From ffff3473966c42133b8faed7d8a120739c5451d4 Mon Sep 17 00:00:00 2001
From: James Vorderbruggen <jamesvorder@gmail.com>
Date: Sun, 13 Jun 2021 12:09:57 -0400
Subject: [PATCH] yggdrasil: allow HTTPS connections

Signed-off-by: James Vorderbruggen <jamesvorder@gmail.com>
---
 net/yggdrasil/Makefile                 |  2 +-
 net/yggdrasil/files/yggdrasil.defaults | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/net/yggdrasil/Makefile b/net/yggdrasil/Makefile
index 7b1a671fa..5be4aa075 100644
--- a/net/yggdrasil/Makefile
+++ b/net/yggdrasil/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=yggdrasil
 PKG_VERSION:=0.3.16
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/yggdrasil-network/yggdrasil-go/tar.gz/v$(PKG_VERSION)?
diff --git a/net/yggdrasil/files/yggdrasil.defaults b/net/yggdrasil/files/yggdrasil.defaults
index 09f1f87ab..22472404b 100644
--- a/net/yggdrasil/files/yggdrasil.defaults
+++ b/net/yggdrasil/files/yggdrasil.defaults
@@ -89,6 +89,17 @@ EOF
     set firewall.@rule[-1].target=ACCEPT
 EOF
 
+  # allow LuCI access with SSL from yggdrasil zone, needs to be explicitly enabled
+  uci -q batch <<-EOF >/dev/null
+    add firewall rule
+    set firewall.@rule[-1].enabled=0
+    set firewall.@rule[-1].name='Allow-HTTPS-yggdrasil'
+    set firewall.@rule[-1].src=yggdrasil
+    set firewall.@rule[-1].proto=tcp
+    set firewall.@rule[-1].dest_port=443
+    set firewall.@rule[-1].target=ACCEPT
+EOF
+
   uci commit firewall
   uci commit network