diff --git a/firewall.txt b/firewall.txt deleted file mode 100644 index 7848da9..0000000 --- a/firewall.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Scrapbook of firewall rules to restrict connections only -# to official servers. - -# Clear outging rules -acl from_sta clear - -# Allow outgoing connections to specified IP -acl from_sta IP any 185.43.124.6 allow - -# Allow outgoing DNS requests -acl from_sta UDP any any any 53 allow - -# Deny everything else -acl from_sta IP any any deny - -# Streetpass relay whitelist -# From https://github.com/Pinchie/RaspiPass/blob/master/raspi_secure/iptables.sh -52.43.174.40 -104.70.153.178 -104.74.48.110 -23.7.18.146 -23.7.24.35 -52.11.210.152 -52.25.179.65 -52.89.56.205 -54.148.137.96 -54.218.98.74 -54.218.99.79 -54.244.22.201 -69.25.139.140 -192.195.204.216 -52.10.249.207 diff --git a/firmware/0x00000.bin b/firmware/0x00000.bin index ad3aa25..7f4a3e9 100644 Binary files a/firmware/0x00000.bin and b/firmware/0x00000.bin differ diff --git a/firmware/0x10000.bin b/firmware/0x10000.bin index d84606d..7532e7a 100644 Binary files a/firmware/0x10000.bin and b/firmware/0x10000.bin differ diff --git a/user/acl.h b/user/acl.h index f726346..59f8859 100644 --- a/user/acl.h +++ b/user/acl.h @@ -5,7 +5,7 @@ #include "lwip/pbuf.h" #define MAX_NO_ACLS 4 -#define MAX_ACL_ENTRIES 20 +#define MAX_ACL_ENTRIES 30 #define ACL_DENY 0x0 #define ACL_ALLOW 0x1 diff --git a/user/config_flash.c b/user/config_flash.c index ce955f3..96152d4 100644 --- a/user/config_flash.c +++ b/user/config_flash.c @@ -138,6 +138,26 @@ config_load_default(sysconfig_p config) parse_IP_addr("52.10.249.207", &daddr, &dmask); acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW); + // NOTE(m): New IP addresses found by Dal78 + // NOTE(m): The list of Streetpass IP addresses may be dynamic :-/ + parse_IP_addr("52.24.183.161", &daddr, &dmask); + acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW); + + parse_IP_addr("52.39.19.157", &daddr, &dmask); + acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW); + + parse_IP_addr("34.208.213.200", &daddr, &dmask); + acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW); + + parse_IP_addr("104.103.189.191", &daddr, &dmask); + acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW); + + parse_IP_addr("23.2.226.76", &daddr, &dmask); + acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW); + + parse_IP_addr("35.167.248.201", &daddr, &dmask); + acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW); + // Default implementation denies everything not matched above. // This last rule is not necessary and commented out to save memory space: // acl_add(0, 0, 0, 0, 0, 0, 0, 0, ACL_DENY); diff --git a/user/user_config.h b/user/user_config.h index 7deef6b..19287e3 100644 --- a/user/user_config.h +++ b/user/user_config.h @@ -1,7 +1,7 @@ #ifndef _USER_CONFIG_ #define _USER_CONFIG_ -#define ESPERPASS_VERSION "V0.0.5" +#define ESPERPASS_VERSION "V0.0.6" #define WIFI_SSID "ssid" #define WIFI_PASSWORD "password" diff --git a/user/user_main.c b/user/user_main.c index 046e1d0..89b5b09 100644 --- a/user/user_main.c +++ b/user/user_main.c @@ -395,7 +395,7 @@ console_handle_command(struct espconn *pespconn) #define MAX_CMD_TOKENS 20 char cmd_line[MAX_CON_CMD_SIZE+1]; - char response[512]; + char response[1024]; char *tokens[MAX_CMD_TOKENS]; int bytes_count, nTokens; @@ -1545,7 +1545,7 @@ user_init() os_printf("Hit return to show the CMD> prompt and follow these instructions:\r\n"); os_printf("Note that the console does not support the backspace key.\r\n"); os_printf("If you make a mistake, hit return and try the command again.\r\n"); - os_printf("Note that the maximum length for the SSID is 31 character,\r\n"); + os_printf("Note that the maximum length for the SSID is 31 characters,\r\n"); os_printf("for the password 64 characters. Spaces are allowed.\r\n\r\n"); os_printf("1. Set your Internet WiFi ssid: set ssid \r\n");