@redirect[7].target='DNAT' +uci set firewall.@redirect[7].name='stunts' +uci set firewall.@redirect[7].proto='tcp' +uci set firewall.@redirect[7].src='wan' +uci set firewall.@redirect[7].src_dport='5349' +uci set firewall.@redirect[7].dest_ip='192.168.77.2' +uci add firewall redirect +uci set firewall.@redirect[8].dest='lan' +uci set firewall.@redirect[8].target='DNAT' +uci set firewall.@redirect[8].name='turn' +uci set firewall.@redirect[8].src='wan' +uci set firewall.@redirect[8].src_dport='3478' +uci set firewall.@redirect[8].dest_ip='192.168.77.2' +uci add firewall redirect +uci set firewall.@redirect[9].dest='lan' +uci set firewall.@redirect[9].target='DNAT' +uci set firewall.@redirect[9].name='turns' +uci set firewall.@redirect[9].proto='tcp' +uci set firewall.@redirect[9].src='wan' +uci set firewall.@redirect[9].src_dport='5349' +uci set firewall.@redirect[9].dest_ip='192.168.77.2' +uci add firewall redirect +uci set firewall.@redirect[10].dest='lan' +uci set firewall.@redirect[10].target='DNAT' +uci set firewall.@redirect[10].name='ejabb-stunt' +uci set firewall.@redirect[10].src='wan' +uci set firewall.@redirect[10].src_dport='49152-65535' +uci set firewall.@redirect[10].dest_ip='192.168.77.2' +uci add firewall redirect +uci set firewall.@redirect[11].dest='lan' +uci set firewall.@redirect[11].target='DNAT' +uci set firewall.@redirect[11].src='wan' +uci set firewall.@redirect[11].src_dport='80' +uci set firewall.@redirect[11].dest_ip='192.168.77.2' +uci set firewall.@redirect[11].dest_port='5280' +uci set firewall.@redirect[11].name='acme_ejabberd_http' +uci set firewall.@redirect[11].enabled='0' +uci add firewall redirect +uci set firewall.@redirect[12].dest='lan' +uci set firewall.@redirect[12].target='DNAT' +uci set firewall.@redirect[12].proto='udp' +uci set firewall.@redirect[12].src='wan' +uci set firewall.@redirect[12].src_dport='49152-65535' +uci set firewall.@redirect[12].dest_ip='192.168.77.2' +uci set firewall.@redirect[12].dest_port='49152-65535' +uci set firewall.@redirect[12].name='stun_udp_RANGE' +uci add firewall redirect +uci set firewall.@redirect[13].dest='lan' +uci set firewall.@redirect[13].target='DNAT' +uci set firewall.@redirect[13].name='stun_tcp_RANGE' +uci set firewall.@redirect[13].proto='tcp' +uci set firewall.@redirect[13].src='wan' +uci set firewall.@redirect[13].src_dport='49152-65535' +uci set firewall.@redirect[13].dest_ip='192.168.77.2' +uci set firewall.@redirect[13].dest_port='49152-65535' +uci add firewall redirect +uci set firewall.@redirect[14].dest='lan' +uci set firewall.@redirect[14].target='DNAT' +uci set firewall.@redirect[14].name='NPM-80' +uci set firewall.@redirect[14].src='wan' +uci set firewall.@redirect[14].src_dport='80' +uci set firewall.@redirect[14].dest_ip='192.168.77.191' +uci set firewall.@redirect[14].dest_port='80' +uci add firewall redirect +uci set firewall.@redirect[15].dest='lan' +uci set firewall.@redirect[15].target='DNAT' +uci set firewall.@redirect[15].name='NPM-443' +uci set firewall.@redirect[15].src='wan' +uci set firewall.@redirect[15].src_dport='443' +uci set firewall.@redirect[15].dest_ip='192.168.77.191' +uci set firewall.@redirect[15].dest_port='443' +uci add firewall redirect +uci set firewall.@redirect[16].dest='lan' +uci set firewall.@redirect[16].target='DNAT' +uci set firewall.@redirect[16].name='gitea_SSH' +uci set firewall.@redirect[16].src='wan' +uci set firewall.@redirect[16].src_dport='2222' +uci set firewall.@redirect[16].dest_ip='192.168.77.193' +uci set firewall.@redirect[16].dest_port='22' + +# ADD FORWARD ZONES +uci add firewall forwarding +uci set firewall.@forwarding[1].dest='lan' +uci set firewall.@forwarding[1].src='vpn0' +uci add firewall forwarding +uci set firewall.@forwarding[2].dest='vpn0' +uci set firewall.@forwarding[2].src='lan' +uci add firewall forwarding +uci set firewall.@forwarding[3].dest='lan' +uci set firewall.@forwarding[3].src='vpn1' +uci add firewall forwarding +uci set firewall.@forwarding[4].dest='vpn1' +uci set firewall.@forwarding[4].src='lan' +uci add firewall forwarding +uci set firewall.@forwarding[5].src='vpn2' +uci set firewall.@forwarding[5].dest='lan' +uci add firewall forwarding +uci set firewall.@forwarding[6].src='lan' +uci set firewall.@forwarding[6].dest='vpn2' +uci add firewall forwarding +uci set firewall.@forwarding[7].dest='lan' +uci set firewall.@forwarding[7].src='vpn3' +uci add firewall forwarding +uci set firewall.@forwarding[8].dest='vpn3' +uci set firewall.@forwarding[8].src='lan' +uci add firewall forwarding +uci set firewall.@forwarding[9].src='wg777' +uci set firewall.@forwarding[9].dest='wan' +uci add firewall forwarding +uci set firewall.@forwarding[10].src='wan' +uci set firewall.@forwarding[10].dest='wg777' +uci add firewall forwarding +uci set firewall.@forwarding[11].dest='lan' +uci set firewall.@forwarding[11].src='wg777' +uci add firewall forwarding +uci set firewall.@forwarding[12].dest='wg777' +uci set firewall.@forwarding[12].src='lan' +uci add firewall forwarding +uci set firewall.@forwarding[13].family='ipv4' +uci set firewall.@forwarding[13].src='lan' +uci set firewall.@forwarding[13].dest='wg' + +uci commit firewall /etc/init.d/firewall restart -echo "All done!" +echo "All done" diff --git a/image-extras/tplink_tl-wdr3600-v1/etc/uci-defaults/99-defaults b/image-extras/tplink_tl-wdr3600-v1/etc/uci-defaults/99-defaults index eca2dc8..e8ddaac 100644 --- a/image-extras/tplink_tl-wdr3600-v1/etc/uci-defaults/99-defaults +++ b/image-extras/tplink_tl-wdr3600-v1/etc/uci-defaults/99-defaults @@ -2,7 +2,7 @@ # # Beware! This script will be in /rom/etc/uci-defaults/ as part of the image. # Uncomment lines to apply: -wlan_name="office" +wlan_name="fta-bgn" wlan_password="fuckingwep" root_password="AsD7fg" lan_ip_address="192.168.77.1"