Merge branch 'refs/heads/update-firewall-rules'

2018-03-15 22:45:23 +01:00 · 2018-03-15 22:45:23 +01:00 · 8335048075
commit 8335048075
parent 0dfb4d3b46 ceb35701a8
7 changed files with 24 additions and 36 deletions
--- a/firewall.txt
+++ b/firewall.txt
@ -1,32 +0,0 @@
 # Scrapbook of firewall rules to restrict connections only
 # to official servers.
 # Clear outging rules
 acl from_sta clear
 # Allow outgoing connections to specified IP
 acl from_sta IP any 185.43.124.6 allow
 # Allow outgoing DNS requests
 acl from_sta UDP any any any 53 allow
 # Deny everything else
 acl from_sta IP any any deny
 # Streetpass relay whitelist
 # From https://github.com/Pinchie/RaspiPass/blob/master/raspi_secure/iptables.sh
 52.43.174.40
 104.70.153.178
 104.74.48.110
 23.7.18.146
 23.7.24.35
 52.11.210.152
 52.25.179.65
 52.89.56.205
 54.148.137.96
 54.218.98.74
 54.218.99.79
 54.244.22.201
 69.25.139.140
 192.195.204.216
 52.10.249.207
--- a/firmware/0x00000.bin
+++ b/firmware/0x00000.bin
--- a/firmware/0x10000.bin
+++ b/firmware/0x10000.bin
--- a/user/acl.h
+++ b/user/acl.h
@ -5,7 +5,7 @@
 #include "lwip/pbuf.h"
 #define MAX_NO_ACLS 4
-#define MAX_ACL_ENTRIES 20
+#define MAX_ACL_ENTRIES 30
 #define ACL_DENY     0x0
 #define ACL_ALLOW    0x1
--- a/user/config_flash.c
+++ b/user/config_flash.c
@ -138,6 +138,26 @@ config_load_default(sysconfig_p config)
  parse_IP_addr("52.10.249.207", &daddr, &dmask);
  acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW);
  // NOTE(m): New IP addresses found by Dal78
  // NOTE(m): The list of Streetpass IP addresses may be dynamic :-/
  parse_IP_addr("52.24.183.161", &daddr, &dmask);
  acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW);
  parse_IP_addr("52.39.19.157", &daddr, &dmask);
  acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW);
  parse_IP_addr("34.208.213.200", &daddr, &dmask);
  acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW);
  parse_IP_addr("104.103.189.191", &daddr, &dmask);
  acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW);
  parse_IP_addr("23.2.226.76", &daddr, &dmask);
  acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW);
  parse_IP_addr("35.167.248.201", &daddr, &dmask);
  acl_add(0, 0, 0, daddr, dmask, 0, 0, 0, ACL_ALLOW);
  // Default implementation denies everything not matched above.
  // This last rule is not necessary and commented out to save memory space:
  // acl_add(0, 0, 0, 0, 0, 0, 0, 0, ACL_DENY);
--- a/user/user_config.h
+++ b/user/user_config.h
@ -1,7 +1,7 @@
 #ifndef _USER_CONFIG_
 #define _USER_CONFIG_
-#define ESPERPASS_VERSION "V0.0.5"
+#define ESPERPASS_VERSION "V0.0.6"
 #define WIFI_SSID "ssid"
 #define WIFI_PASSWORD "password"
--- a/user/user_main.c
+++ b/user/user_main.c
@ -395,7 +395,7 @@ console_handle_command(struct espconn *pespconn)
  #define MAX_CMD_TOKENS 20
  char cmd_line[MAX_CON_CMD_SIZE+1];
-  char response[512];
+  char response[1024];
  char *tokens[MAX_CMD_TOKENS];
  int bytes_count, nTokens;
@ -1545,7 +1545,7 @@ user_init()
    os_printf("Hit return to show the CMD> prompt and follow these instructions:\r\n");
    os_printf("Note that the console does not support the backspace key.\r\n");
    os_printf("If you make a mistake, hit return and try the command again.\r\n");
-    os_printf("Note that the maximum length for the SSID is 31 character,\r\n");
+    os_printf("Note that the maximum length for the SSID is 31 characters,\r\n");
    os_printf("for the password 64 characters. Spaces are allowed.\r\n\r\n");
    os_printf("1. Set your Internet WiFi ssid: set ssid <name>\r\n");