From: "Török Edwin" <edwin+ml-cerowrt@etorok.net>
To: toke@toke.dk
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] cerowrt-3.10.34-4 dev build released
Date: Sat, 05 Apr 2014 11:34:15 +0300 [thread overview]
Message-ID: <533FC007.3010700@etorok.net> (raw)
In-Reply-To: <CAA93jw6etj1w-OAv-Npv6hvLSXgcE+-CuNcNkFXaY9p8Ht352A@mail.gmail.com>
Hi,
On 04/03/2014 04:17 AM, Dave Taht wrote:> + resync with openwrt
> they seem to be settling down...
> + Toke's ntp + dnssec stuff
> + Yet Another Patch to try and isolate the wireless hang problem
> that happens to jg every day or so and nearly no-one else.
> + Fix to babel's meshing interfaces
> + dnsmasq updated to head (seems to be stabilizing)
> + Tested for a couple hours
Just upgraded to 3.10.34-4, works great!
On 03/21/2014 07:47 PM, Dave Taht wrote:
> + This is the first release with toke's bcp38 code installed (and
> enabled by default). I am hoping people simply don't even notice it's
> there... (it's off the firewall web page)
I just tested BCP38, but it looks like it doesn't filter anything with PPPoE.
My outgoing interface is actually called pppoe-ge00, so adding filter rules on ge00 doesn't have any impact.
I hacked the script to set the interface name for iptables to pppoe-ge00 (not for uci, cause uci
doesn't have an enabled=1 for pppoe):
setup_ipset
+ interface=pppoe-ge00
setup_iptables "$interface"
Any idea how to fix this properly without hardcoding the interface name?
With this hack the bcp38 filtering works (10.0.0.1 is the P-t-P address on pppoe-ge00):
# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: sendto: Operation not permitted
# ipset list
Name: bcp38-ipv4
Type: hash:net
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 8856
References: 2
Members:
127.0.0.0/8
192.0.2.0/24
203.0.113.0/24
0.0.0.0/8
192.168.0.0/16
198.51.100.0/24
169.254.0.0/16
10.0.0.0/8
10.0.0.1 nomatch
172.16.0.0/12
240.0.0.0/4
FWIW this is how my /etc/config/network entry looks like for PPPoE:
config interface 'ge00'
option ifname 'ge00'
option _orig_ifname 'ge00'
option _orig_bridge 'false'
option proto 'pppoe'
option username '<user>'
option password '<pass>'
option ipv6 '1'
Best regards,
--Edwin
next prev parent reply other threads:[~2014-04-05 8:34 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-03 1:17 Dave Taht
2014-04-03 1:48 ` Stephen Hemminger
2014-04-03 1:58 ` Dave Taht
2014-04-03 2:43 ` Dave Taht
2014-04-03 10:09 ` David Personette
2014-04-03 15:17 ` Jim Gettys
2014-04-03 18:20 ` Neil Shepperd
2014-04-03 22:36 ` Dave Taht
2014-04-03 22:51 ` Maxim Kharlamov
2014-04-03 22:54 ` Dave Taht
2014-04-03 22:56 ` Aaron Wood
2014-04-03 22:57 ` Aaron Wood
2014-04-03 22:58 ` Dave Taht
2014-04-03 23:01 ` Maxim Kharlamov
2014-04-04 1:26 ` David Personette
2014-04-04 7:04 ` Aaron Wood
2014-04-04 6:57 ` Toke Høiland-Jørgensen
2014-04-05 12:49 ` Neil Shepperd
2014-04-05 16:02 ` Dave Taht
2014-04-05 16:15 ` Dave Taht
2014-04-05 8:34 ` Török Edwin [this message]
2014-04-05 15:53 ` Dave Taht
2014-04-05 21:25 ` Török Edwin
2014-04-07 14:45 ` Toke Høiland-Jørgensen
2014-04-07 15:27 ` Török Edwin
2014-04-07 15:31 ` Toke Høiland-Jørgensen
2014-04-07 17:58 ` Dave Taht
2014-04-07 18:51 ` Török Edwin
2014-04-05 19:11 ` Jim Reisert AD1C
2014-04-05 19:26 ` Dave Taht
2014-04-06 0:15 ` Jim Reisert AD1C
2014-04-06 10:23 ` Robert Bradley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=533FC007.3010700@etorok.net \
--to=edwin+ml-cerowrt@etorok.net \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=toke@toke.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox