[Add][rootfs][iptables]

2021.01.03 / Folus Wen

Actions:
1. Add run_iptable_set.sh and run_iptable_clear.sh for charger firewall enable/disable.

Files:
1. As follow commit history

Image version: D0.00.XX.XXXX.XX
Image checksum: XXXXXXXX

Hardware PWB P/N : XXXXXXX
Hardware Version : XXXXXXX

EVSE/Projects/AX80/Apps/main.c

@@ -2603,26 +2603,29 @@ void InitEthernet()
 					if(cnt_pingDNS_Fail >= 3)
 					{
 						ShmStatusCodeData->InfoCode.InfoEvents.bits.InternetDisconnectViaEthernet=ON;
-						if((ShmSysConfigAndInfo->SysConfig.Eth0Interface.EthDhcpClient==0))
+						if(!ShmSysConfigAndInfo->SysInfo.OcppConnStatus)
 						{
-							system("pgrep -f \"udhcpc -i eth0\" | xargs kill");
-							sprintf(tmpbuf, "/sbin/udhcpc -i eth0 -x hostname:CSU3_%s -s /root/dhcp_script/eth0.script > /dev/null &", ShmSysConfigAndInfo->SysConfig.SystemId);
-							system(tmpbuf);
-						}
-						else
-						{
-							system("pgrep -f \"udhcpc -i eth0\" | xargs kill");
-							memset(tmpbuf,0,256);
-							sprintf(tmpbuf,"/sbin/ifconfig eth0 %s netmask %s up &",
-									ShmSysConfigAndInfo->SysConfig.Eth0Interface.EthIpAddress,
-									ShmSysConfigAndInfo->SysConfig.Eth0Interface.EthSubmaskAddress);
-							system(tmpbuf);
-							memset(tmpbuf,0,256);
-							sprintf(tmpbuf,"route add default gw %s eth0 &",
-							ShmSysConfigAndInfo->SysConfig.Eth0Interface.EthGatewayAddress);
-							system(tmpbuf);
+							if((ShmSysConfigAndInfo->SysConfig.Eth0Interface.EthDhcpClient==0))
+							{
+								system("pgrep -f \"udhcpc -i eth0\" | xargs kill");
+								sprintf(tmpbuf, "/sbin/udhcpc -i eth0 -x hostname:CSU3_%s -s /root/dhcp_script/eth0.script > /dev/null &", ShmSysConfigAndInfo->SysConfig.SystemId);
+								system(tmpbuf);
+							}
+							else
+							{
+								system("pgrep -f \"udhcpc -i eth0\" | xargs kill");
+								memset(tmpbuf,0,256);
+								sprintf(tmpbuf,"/sbin/ifconfig eth0 %s netmask %s up &",
+										ShmSysConfigAndInfo->SysConfig.Eth0Interface.EthIpAddress,
+										ShmSysConfigAndInfo->SysConfig.Eth0Interface.EthSubmaskAddress);
+								system(tmpbuf);
+								memset(tmpbuf,0,256);
+								sprintf(tmpbuf,"route add default gw %s eth0 &",
+								ShmSysConfigAndInfo->SysConfig.Eth0Interface.EthGatewayAddress);
+								system(tmpbuf);
+							}
+							cnt_pingDNS_Fail = 0;
 						}
-						cnt_pingDNS_Fail = 0;
 					}
 					else
 					{
@@ -3709,9 +3712,7 @@ int isReachableInternet()
 
 	// Get gateway
 	fp = popen("ip route", "r");
-	if(fp == NULL)
-		result = FAIL;
-	else
+	if(fp != NULL)
 	{
 		while(fgets(buf, sizeof(buf), fp) != NULL)
 		{
@@ -3728,7 +3729,7 @@ int isReachableInternet()
 	pclose(fp);
 	memset(buf, 0x00, sizeof(buf));
 
-
+	// Check internet access ability
 	for(int idx=0;idx<ARRAY_SIZE(valid_Internet);idx++)
 	{
 		sprintf(cmd, "ping -c 1 -w 3 -I eth0 %s", valid_Internet[idx]);

EVSE/rootfs/usr/bin/run_iptable_clear.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+/sbin/iptables -F

EVSE/rootfs/usr/bin/run_iptable_set.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+/sbin/iptables -F
+/sbin/iptables -A OUTPUT -p all -s any/0 -d 192.168.0.0/255.255.0.0 -j ACCEPT
+/sbin/iptables -A OUTPUT -p all -s any/0 -d 8.8.8.8/255.255.255.255 -j ACCEPT
+/sbin/iptables -A OUTPUT -p all -s any/0 -d 180.76.76.76/255.255.255.255 -j ACCEPT
+/sbin/iptables -A OUTPUT -p all -s any/0 -d evsocket.phihong.com.tw/255.255.255.255 -j ACCEPT
+/sbin/iptables -A OUTPUT -p all -s any/0 -d git.phihong.com.tw/255.255.255.255 -j ACCEPT
+/sbin/iptables -A OUTPUT -p all -s any/0 -d ftp.phihong.com.tw/255.255.255.255 -j ACCEPT
+/sbin/iptables -A OUTPUT -p all -s any/0 -d $1/255.255.255.255 -j ACCEPT
+/sbin/iptables -A OUTPUT -p all -s any/0 -d any/0 -j DROP
+/sbin/iptables -A INPUT -p all -s 192.168.0.0/255.255.0.0 -d any/0 -j ACCEPT
+/sbin/iptables -A INPUT -p all -s 8.8.8.8/255.255.255.255 -d any/0 -j ACCEPT
+/sbin/iptables -A INPUT -p all -s 180.76.76.76/255.255.255.255 -d any/0 -j ACCEPT
+/sbin/iptables -A INPUT -p all -s evsocket.phihong.com.tw/255.255.255.255 -d any/0 -j ACCEPT
+/sbin/iptables -A INPUT -p all -s git.phihong.com.tw/255.255.255.255 -d any/0 -j ACCEPT
+/sbin/iptables -A INPUT -p all -s ftp.phihong.com.tw/255.255.255.255 -d any/0 -j ACCEPT
+/sbin/iptables -A INPUT -p all -s $1/255.255.255.255 -d any/0 -j ACCEPT
+/sbin/iptables -A INPUT -p all -s any/0 -d any/0 -j DROP