Josh Cepek QueuingKoala

## v22.03-dnsmasq-addnmount.patch
diff --git a/dhcp.conf b/dhcp.conf
index 8c42ef782e..87fe45a7e0 100644
--- a/dhcp.conf
+++ b/dhcp.conf
@@ -21,6 +21,7 @@ config dnsmasq
 	#list bogusnxdomain     '64.94.110.11'
 	option localservice	1  # disable to allow DNS requests from non-local subnets
 	option ednspacket_max	1232
+	#list addnmount		/some/path # read-only mount path to expose it to dnsmasq


## bogon-updater
#!/bin/sh

# Designed for OpenWRT and requires associated "bogons" UCI file.
#
# This is still pretty raw now and not formally published.

# Copyright 2018.
#
# Feel free to use, edit, and re-distribute under the BSD 3-clause License.
# https://opensource.org/licenses/BSD-3-Clause

## v4-features.sh
#!/bin/sh

# Extremely-basic Netfilter conditional rule loading example.
# This uses a pipeline to iptables-restore(8) for atomic loading.

# In particular, only the filter table is adjusted.

# Available under the BSD 3-clause license in the hopes this may be a useful
# example or template.
# http://opensource.org/licenses/BSD-3-Clause

## setup.sh
# Assumptions: easyrsa3 available in current dir, and functional openssl.
# This basic example puts the "offline" and "sub" PKI dirs on the same system.
# A real-world setup would use different systems and transport the public components.

# Build root CA:
EASYRSA_PKI=offline ./easyrsa init-pki
EASYRSA_PKI=offline ./easyrsa build-ca nopass

# Build sub-CA request:
EASYRSA_PKI=sub ./easyrsa init-pki

## netfilter-rule-pipe.sh
#!/bin/sh

# This code available under a BSD 3-clause license
# http://opensource.org/licenses/BSD-3-Clause

# argument processing. Pass one of these to effect changes:

while [ -n "$1" ]
do
	case "$1" in

## dns-soa-mon.sh
#!/bin/sh

usage() {
	printf "%s\n" "
$0 Usage:

Mandatory params:

  --serial=X            set SOA serial to watch for
  --nameserver=NS       set nameserver to query

## nf-reset.sh.HAS.MOVED
This document is now part of my netfilter-samples git project.

See the project component for resetting netfilter rules by sciprt here:
https://github.com/QueuingKoala/netfilter-samples/tree/master/reset-rules

## ovpn-man2html.awk
# awk script for converting man2html openvpn output

{
        # Matching lines means we skip this many
        if ( match($0, "^Content-type: ") ) skip=2
	if ( match($0, "Return to Main Contents") ) skip=1
	# Rip out the "Updated" date as it's wrong:
        if ( match($0, "^Section: ") )
		sub("Updated: .*<BR>", "")

## gist:5911334
# A fairly basic and somewhat extensible router core ruleset
# Do not use unless you understand this example as
# modification for your usage may be required.
# Assumptions:
#  * 192.168.7.0/24 is your LAN, connected to if_lan
#  * if_wan is your uplink, with a dynamic public IP
# Note: in particular, no local ports are opened, including ssh.
#   Add whatever remote-access you need to prevent lockouts if this
#   is not a console-accessible box. You have been warned.

## gist:5867909
cat <<-EOF | iptables-restore
*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
-A POSTROUTING -o $WAN_IFACE_HERE -j MASQUERADE
COMMIT
*filter
:INPUT DROP
	diff --git a/dhcp.conf b/dhcp.conf
	index 8c42ef782e..87fe45a7e0 100644
	--- a/dhcp.conf
	+++ b/dhcp.conf
	@@ -21,6 +21,7 @@ config dnsmasq
	#list bogusnxdomain '64.94.110.11'
	option localservice 1 # disable to allow DNS requests from non-local subnets
	option ednspacket_max 1232
	+ #list addnmount /some/path # read-only mount path to expose it to dnsmasq
	#!/bin/sh

	# Designed for OpenWRT and requires associated "bogons" UCI file.
	#
	# This is still pretty raw now and not formally published.

	# Copyright 2018.
	#
	# Feel free to use, edit, and re-distribute under the BSD 3-clause License.
	# https://opensource.org/licenses/BSD-3-Clause
	#!/bin/sh

	# Extremely-basic Netfilter conditional rule loading example.
	# This uses a pipeline to iptables-restore(8) for atomic loading.

	# In particular, only the filter table is adjusted.

	# Available under the BSD 3-clause license in the hopes this may be a useful
	# example or template.
	# http://opensource.org/licenses/BSD-3-Clause
	# Assumptions: easyrsa3 available in current dir, and functional openssl.
	# This basic example puts the "offline" and "sub" PKI dirs on the same system.
	# A real-world setup would use different systems and transport the public components.

	# Build root CA:
	EASYRSA_PKI=offline ./easyrsa init-pki
	EASYRSA_PKI=offline ./easyrsa build-ca nopass

	# Build sub-CA request:
	EASYRSA_PKI=sub ./easyrsa init-pki
	#!/bin/sh

	# This code available under a BSD 3-clause license
	# http://opensource.org/licenses/BSD-3-Clause

	# argument processing. Pass one of these to effect changes:

	while [ -n "$1" ]
	do
	case "$1" in
	#!/bin/sh

	usage() {
	printf "%s\n" "
	$0 Usage:

	Mandatory params:

	--serial=X set SOA serial to watch for
	--nameserver=NS set nameserver to query
	This document is now part of my netfilter-samples git project.

	See the project component for resetting netfilter rules by sciprt here:
	https://github.com/QueuingKoala/netfilter-samples/tree/master/reset-rules
	# awk script for converting man2html openvpn output

	{
	# Matching lines means we skip this many
	if ( match($0, "^Content-type: ") ) skip=2
	if ( match($0, "Return to Main Contents") ) skip=1
	# Rip out the "Updated" date as it's wrong:
	if ( match($0, "^Section: ") )
	sub("Updated: .*<BR>", "")
	# A fairly basic and somewhat extensible router core ruleset
	# Do not use unless you understand this example as
	# modification for your usage may be required.
	# Assumptions:
	# * 192.168.7.0/24 is your LAN, connected to if_lan
	# * if_wan is your uplink, with a dynamic public IP
	# Note: in particular, no local ports are opened, including ssh.
	# Add whatever remote-access you need to prevent lockouts if this
	# is not a console-accessible box. You have been warned.
	cat <<-EOF \| iptables-restore
	*nat
	:PREROUTING ACCEPT
	:INPUT ACCEPT
	:OUTPUT ACCEPT
	:POSTROUTING ACCEPT
	-A POSTROUTING -o $WAN_IFACE_HERE -j MASQUERADE
	COMMIT
	*filter
	:INPUT DROP