Base
The base service establishes the SPR system configuration and initializes the firewall. It also configures performance tuning parameters for managing irq balancing.
The main configuration variables are found in config/base/config.sh
Firewall Configuration
The firewall uses NFTable rulesets defined in base/scripts/nft_rules.sh
The forwarding and input policies are default drop.
The following ports can be exposed to WAN by enabling UPSTREAM_SERVICES_ENABLE in configs/base/config.sh:
- sshd (tcp 22),
- api (port 80 or 443 with SSL),
- iperf3 (tcp 5201)
- wireguard (udp 51280)
OR by updating them in the UI under the Firewall settings.
On LAN the following services are available:
- DHCP tied to the authenticated MAC address over WiFi or all wired LAN devices
- DNS for devices in the dns_access group
- 1900, 5353 multicast repeater to all devices for SSDP and MDNS
- The API (port 80, 443)
- SSH (tcp port 22)
Routing to devices on the LAN or to WAN only happens for authenticated, approved MAC addresses.