[PR #1540] [MERGED] Update Openwrt: Delete lines that do WAN input and forward accept #3077

New Issue

saavagebueno · 2025-11-20T05:33:17-05:00

saavagebueno commented

2025-11-20 05:33:17 -05:00

📋 Pull Request Information

Original PR: https://github.com/community-scripts/ProxmoxVE/pull/1540
Author: @chackl1990
Created: 1/17/2025
Status: ✅ Merged
Merged: 1/17/2025
Merged by: @michelroegl-brunner

Base: main ← Head: main

📝 Commits (1)

96f1f4a Delete WAN input and forward accept

📊 Changes

1 file changed (+0 additions, -2 deletions)

View changed files

📝 vm/openwrt.sh (+0 -2)

📄 Description

🛠️ Note:
We are meticulous about merging code into the main branch, so please understand that pull requests not meeting the project's standards may be rejected. It's never personal!
🎮 Note for game-related scripts: These have a lower likelihood of being merged.

✍️ Description

Deleted 2 lines of the script that would open the WAN interface for input and forward, as this would expose the ports of OpenWRT to the WAN

Please remove unneeded lines!

🛠️ Type of Change

Please check the relevant options:

Bug fix (non-breaking change that resolves an issue)
New feature (non-breaking change that adds functionality)
Breaking change (fix or feature that would cause existing functionality to change unexpectedly)
New script (a fully functional and thoroughly tested script or set of scripts)

✅ Prerequisites

The following steps must be completed for the pull request to be considered:

Self-review performed (I have reviewed my code to ensure it follows established patterns and conventions.)
Testing performed (I have thoroughly tested my changes and verified expected functionality.)
Documentation updated (I have updated any relevant documentation)

📋 Additional Information (optional)

The script allowed input on WAN, so everyone who used the script and did not fix it, may have an open WAN port.
This can be fixed by logig in to Luci Web Interface and navigate to Network -> Firewall and get the Zone-Settings like this:

If you like to use ssh / cli than this needs to be send to the VM:
uci set firewall.@zone[1].input='REJECT'
uci set firewall.@zone[1].forward='REJECT'
uci commit
reboot

Executing the script again would not help. Also if you restore the config by OpenWRT, the WAN-Input-Accept would also be restored and stays on accept.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/community-scripts/ProxmoxVE/pull/1540 **Author:** [@chackl1990](https://github.com/chackl1990) **Created:** 1/17/2025 **Status:** ✅ Merged **Merged:** 1/17/2025 **Merged by:** [@michelroegl-brunner](https://github.com/michelroegl-brunner) **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (1) - [`96f1f4a`](https://github.com/community-scripts/ProxmoxVE/commit/96f1f4a815aac8b27550a9a057990bb6aa3f2294) Delete WAN input and forward accept ### 📊 Changes **1 file changed** (+0 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `vm/openwrt.sh` (+0 -2) </details> ### 📄 Description > **🛠️ Note:** > We are meticulous about merging code into the main branch, so please understand that pull requests not meeting the project's standards may be rejected. It's never personal! > 🎮 **Note for game-related scripts:** These have a lower likelihood of being merged. --- ## ✍️ Description Deleted 2 lines of the script that would open the WAN interface for input and forward, as this would expose the ports of OpenWRT to the WAN - - - **_Please remove unneeded lines!_** --- ## 🛠️ Type of Change Please check the relevant options: - [x] Bug fix (non-breaking change that resolves an issue) - [ ] New feature (non-breaking change that adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change unexpectedly) - [ ] New script (a fully functional and thoroughly tested script or set of scripts) --- ## ✅ Prerequisites The following steps must be completed for the pull request to be considered: - [x] Self-review performed (I have reviewed my code to ensure it follows established patterns and conventions.) - [x] Testing performed (I have thoroughly tested my changes and verified expected functionality.) - [ ] Documentation updated (I have updated any relevant documentation) --- ## 📋 Additional Information (optional) The script allowed input on WAN, so everyone who used the script and did not fix it, may have an open WAN port. This can be fixed by logig in to Luci Web Interface and navigate to Network -> Firewall and get the Zone-Settings like this: ![WRT-FW-WAN-Input](https://github.com/user-attachments/assets/cfbff229-489d-4bcd-9270-9300745a95db) If you like to use ssh / cli than this needs to be send to the VM: `uci set firewall.@zone[1].input='REJECT'` `uci set firewall.@zone[1].forward='REJECT'` `uci commit` `reboot` Executing the script again would not help. Also if you restore the config by OpenWRT, the WAN-Input-Accept would also be restored and stays on accept. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

