diff options
author | Ludovic Pouzenc <ludovic@pouzenc.fr> | 2017-11-07 14:30:24 +0100 |
---|---|---|
committer | Ludovic Pouzenc <ludovic@pouzenc.fr> | 2017-11-07 14:32:18 +0100 |
commit | 265c646a5b6f6e8199d7915ae45783a6da143807 (patch) | |
tree | 356f707a64cc4dd793a444154fd1594c18769be5 /build-openwrt-dev.sh | |
parent | a66d5fa3a144602d529d22623ff129486f285f14 (diff) | |
download | chd_openwrt-265c646a5b6f6e8199d7915ae45783a6da143807.zip chd_openwrt-265c646a5b6f6e8199d7915ae45783a6da143807.tar.gz chd_openwrt-265c646a5b6f6e8199d7915ae45783a6da143807.tar.bz2 |
prod: Fix tx_power : allow 18dB max and default to 17. Tested on 740v5 and 841v9.
dev : rework all the presset config from vanilla LEDE 17.01.4. Set LuCI to fr.
Diffstat (limited to 'build-openwrt-dev.sh')
-rwxr-xr-x | build-openwrt-dev.sh | 239 |
1 files changed, 53 insertions, 186 deletions
diff --git a/build-openwrt-dev.sh b/build-openwrt-dev.sh index ac2aad4..e7c5390 100755 --- a/build-openwrt-dev.sh +++ b/build-openwrt-dev.sh @@ -24,8 +24,8 @@ echo -n "$0 - " ; date # Directories and source file URL BUILD_DIR=${BUILD_DIR:-./build} CACHE_DIR=${CACHE_DIR:-.} -ORIG_TARBALL=lede-imagebuilder-17.01.2-ar71xx-generic.Linux-x86_64.tar.xz -ORIG_URL=https://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/$ORIG_TARBALL +ORIG_TARBALL=lede-imagebuilder-17.01.4-ar71xx-generic.Linux-x86_64.tar.xz +ORIG_URL=https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/$ORIG_TARBALL PACKAGES="luci luci-mod-admin-full ip kmod-leds-gpio" # Base packages PACKAGES="$PACKAGES luci-i18n-base-en luci-i18n-firewall-en luci-i18n-base-fr luci-i18n-firewall-fr" # internationalisation PACKAGES="$PACKAGES -kmod-ppp -kmod-pppoe -kmod-pppox" # Unusefull kernel modules @@ -38,6 +38,7 @@ then echo "Usage: $0 <profile> <ip4pub> <lanip4addr> <ip6prefix> <root_passwd> < fi dnslist="185.131.40.1 fe80::31" +logserv="172.16.0.253" profile=$1 @@ -62,8 +63,8 @@ fi wireless_ssid=$6 wireless_key=$7 case $8 in - -1) wireless_disabled=1; wireless_txpower=10 ;; - 0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16) wireless_disabled=0; wireless_txpower=$8 ;; + -1) wireless_disabled=1; wireless_txpower=17 ;; + 0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18) wireless_disabled=0; wireless_txpower=$8 ;; *) echo "Unknown txpower '$8'"; exit 4 ;; esac @@ -98,7 +99,8 @@ fi cd "$BUILD_DIR/" || exit 5 -mkdir -p extra_files/etc/config extra_files/etc/dropbear extra_files/etc/hotplug.d/button +[ -d extra_files/ ] && rm -r extra_files/ +mkdir -p extra_files/etc/config extra_files/etc/dropbear ############################### # Prepare Openwrt config file # @@ -121,6 +123,7 @@ daemon:*:0:0:99999:7::: ftp:*:0:0:99999:7::: network:*:0:0:99999:7::: nobody:*:0:0:99999:7::: +dnsmasq:x:0:0:99999:7::: EOF cat > extra_files/etc/rc.local <<EOF @@ -130,9 +133,32 @@ cat > extra_files/etc/rc.local <<EOF # generated on $(date) # generated from $(hostname):$(stat -c'%N %y' $0) +[ -x /etc/rc.initconf ] && /etc/rc.initconf >/var/log/initconf.log 2>&1 exit 0 EOF +cat > extra_files/etc/rc.initconf <<EOF +echo "uci set wireless.default_radio0.key='*****************'" +uci set wireless.default_radio0.key='$wireless_key' +set -v +uci set wireless.default_radio0.ssid='$wireless_ssid' +uci set wireless.default_radio0.encryption='psk2' +uci set wireless.default_radio0.wpa_disable_eapol_key_retries='1' +uci set wireless.radio0.country='FR' +uci set wireless.radio0.txpower='$wireless_txpower' +uci set wireless.radio0.distance='30' +uci set wireless.radio0.disabled='0' +uci set system.