From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <toke@toke.dk>
Received: from mail2.tohojo.dk (mail2.tohojo.dk [IPv6:2a01:4f8:200:3141::101])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 791F321F1C7
	for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 20 Mar 2014 02:30:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at example.com
Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000)
	id 1AA3B1BBE7; Thu, 20 Mar 2014 10:30:00 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310;
	t=1395307801; bh=UBt4ByesZk/JFdK3EE2Whj4URBDcvstfk8UtFgfn8X0=;
	h=From:To:Cc:Subject:References:Date:In-Reply-To;
	b=S/nPeXeHwH6Nv0c7GAXHJwUiKYcG6NaURnmZjSM0rQlXFVBbCRO4MB+Xl08JuI1bS
	sQvIWmJcr3EofCRdIILzfKgI162yLLfdbbJA6Nan5xUWMlWlTFJV5Lf/lhwVmXbz18
	tSKRjPUF3hCUQeqsTxftcux0PIgNTHu2mE5k5sjE=
From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
To: Dave Taht <dave.taht@gmail.com>
References: <87txataord.fsf@toke.dk>
	<CAA93jw5o4sqykTXmGa1OB1gtwVn83g13Gs9TQ1LRPKWn7r7gUA@mail.gmail.com>
	<a67be057-8eb0-4902-9072-59ddee357667@email.android.com>
Date: Thu, 20 Mar 2014 10:29:58 +0100
In-Reply-To: <a67be057-8eb0-4902-9072-59ddee357667@email.android.com> ("Toke
	=?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen=22's?= message of "Wed,
	19 Mar 2014 23:31:47 +0100")
Message-ID: <87pplh9q09.fsf@toke.dk>
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Cc: "jow@openwrt.org" <jow@openwrt.org>, "cerowrt-devel@lists.bufferbloat.net"
	<cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] BCP38 implementation
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 09:30:08 -0000

--=-=-=
Content-Type: text/plain

Did an updated version that now has it's own configuration tab under
the firewall settings, so no need to patch the firewall .lua file. Also,
it is now possible to configure the subnets that are blocked and
whitelisted.

To try the new version, install these packages:

http://archive.tohojo.dk/cerowrt/wndr/3.10.32-9-tohojo/packages/bcp38_3-1_ar71xx.ipk
http://archive.tohojo.dk/cerowrt/wndr/3.10.32-9-tohojo/packages/luci-app-bcp38_1-1_all.ipk

and add the firewall rules as per the previous email.

Still a couple of issues:

- Manual firewall rules are still required. I think it would probably be
  better to insert the iptables rules from the script directly so they
  don't have to be specified in the firewall config file.

- Still need to have a hotplug script auto-detect blocked upstream
  networks and exclude them.

-Toke

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCAAGBQJTKrUWAAoJEENeEGz1+utP4/cH/3y4yz5PZrwuFqFnkcr4Garb
FfMKAgy0A7ALHJ46OuQC7wDcp2QKCc86FHlvbU4ttEQhtj2WfFVKC1365AXqgFrX
AsMSzkkzgX1UoqFDuiniaS+XkF6MHG5lVG232YE7SnJREdD6TQCNQxMGa3DnZKX7
tbJomdgo+H0GEPLcORSiFJ1ixziqxKVw/yHXP9vaewo5VpyDcD+DAwzf8+208Bgd
PLdZZdWh/xXzY2lMcaG4yMkHjjo4yvoeD8ocKlGNpJLq2vPppG0fbxuoBgZKGxid
MjnFDP4NrxqyiPJ8NhFBFv2CGPNiqPi1s7ISzNyyRlyA/OY91GNyO2GP9IXrRes=
=C6MR
-----END PGP SIGNATURE-----
--=-=-=--