]> git.ipfire.org Git - thirdparty/openwrt.git/commitdiff
projects / thirdparty / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 30b7a5f)
dropbear: enable configurable port forwarding options
authorPetr Štetiar <ynezz@true.cz>
Sat, 6 Dec 2025 18:34:37 +0000 (18:34 +0000)
committerChristian Marangi <ansuelsmth@gmail.com>
Mon, 15 Dec 2025 18:25:58 +0000 (19:25 +0100)
Currently its only possible to disable port forwarding only for specific
keys, via the OpenSSH-style restriction in `authorized_keys` file.

In some use cases it might be feasible to disable such features globally
on service level, so lets add new LocalPortForward and RemotePortForward
config knobs.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Link: https://github.com/openwrt/openwrt/pull/21071
(cherry picked from commit 83f6177dbf44fa92ecf6d2e1cda9f92cfc5fe849)
[ fix conflict error ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
package/network/services/dropbear/files/dropbear.config patch | blob | blame | history
package/network/services/dropbear/files/dropbear.init patch | blob | blame | history

diff --git a/package/network/services/dropbear/files/dropbear.config b/package/network/services/dropbear/files/dropbear.config
index 7eb59754490683f88f6909ad1d10aa9f104ece02..7957cd6a490fe040bc0b877f3fbd16bb3cfff0f8 100644 (file)
--- a/package/network/services/dropbear/files/dropbear.config
+++ b/package/network/services/dropbear/files/dropbear.config
@@ -5,3 +5,5 @@ config dropbear main
        option RootPasswordAuth 'on'
        option Port         '22'
 #      option BannerFile   '/etc/banner'
+#      option LocalPortForward 'off'
+#      option RemotePortForward 'off'
diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init
index 395237f9bc206a716f4130d3e83746311d7e5031..6e45a55a64da35033b5f9b7982a6c4990c2f6c80 100755 (executable)
--- a/package/network/services/dropbear/files/dropbear.init
+++ b/package/network/services/dropbear/files/dropbear.init
@@ -179,6 +179,8 @@ validate_section_dropbear()
                'IdleTimeout:uinteger:0' \
                'MaxAuthTries:uinteger:3' \
                'RecvWindowSize:uinteger:262144' \
+               'LocalPortForward:bool:1' \
+               'RemotePortForward:bool:1' \
                'mdns:bool:1'
 }
 
@@ -319,6 +321,8 @@ dropbear_instance()
        fi
        [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
        [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
+       [ "${LocalPortForward}" -eq 0 ] && procd_append_param command -j
+       [ "${RemotePortForward}" -eq 0 ] && procd_append_param command -k
        [ -n "${ForceCommand}" ] && procd_append_param command -c "${ForceCommand}"
        [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
        [ "${RootLogin}" -eq 0 ] && procd_append_param command -w
Mirror of https://github.com/openwrt/openwrt.git