diff options
| author | Petr Štetiar | 2025-12-06 18:34:37 +0000 |
|---|---|---|
| committer | Christian Marangi | 2025-12-15 18:25:58 +0000 |
| commit | 3c97c4a44cbeb767281f3260c1f6da4772432807 (patch) | |
| tree | 18611c63dcfd428b1977d8d538a0c6f04ae62b14 | |
| parent | 30b7a5f27aa34aa3392a5f6e1e54b02d30934cde (diff) | |
| download | openwrt-3c97c4a44cbeb767281f3260c1f6da4772432807.tar.gz | |
dropbear: enable configurable port forwarding options
Currently its only possible to disable port forwarding only for specific
keys, via the OpenSSH-style restriction in `authorized_keys` file.
In some use cases it might be feasible to disable such features globally
on service level, so lets add new LocalPortForward and RemotePortForward
config knobs.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Link: https://github.com/openwrt/openwrt/pull/21071
(cherry picked from commit 83f6177dbf44fa92ecf6d2e1cda9f92cfc5fe849)
[ fix conflict error ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
| -rw-r--r-- | package/network/services/dropbear/files/dropbear.config | 2 | ||||
| -rwxr-xr-x | package/network/services/dropbear/files/dropbear.init | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/package/network/services/dropbear/files/dropbear.config b/package/network/services/dropbear/files/dropbear.config index 7eb5975449..7957cd6a49 100644 --- a/package/network/services/dropbear/files/dropbear.config +++ b/package/network/services/dropbear/files/dropbear.config @@ -5,3 +5,5 @@ config dropbear main option RootPasswordAuth 'on' option Port '22' # option BannerFile '/etc/banner' +# option LocalPortForward 'off' +# option RemotePortForward 'off' diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 395237f9bc..6e45a55a64 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -179,6 +179,8 @@ validate_section_dropbear() 'IdleTimeout:uinteger:0' \ 'MaxAuthTries:uinteger:3' \ 'RecvWindowSize:uinteger:262144' \ + 'LocalPortForward:bool:1' \ + 'RemotePortForward:bool:1' \ 'mdns:bool:1' } @@ -319,6 +321,8 @@ dropbear_instance() fi [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a + [ "${LocalPortForward}" -eq 0 ] && procd_append_param command -j + [ "${RemotePortForward}" -eq 0 ] && procd_append_param command -k [ -n "${ForceCommand}" ] && procd_append_param command -c "${ForceCommand}" [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g [ "${RootLogin}" -eq 0 ] && procd_append_param command -w |