An updated patch is attached. It includes the previous changes, but also sets up the firewall zones for the network-manager connections in the first-run network setup script.
Since the firewall zones are being set here, this will work without needing a change to Plinth's firewall setup script.
From 49878a47a911f71a7c64bd12c1cc0d8a69440fee Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalle...@mailbox.org>
Date: Sun, 24 May 2015 08:13:41 -0400
Subject: [PATCH 1/2] Use nmcli to setup network interfaces. Update list of
dependencies.
---
debian/control | 7 ++-
.../freedombox-setup.freedombox-create-uap0.init | 3 --
first-run.d/05_network | 35 +++---------
first-run.d/30_wifi-ap-setup | 62 +++-------------------
4 files changed, 19 insertions(+), 88 deletions(-)
diff --git a/debian/control b/debian/control
index 2c6e695..ee9c29c 100644
--- a/debian/control
+++ b/debian/control
@@ -30,6 +30,7 @@ Depends: ${misc:Depends}
, avahi-daemon
, avahi-utils
, bridge-utils
+ , curl
, devio
, dialog
, dnsmasq
@@ -38,7 +39,6 @@ Depends: ${misc:Depends}
, etckeeper
, firewalld
, haveged
- , hostapd
, hostname
, how-can-i-help
, htop
@@ -57,6 +57,7 @@ Depends: ${misc:Depends}
, lsof
, macchanger
, netcat
+ , network-manager
, net-tools
, ntp
, openssh-server
@@ -67,16 +68,14 @@ Depends: ${misc:Depends}
, ssl-cert
, sudo
, tcpdump
- , uaputl
, unattended-upgrades
, vim-tiny
, wget
- , curl
+ , wireless-tools
, zile
Recommends:
batctl
, rfkill
- , wireless-tools
Suggests:
monkeysphere
Description: Package to set up freedombox environment
diff --git a/debian/freedombox-setup.freedombox-create-uap0.init b/debian/freedombox-setup.freedombox-create-uap0.init
index b79f90f..ffc9e7f 100644
--- a/debian/freedombox-setup.freedombox-create-uap0.init
+++ b/debian/freedombox-setup.freedombox-create-uap0.init
@@ -27,9 +27,6 @@ case "$1" in
iw phy phy0 interface add uap0 type __ap
log_action_end_msg 0
fi
- log_action_end_msg "Bringing up uap0 interface"
- ifup uap0
- log_action_end_msg 0
else
log_success_msg "Interface mlan0 doesn't exist. Skip adding uap0."
fi
diff --git a/first-run.d/05_network b/first-run.d/05_network
index 754e050..3b42c26 100755
--- a/first-run.d/05_network
+++ b/first-run.d/05_network
@@ -2,7 +2,7 @@
# Configure networking for device.
#
-# Adds entries to the network interface file.
+# Creates a basic network interface file and network-manager connections.
#
# First parameter is the path to the network interface file to
# configure.
@@ -67,35 +67,16 @@ EOF
}
function interfaces-eth0 {
- # add eth0 to interfaces file
-
- cat >> $IFACES_FILE <<EOF
-# The primary network interface
-# creates a new network.
-auto eth0
- iface eth0 inet dhcp
- #iface eth0 inet6 auto
- # eth0: hwaddress ether 00:00:00:00:00:01
-
-EOF
+ # create n-m connection for eth0
+ nmcli con add con-name freedomboxWAN ifname eth0 type ethernet
+ nmcli con modify freedomboxWAN connection.autoconnect TRUE
}
function interfaces-eth1 {
- # add eth1 to interfaces file
-
- cat >> $IFACES_FILE <<EOF
-# The secondary network interface
-# joins the existing network.
-auto eth1
- iface eth1 inet static
- address 192.168.1.1
- netmask 255.255.255.0
- #iface eth1 inet6 static
- #address 2002:c0a8:0101::1
- #netmask 64
- # eth1: hwaddress ether 00:00:00:00:00:02
-
-EOF
+ # create n-m connection for eth1
+ nmcli con add con-name freedomboxLAN ifname eth1 type ethernet \
+ ip4 192.168.1.1/24
+ nmcli con modify freedomboxLAN connection.autoconnect TRUE
}
function default-setup {
diff --git a/first-run.d/30_wifi-ap-setup b/first-run.d/30_wifi-ap-setup
index c0479b8..d359404 100755
--- a/first-run.d/30_wifi-ap-setup
+++ b/first-run.d/30_wifi-ap-setup
@@ -13,60 +13,14 @@ then
echo "Installing non-free WIFI package: firmware-libertas..."
apt-get install firmware-libertas
- echo "Reloading wifi driver..."
