From 9bd45f495be0ce9263ec0a84bcbb2875063a6bd0 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 16 Jan 2018 15:22:33 +0000
Subject: [PATCH] olsr2/manet firewall

---
 img/icon_protocol.png        | Bin 0 -> 1099 bytes
 src/freedombone-mesh-install |   6 ++++++
 src/freedombone-utils-mesh   |  12 ++++++++++++
 3 files changed, 18 insertions(+)
 create mode 100644 img/icon_protocol.png

diff --git a/img/icon_protocol.png b/img/icon_protocol.png
new file mode 100644
index 0000000000000000000000000000000000000000..1a765dd1ab54ba8671a8e0d8be5486711393d7ae
GIT binary patch
literal 1099
zcmV-R1ho5!P)<h;3K|Lk000e1NJLTq004pj004pr1^@s6iUSb+00009a7bBm001r{
z001r{0eGc9b^rhX2XskIMF-*m5DqsaT)PM9000B(Nkl<Zc-rlq&5`6F3`Q*%8FU1l
zMCX6rBqoB1!F$+sm20-!3pNP-JRRpUZS?q%1PIx-ZNadWA;16u0|X2ZFhIaQSz!qN
zwO?P~Z&Rt)^C2igatK%&lG)j;j|>SQG&(yf41mD$0SFi%pbCHh41fR(fB+1DpyE*P
zFaSblkh}sRoKQNS(Z@<-i<7<WOP~m-10ZOu{a#=Iga(PfD)%1LA!Lm3ZqQ%Phg@;S
zJLlhVs@2$G%>Y4fiN51ZtI7~U5k?N~sPhTdl)(fD*4NKZPP_ZNEx}N5{@e**1qO9R
z5E0q7&1D5HvNEU#i(Vm!u8wQQkJbz*y^IS5C1Wtm0%AoC`Z@abd`M4q&>XMAj68>R
zRv@Q6X;ia@9v`RSnEiKJsUT{6bICBvJ*IQo^@i1|<Go)v-Q$HG-w{d?{wJ0D$40(!
zY}wWsvz^q^-ndamFb<H2077;MmgP@L9uR_<heF!QVA=VunE^9Bl#GBqJ8NQTFa$x0
zr9ng_Lkj5;f@Lwd*Pt~pqkfCmYjNpfgce7&)cCzBfmsl)Zm@XDIxH@c#rv%Fnj%t1
zNFE$oHR=e-m0*e@WZZ%5btZwO!7+%Qz%SXHfAxC2Mhzkr2tE50pghhMp|(Ml#Q}}F
zOPaQ;TCGD{6wGrlOdX*kFrL2?5J-yw0SEvA2mk>H00FaAM;IN^kDRSh_e)l<0Gy?D
z^k`yf7zzVV0ta_67Ccz=wvPb_6H~xiAfkg)qRjA~Yya{8^f<o&2u@>zBN%^M1`8l0
z4-iN6C#Y>BM2v8ljTzJ08Q_~gnBuwfxu@S=B16D$4FE#zN#W5B$Wp*6UT4;*Tgq8&
zjSK<i5CmrKT-aA{5TFJ@K>z|kNb>+USp!PoB0iX+2ocN1EDaZ|_1(v_*+I<U6oe7a
z*+qn5M(ks@#N2uddDe^ZEzY%k$VF}UQ6o6?(162gx0MnFg8d{>gafNHUXc&eL+R5=
zA_7VyAZTwS;dm$MBbE>ZO2B}CoC5;N0SL@=KsbW|AndE8nYW>{EDt=~Q3(U_LXu#S
zWdabImkAEBBuF1?VA!&D3}2ESXQ#d}-=^P&?zJgZ({rG9d-rF@l;hvdx~q6r1QXZd
z@4ygMHBv4OTxd-kEWU%Gbrt|d;9!voWYS;}htG`-cH>E4MMqjbSPKY>j<H-`H{DfD
zdwIyb4-&e)UP}>)tRc8W13?fFFhF2d1Hye6UeAYco*_`Mcqe#7NrJ`*BEpGiKxltE
zfqe<G1`H5Tg)|@#Cjde-3_uecgqjQj2m;p;YT^L^NDcx<)_?&51_)R;`whXJ#{%F}
RkA(mL002ovPDHLkV1k<h#;yPW

literal 0
HcmV?d00001

diff --git a/src/freedombone-mesh-install b/src/freedombone-mesh-install
index e6e4fb37..d1c7e799 100755
--- a/src/freedombone-mesh-install
+++ b/src/freedombone-mesh-install
@@ -228,6 +228,12 @@ function mesh_firewall {
     echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
     echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
     echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+
+    echo '# OLSR2/MANET' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+    echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+    echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
     chmod +x $MESH_FIREWALL_SCRIPT
 
     echo '[Unit]' > $FIREWALL_FILENAME
diff --git a/src/freedombone-utils-mesh b/src/freedombone-utils-mesh
index 7457392e..baeafa60 100755
--- a/src/freedombone-utils-mesh
+++ b/src/freedombone-utils-mesh
@@ -195,6 +195,9 @@ function enable_mesh_firewall {
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
+    # OLSR2/MANET
+    iptables -A INPUT -p udp --dport 269 -j ACCEPT
+    iptables -A INPUT -p tcp --dport 138 -j ACCEPT
 
 
     ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
@@ -225,6 +228,9 @@ function enable_mesh_firewall {
     ip6tables -A INPUT -p tcp --dport 8008 -j ACCEPT
     ip6tables -A INPUT -p udp --dport 8010 -j ACCEPT
     ip6tables -A INPUT -p tcp --dport 8010 -j ACCEPT
+    # OLSR2/MANET
+    ip6tables -A INPUT -p udp --dport 269 -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT
 
 
     # vpn over the internet
@@ -273,6 +279,9 @@ function disable_mesh_firewall {
     iptables -D INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -D INPUT -p udp --dport 8010 -j ACCEPT
     iptables -D INPUT -p tcp --dport 8010 -j ACCEPT
+    # OLSR2/MANET
+    iptables -D INPUT -p udp --dport 269 -j ACCEPT
+    iptables -D INPUT -p tcp --dport 138 -j ACCEPT
 
 
     ip6tables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
@@ -302,6 +311,9 @@ function disable_mesh_firewall {
     ip6tables -D INPUT -p tcp --dport 8008 -j ACCEPT
     ip6tables -D INPUT -p udp --dport 8010 -j ACCEPT
     ip6tables -D INPUT -p tcp --dport 8010 -j ACCEPT
+    # OLSR2/MANET
+    ip6tables -D INPUT -p udp --dport 269 -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport 138 -j ACCEPT
 
 
     # vpn over the internet