Re: Need Help testing.
Posted by
Grommish on
Apr 15, 2020; 5:46am
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1942.html
Ok, so.. I think I finally have a grip on this.. OpenWrt has MANY cool systems when you're building from scratch, but they are just a huge pain to find.
I found reference to the /etc/uci-defaults directory, which will run a file on the first boot, then delete it. This allows me to do selective settings via the uci!
I have abandoned using ClamAV in the image. It's huge and resource heavy, and not really useful given what would have to be given up for it (like.. Snort..or Adblock..) ClamAV has an 800MB RAM footprint! So.. Ah well.
# Common Settings between three modes
# Network Settings
uci set network.loopback=interface
uci set network.loopback.ifname="lo"
uci set network.loopback.proto="static"
uci set network.loopback.ipaddr="127.0.0.1"
uci set network.loopback.netmask="255.0.0.0"
uci set network.globals=globals
uci set network.globals.ula_prefix="fd18:0640:804c::/48"
# Setup networking defaults based on mode
case "${SHIELD_MODE}" in
"Router" | "Gateway")
# Network Setup
uci set network.wan=interface
uci set network.wan.ifname='eth0'
uci set network.wan.proto='dhcp'
uci set network.lan=interface
uci set network.lan.ifname='eth1 eth2'
uci set network.lan.force_link='1'
uci set network.lan.proto='static'
uci set network.lan.type='bridge'
uci set network.lan.ipaddr='10.10.10.10'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.ip6assign='60'
uci set network.wan6=interface
uci set network.wan6.ifname='eth0'
uci set network.wan6.proto='dhcpv6'
uci commit network
# DHCP/DNS Setup
uci set dhcp.@dnsmasq[0]=dnsmasq
uci set dhcp.@dnsmasq[0].domainneeded='1'
uci set dhcp.@dnsmasq[0].boguspriv='1'
uci set dhcp.@dnsmasq[0].filterwin2k='0'
uci set dhcp.@dnsmasq[0].localise_queries='1'
uci set dhcp.@dnsmasq[0].rebind_protection='1'
uci set dhcp.@dnsmasq[0].rebind_localhost='1'
uci set dhcp.@dnsmasq[0].local='/lan/'
uci set dhcp.@dnsmasq[0].domain='lan'
uci set dhcp.@dnsmasq[0].expandhosts='1'
uci set dhcp.@dnsmasq[0].nonegcache='0'
uci set dhcp.@dnsmasq[0].authoritative='1'
uci set dhcp.@dnsmasq[0].readethers='1'
uci set dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
uci set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
uci set dhcp.@dnsmasq[0].nonwildcard='1'
uci set dhcp.@dnsmasq[0].localservice='1'
uci set dhcp.lan=dhcp
uci set dhcp.lan.interface='lan'
uci set dhcp.lan.start='100'
uci set dhcp.lan.limit='150'
uci set dhcp.lan.leasetime='12h'
uci set dhcp.lan.dhcpv6='server'
uci set dhcp.lan.ra='server'
uci set dhcp.lan.ra_slaac='1'
uci set dhcp.lan.ra_flags='managed-config' 'other-config'
uci set dhcp.wan=dhcp
uci set dhcp.wan.interface='wan'
uci set dhcp.wan.ignore='1'
uci set dhcp.odhcpd=odhcpd
uci set dhcp.odhcpd.maindhcp='0'
uci set dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
uci set dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
uci set dhcp.odhcpd.loglevel='4'
uci commit dhcp
# Adblock Setup
uci set adblock.global=adblock
uci set adblock.global.adb_enabled='1'
uci set adblock.global.adb_debug='0'
uci set adblock.global.adb_forcedns='0'
uci set adblock.global.adb_safesearch='0'
uci set adblock.global.adb_mail='0'
uci set adblock.global.adb_maxqueue='4'
uci set adblock.global.adb_dns='dnsmasq'
uci set adblock.global.adb_trigger='wan'
uci set adblock.global.adb_report='1'
uci set adblock.global.adb_repiface='br-lan'
uci set adblock.global.adb_backup='0'
uci set adblock.global.adb_dnsfilereset='1'
uci set adblock.global.adb_dnsflush='1'
uci add_list adblock.global.adb_sources='adaway'
uci add_list adblock.global.adb_sources='adguard'
uci add_list adblock.global.adb_sources='disconnect'
uci add_list adblock.global.adb_sources='oisd_nl'
uci add_list adblock.global.adb_sources='youtube'
uci add_list adblock.global.adb_sources='yoyo'
uci set adblock.global.adb_fetchutil='uclient-fetch'
uci commit adblock
# uhttpd Setup
uci set uhttpd.main=uhttpd
uci set uhttpd.main.listen_http='10.10.10.10:80'
uci set uhttpd.main.listen_https='10.10.10.10:443'
uci set uhttpd.main.redirect_https='1'
uci set uhttpd.main.home='/www'
uci set uhttpd.main.rfc1918_filter='1'
uci set uhttpd.main.max_requests='3'
uci set uhttpd.main.max_connections='100'
uci set uhttpd.main.cert='/etc/uhttpd.crt'
uci set uhttpd.main.key='/etc/uhttpd.key'
uci set uhttpd.main.cgi_prefix='/cgi-bin'
uci set uhttpd.main.lua_prefix='/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
uci set uhttpd.main.script_timeout='60'
uci set uhttpd.main.network_timeout='30'
uci set uhttpd.main.http_keepalive='20'
uci set uhttpd.main.tcp_keepalive='1'
uci set uhttpd.main.ubus_prefix='/ubus'
uci set uhttpd.defaults=cert
uci set uhttpd.defaults.days='730'
uci set uhttpd.defaults.bits='2048'
uci set uhttpd.defaults.country='ZZ'
uci set uhttpd.defaults.state='Somewhere'
uci set uhttpd.defaults.location='Unknown'
uci set uhttpd.defaults.commonname='OpenWrt'
;;
"Bridge")
;;
esac
Running Itus Shield v2 Firmware