saavagebueno added the pull-request label 2025-11-20 05:33:17 -05:00

saavagebueno closed this issue

2025-11-20 05:33:18 -05:00

Sign in to join this conversation.

Branches Tags

main

github-action-update-changelog

pr-update-app-files

add-script-bambuddy-1774853250

MickLesk-patch-1

fix/immich-maintenance-mode-redis-error

fix/npm-unmask-openresty-on-migration

fix/ollama-intel-gpg-error-handling

github-action-archive-changelog

add-script-yourls-1774732133

add-script-matter-server-1774638379

fix/dispatcharr-pg-port

cron_update_lxc

chore/immich-v2.6.3

add-script-geopulse-1774548387

cdn_improvements

add-script-birdnet-1774535320

fix/tools-func-exit-codes

fix/immich-update-db-hostname

update/frigate-0.17.1

fix/use-absolute-path-for-install

fix/pin-npm-version

shell_safe_fixes

remove_booklore

chore/update-url-community-scripts

komodov2

refactor/turnkey-modernize

add-script-nextexplorer-1774344421

add-script-homebrew-1774342032

fix/shell-security-hardening-v2

improve/build-func-performance-cleanup

fix/build-dns-prefix

fix/anytype-mongodb-wait

fix/frigate-cpu-model-path

copilot/fix-installation-failure-isponsorblocktv

fix/reactive-resume-add-git

copilot/scanopy-fix-apt-configuration-error

add-script-isponsorblocktv-1774009652

add-script-alpine-wakapi-1774008954

fix/coder-code-server-existing-config-and-reachability

add-script-teleport-1773928044

CrazyWolf13-patch-wealthfolio-1

refactor/tools-func-qol

fix/stirling-pdf-jdk-reinstall

fix/pinned-version-wording

MickLesk-patch-10

fix/reactive-resume-v5013

fix/tracearr-update-version-oom

copilot/fix-hdd-space-for-owncast

tremor021-patch-6

pocketbase_bot

disp_fix

fix/tdarr-binary-check-curl-retry

MickLesk-patch-9

refactor/podman-quadlets

alpine-ntfy

refactor/jellyfin

CrazyWolf13-patch-11

feature/autousermod_hwaccell

add-script-split-pro-1773677692

fix/frigate-openvino-fallback

fix/paperless-ngx-default-ram

fix/plex-restart-after-update

fix/gluetun-openvpn-env

MickLesk-patch-8

termix_add_guacd

MickLesk-patch-7

fix/tududi-nodejs-in-update

fix/sparkyfitness-npm-peer-deps

docs/website-metadata-workflow

fix-pbs_microcode

remove_jsons

michelroegl-brunner-patch-4

add-script-test-1773325265

cleanup_workflows

feat/remove-frontend

automated/update-github-versions

feat/mode-generated

fix/n8n-build-essential

fix/sparkyfitness-shared-deps

fix/rocm-path-escaping

fix/storage-validation-cross-node

fix/frigate-nvidia-version-regex

arm64-build-support

readme

michelroegl-brunner-patch-3

fix/coder-code-server-backup

copilot/fix-immich-update-dependency-issue

rust

fix/linkwarden-update-playwright

fix/powerdns-sqlite-permissions

fix/duplicate-nameserver-searchdomain

CrazyWolf13-patch-7

feat/ollama-rocm-support

fix/seerr-migration-update-script

preflight_tests

adgu_fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/ProxmoxVE#3077