@system[0].zonename='Europe/Paris' +uci set system.@system[0].timezone='CET-1CEST,M3.5.0,M10.5.0/3' +uci set system.@system[0].log_ip='$logserv' +uci delete dhcp.lan.dhcpv6 +uci set luci.main.lang='fr' +rm /etc/rc.initconf +uci commit +wifi +EOF +chmod +x extra_files/etc/rc.initconf + cat > extra_files/etc/config/network <<EOF config interface 'loopback' option ifname 'lo' @@ -140,12 +166,14 @@ config interface 'loopback' option ipaddr '127.0.0.1' option netmask '255.0.0.0' +config globals 'globals' + config interface 'lan' - option ifname 'eth0' option type 'bridge' + option ifname 'eth0' option proto 'static' - option netmask '255.255.255.0' option ipaddr '$lanip4addr' + option netmask '255.255.255.0' option ip6addr '$lanip6addr' config interface 'wan' @@ -158,6 +186,14 @@ config interface 'wan' option dns '$dnslist' option ip6addr '$wanip6addr' option ip6gw '$wanip6gw' + option gateway '$wanip4gw' + +config interface 'wan6' + option ifname 'eth1' + option _orig_ifname 'eth1' + option _orig_bridge 'false' + option proto 'static' + option ip6addr '$wanip6ll' config switch option name 'eth0' @@ -165,76 +201,9 @@ config switch option enable_vlan '1' config switch_vlan - option device 'eth0' + option device 'switch0' option vlan '1' - option ports '0 1 2 3 4' - -config interface 'wan6' - option proto 'static' - option ifname 'eth1' - option send_rs '0' - option ip6addr '$wanip6ll' - -config route - option interface 'wan' - option onlink '1' - option target '0.0.0.0/0' - option gateway '$wanip4gw' -EOF - - -cat > extra_files/etc/config/wireless <<EOF -config wifi-device 'radio0' - option type 'mac80211' - option phy 'phy0' - option channel '11' - option hwmode '11ng' - option htmode 'HT20' - list ht_capab 'SHORT-GI-20' - list ht_capab 'SHORT-GI-40' - list ht_capab 'RX-STBC1' - list ht_capab 'DSSS_CCK-40' - option country 'FR' - option txpower '$wireless_txpower' - -config wifi-iface - option device 'radio0' - option network 'lan' - option mode 'ap' - option ssid '$wireless_ssid' - option encryption 'psk2' - option key '$wireless_key' - option disabled '$wireless_disabled' -EOF - -cat > extra_files/etc/config/dhcp <<EOF -config dnsmasq - option domainneeded 1 - option boguspriv 1 - option filterwin2k 0 # enable for dial on demand - option localise_queries 1 - option rebind_protection 1 # disable if upstream must serve RFC1918 addresses - option rebind_localhost 1 # enable for RBL checking and similar services - option local '/lan/' - option domain 'lan' - option expandhosts 1 - option nonegcache 0 - option authoritative 1 - option readethers 1 - option leasefile '/tmp/dhcp.leases' - option resolvfile '/tmp/resolv.conf.auto' - -config dhcp lan - option interface lan - option start 100 - option limit 150 - option leasetime 12h - option dhcpv6 disabled - option ra server - -config dhcp wan - option interface wan - option ignore 1 + option ports '1 2 3 4 0' EOF cat > extra_files/etc/config/dropbear <<EOF @@ -243,120 +212,18 @@ config dropbear option Port '22' EOF -cat > extra_files/etc/config/firewall <<EOF -config defaults - option syn_flood '1' - option input 'ACCEPT' - option output 'ACCEPT' - option forward 'REJECT' - -config zone - option name 'lan' - option network 'lan' - option input 'ACCEPT' - option output 'ACCEPT' - option forward 'REJECT' - -config zone - option name 'wan' - option network 'wan' - option input 'REJECT' - option output 'ACCEPT' - option forward 'REJECT' - option masq '1' - option mtu_fix '1' - -config forwarding - option src 'lan' - option dest 'wan' - -config rule - option name 'Allow-DHCP-Renew' - option src 'wan' - option proto 'udp' - option dest_port '68' - option target 'ACCEPT' - option family 'ipv4' - -config rule - option name 'Allow-Ping' - option src 'wan' - option proto 'icmp' - option icmp_type 'echo-request' - option family 'ipv4' - option target 'ACCEPT' - -config rule - option name 'Allow-DHCPv6' - option src 'wan' - option proto 'udp' - option src_ip 'fe80::/10' - option src_port '547' - option dest_ip 'fe80::/10' - option dest_port '546' - option family 'ipv6' - option target 'ACCEPT' - -config rule - option name 'Allow-ICMPv6-Input' - option src 'wan' - option proto 'icmp' - list icmp_type 'echo-request' - list icmp_type 'echo-reply' - list icmp_type 'destination-unreachable' - list icmp_type 'packet-too-big' - list icmp_type 'time-exceeded' - list icmp_type 'bad-header' - list icmp_type 'unknown-header-type' - list icmp_type 'router-solicitation' - list icmp_type 'neighbour-solicitation' - list icmp_type 'router-advertisement' - list icmp_type 'neighbour-advertisement' - option limit '1000/sec' - option family 'ipv6' - option target 'ACCEPT' - -config rule - option name 'Allow-ICMPv6-Forward' - option src 'wan' - option dest '*' - option proto 'icmp' - list icmp_type 'echo-request' - list icmp_type 'echo-reply' - list icmp_type 'destination-unreachable' - list icmp_type 'packet-too-big' - list icmp_type 'time-exceeded' - list icmp_type 'bad-header' - list icmp_type 'unknown-header-type' - option limit '1000/sec' - option family 'ipv6' - option target 'ACCEPT' - -config rule - option target 'ACCEPT' - option src 'wan' - option proto 'tcp' - option dest_port '22' - option family 'ipv6' - option dest_ip 'fe80::/10' - option name 'Allow-ssh-maj-routeur' - -config include - option path '/etc/firewall.user' -EOF +cat > extra_files/etc/firewall.user <<EOF +# This file is interpreted as shell script. +# Put your custom iptables rules here, they will +# be executed with each firewall (re-)start. -cat > extra_files/etc/hotplug.d/button/01onoff <<"EOF" -#!/bin/sh +# Internal uci firewall chains are flushed and recreated on reload, so +# put custom rules into the root chains e.g. INPUT or FORWARD or into the +# special user chains, e.g. input_wan_rule or postrouting_lan_rule. -[ "$BUTTON" = "wps" ] && [ "$ACTION" = "pressed" ] && { - SW=$(uci get wireless.@wifi-device[0].disabled) - [ $SW == '0' ] && uci set wireless.@wifi-device[0].disabled=1 - [ $SW == '0' ] || uci set wireless.@wifi-device[0].disabled=0 - wifi -} +ip6tables -A input_wan_rule -s fe80::/10 -d fe80::/10 -p tcp -m tcp --dport 22 -m comment --comment "CHD-allow-ssh-maj-routeur" -j ACCEPT EOF - ####################### # Build Openwrt image # ####################### |