The base service establishes the SPR system configuration and initializes the firewall. It also configures performance tuning parameters for managing irq balancing.
The main configuration variables are found in config/base/config.sh
The firewall uses NFTable rulesets defined in base/scripts/nft_rules.sh
The forwarding and input policies are default drop.
The following ports can be exposed to WAN by enabling UPSTREAM_SERVICES_ENABLE in
- sshd (tcp 22),
- api (port 80 or 443 with SSL),
- iperf3 (tcp 5201)
- wireguard (udp 51280)
OR by updating them in the UI under the Firewall settings.
On LAN the following services are available:
- DHCP tied to the authenticated MAC address over WiFi or all wired LAN devices
- DNS for devices in the dns_access group
- 1900, 5353 multicast repeater to all devices for SSDP and MDNS
- The API (port 80, 443)
- SSH (tcp port 22)
Routing to devices on the LAN or to WAN only happens for authenticated, approved MAC addresses.