[Cerowrt-devel] cerowrt-3.10.34-4 dev build released
Török Edwin
edwin+ml-cerowrt at etorok.net
Sat Apr 5 04:34:15 EDT 2014
Hi,
On 04/03/2014 04:17 AM, Dave Taht wrote:> + resync with openwrt
> they seem to be settling down...
> + Toke's ntp + dnssec stuff
> + Yet Another Patch to try and isolate the wireless hang problem
> that happens to jg every day or so and nearly no-one else.
> + Fix to babel's meshing interfaces
> + dnsmasq updated to head (seems to be stabilizing)
> + Tested for a couple hours
Just upgraded to 3.10.34-4, works great!
On 03/21/2014 07:47 PM, Dave Taht wrote:
> + This is the first release with toke's bcp38 code installed (and
> enabled by default). I am hoping people simply don't even notice it's
> there... (it's off the firewall web page)
I just tested BCP38, but it looks like it doesn't filter anything with PPPoE.
My outgoing interface is actually called pppoe-ge00, so adding filter rules on ge00 doesn't have any impact.
I hacked the script to set the interface name for iptables to pppoe-ge00 (not for uci, cause uci
doesn't have an enabled=1 for pppoe):
setup_ipset
+ interface=pppoe-ge00
setup_iptables "$interface"
Any idea how to fix this properly without hardcoding the interface name?
With this hack the bcp38 filtering works (10.0.0.1 is the P-t-P address on pppoe-ge00):
# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: sendto: Operation not permitted
# ipset list
Name: bcp38-ipv4
Type: hash:net
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 8856
References: 2
Members:
127.0.0.0/8
192.0.2.0/24
203.0.113.0/24
0.0.0.0/8
192.168.0.0/16
198.51.100.0/24
169.254.0.0/16
10.0.0.0/8
10.0.0.1 nomatch
172.16.0.0/12
240.0.0.0/4
FWIW this is how my /etc/config/network entry looks like for PPPoE:
config interface 'ge00'
option ifname 'ge00'
option _orig_ifname 'ge00'
option _orig_bridge 'false'
option proto 'pppoe'
option username '<user>'
option password '<pass>'
option ipv6 '1'
Best regards,
--Edwin
More information about the Cerowrt-devel
mailing list