projects / openwrt / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ed5cefb)
dropbear: enable configurable port forwarding options
authorPetr Štetiar <[email protected]>
Sat, 6 Dec 2025 18:34:37 +0000 (18:34 +0000)
committerChristian Marangi <[email protected]>
Mon, 8 Dec 2025 17:53:34 +0000 (18:53 +0100)
Currently its only possible to disable port forwarding only for specific
keys, via the OpenSSH-style restriction in `authorized_keys` file.

In some use cases it might be feasible to disable such features globally
on service level, so lets add new LocalPortForward and RemotePortForward
config knobs.

Signed-off-by: Petr Štetiar <[email protected]>
Link: https://github.com/openwrt/openwrt/pull/21071
Signed-off-by: Christian Marangi <[email protected]>
package/network/services/dropbear/files/dropbear.config patch | blob | history
package/network/services/dropbear/files/dropbear.init patch | blob | history

diff --git a/package/network/services/dropbear/files/dropbear.config b/package/network/services/dropbear/files/dropbear.config
index 7eb59754490683f88f6909ad1d10aa9f104ece02..7957cd6a490fe040bc0b877f3fbd16bb3cfff0f8 100644 (file)
--- a/package/network/services/dropbear/files/dropbear.config
+++ b/package/network/services/dropbear/files/dropbear.config
@@ -5,3 +5,5 @@ config dropbear main
        option RootPasswordAuth 'on'
        option Port         '22'
 #      option BannerFile   '/etc/banner'
+#      option LocalPortForward 'off'
+#      option RemotePortForward 'off'
diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init
index 2f5d9698eba742ff10570f9a8b4edc330ae4725a..d5eb44bf75c6fcda88c329d134142914960cb326 100755 (executable)
--- a/package/network/services/dropbear/files/dropbear.init
+++ b/package/network/services/dropbear/files/dropbear.init
@@ -178,6 +178,8 @@ validate_section_dropbear()
                'IdleTimeout:uinteger:0' \
                'MaxAuthTries:uinteger:3' \
                'RecvWindowSize:uinteger:0' \
+               'LocalPortForward:bool:1' \
+               'RemotePortForward:bool:1' \
                'mdns:bool:1'
 }
 
@@ -317,6 +319,8 @@ dropbear_instance()
        fi
        [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
        [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
+       [ "${LocalPortForward}" -eq 0 ] && procd_append_param command -j
+       [ "${RemotePortForward}" -eq 0 ] && procd_append_param command -k
        [ -n "${ForceCommand}" ] && procd_append_param command -c "${ForceCommand}"
        [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
        [ "${RootLogin}" -eq 0 ] && procd_append_param command -w
OpenWrt Source Repository