Validated secubox-image.sh and secubox-sysupgrade.sh scripts:
- Fixed curl redirect issue: ASU API returns 301 redirects
- Added -L flag to 9 curl calls across both scripts
- Verified all device profiles valid (mochabin, espressobin, x86-64)
- Confirmed POSIX sh compatibility for sysupgrade script
- Validated first-boot script syntax
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
RPCD handler now checks for both:
- /etc/dnsmasq.d/vortex-firewall.conf (dnsmasq mode)
- /etc/bind/zones/rpz.vortex.zone (BIND RPZ mode)
This fixes the "0 blocked domains" display when using BIND DNS server.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Phase 1 implementation of Vortex DNS Firewall - SecuBox's first line
of defense blocking threats at DNS level BEFORE any connection is
established.
Features:
- Threat intel aggregator (URLhaus, OpenPhish, Malware Domains)
- SQLite-based blocklist database with domain deduplication
- dnsmasq integration via sinkhole hosts file
- x47 vitality multiplier concept (each DNS block prevents ~47 connections)
- RPCD handler for LuCI integration with 8 methods
- CLI tool: vortex-firewall intel/stats/start/stop
Tested with 765 blocked domains across 3 threat feeds.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