- modprobe -r mwifiex_sdio
- modprobe mwifiex_sdio
-
- echo "Adding uap0 to interfaces file."
- cat >> /etc/network/interfaces <<EOF
-# The wireless network interface
-# creates a new wireless network.
-auto uap0
- iface uap0 inet static
- address 192.168.2.1
- netmask 255.255.255.0
- hostapd /etc/hostapd/fbx-uap0.conf
-
- # using hostapd instead of uaputl to configure AP
- #post-up uaputl sys_cfg_ssid "freedombox"
- #post-up uaputl sys_cfg_protocol 32 # WPA2
- #post-up uaputl sys_cfg_wpa_passphrase "freedombox123"
- #post-up uaputl sys_cfg_cipher 8 8 # AES CCMP
- #post-up uaputl bss_start
-
- #iface uap0 inet6 static
- #address 2002:c0a8:0201::1
- #netmask 64
- # uap0: hwaddress ether 00:00:00:00:00:02
-
-EOF
-
- echo "Creating hostapd settings for wifi AP."
- cat > /etc/hostapd/fbx-uap0.conf <<EOF
-interface=uap0
-driver=nl80211
-ssid=freedombox
-hw_mode=g
-channel=1
-
-# accept any MAC not in deny list
-macaddr_acl=0
-
-# enable ssid broadcast
-ignore_broadcast_ssid=0
-
-# wpa2
-wpa=2
-wpa_passphrase=freedombox123
-wpa_key_mgmt=WPA-PSK
-rsn_pairwise=CCMP
-EOF
-
- echo "Creating uap0 interface..."
- iw phy phy0 interface add uap0 type __ap
-
- echo "Bringing up uap0 interface..."
- ifup uap0
+ echo "Creating WIFI AP connection..."
+ nmcli con add con-name freedomboxAP ifname uap0 \
+ type wifi ssid freedombox ip4 192.168.2.1/24
+ nmcli con modify freedomboxAP connection.autoconnect TRUE
+ nmcli con modify freedomboxAP connection.zone internal
+ nmcli con modify freedomboxAP wifi.mode ap
+ nmcli con modify freedomboxAP wifi-sec.key-mgmt wpa-psk
+ nmcli con modify freedomboxAP wifi-sec.psk freedombox123
else
echo "Non-free packages disabled. Skipping DreamPlug WIFI config."
--
2.1.4
From 6cfcea872e9cc9ad293ae3b84f61071cfdd7d628 Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalle...@mailbox.org>
Date: Sun, 24 May 2015 19:45:08 -0400
Subject: [PATCH 2/2] Set firewall zones for network-manager connections.
---
first-run.d/05_network | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/first-run.d/05_network b/first-run.d/05_network
index 3b42c26..1529fd8 100755
--- a/first-run.d/05_network
+++ b/first-run.d/05_network
@@ -70,6 +70,7 @@ function interfaces-eth0 {
# create n-m connection for eth0
nmcli con add con-name freedomboxWAN ifname eth0 type ethernet
nmcli con modify freedomboxWAN connection.autoconnect TRUE
+ nmcli con modify freedomboxWAN connection.zone internal
}
function interfaces-eth1 {
@@ -77,6 +78,10 @@ function interfaces-eth1 {
nmcli con add con-name freedomboxLAN ifname eth1 type ethernet \
ip4 192.168.1.1/24
nmcli con modify freedomboxLAN connection.autoconnect TRUE
+
+ # If two interfaces are available, then change eth0 to be external.
+ nmcli con modify freedomboxWAN connection.zone external
+ nmcli con modify freedomboxLAN connection.zone internal
}
function default-setup {
--
2.1.4
signature.asc
Description: OpenPGP digital signature
