From 882c162fc54c95a486b949cd24f692ab6bcb5cfb Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Mon, 22 Jul 2024 22:49:34 +0300 Subject: [PATCH] iwd/private-{cafe,home}-sample: hardening --- var/lib/iwd/private-cafe-sample.psk | 10 ++++++++++ var/lib/iwd/private-home-sample.psk | 14 +++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/var/lib/iwd/private-cafe-sample.psk b/var/lib/iwd/private-cafe-sample.psk index 7477bb34..6dcdcea7 100644 --- a/var/lib/iwd/private-cafe-sample.psk +++ b/var/lib/iwd/private-cafe-sample.psk @@ -1,9 +1,19 @@ # This SSID is "private-cafe-sample", it comes from the filename [Settings] #AlwaysRandomizeAddress=true +# Disables TKIP and connections without Management Frame Protection +TransitionDisable=true +# Disables WPA2-{Personal,Enterprise} and requires WiFi Enhanced Open (OWE) +DisabledTransitionModes=personal,enterprise,open [Security] Passphrase=MySuperSecretPassphraseThatDoesNotReadHere +[IPv4] +DNS=127.0.0.1 +DomainName=. + [IPv6] Enabled=true +DNS=::1 +DomainName=. diff --git a/var/lib/iwd/private-home-sample.psk b/var/lib/iwd/private-home-sample.psk index 95650431..d4e133f4 100644 --- a/var/lib/iwd/private-home-sample.psk +++ b/var/lib/iwd/private-home-sample.psk @@ -3,13 +3,25 @@ AutoConnect=true # MAC address override. Takes priority over AlwaysRandomizeAddress #AddressOverride= +# Disables TKIP and connections without Management Frame Protection +TransitionDisable=true +# Disables WPA2-{Personal,Enterprise} and requires WiFi Enhanced Open (OWE) +DisabledTransitionModes=personal,enterprise,open [Security] Passphrase=MySuperSecretPassphraseThatDoesNotReadHere [IPv4] +# If iwd main.conf has EnableNetworkConfiguration=true and we should have +# static network configuration +#Address=192.168.1.2 +#Gateway=192.168.1.1 +#DNS=127.0.0.1 +#DomainName=. # In home network recognising the device may be a quality of life feature -SendHostname=true +#SendHostname=true [IPv6] Enabled=true +DNS=::1 +DomainName=.