net/coova-chilli/files/chilli.firewall

   1 #!/bin/sh
   2
   3 chilli_firewall() {
   4     local cfg="$1"
   5
   6     local network ifname tun
   7
   8     config_get network "$cfg" network
   9
  10     . /lib/functions/network.sh
  11     network_get_device ifname ${network:-lan}
  12
  13     if [ "$ifname" = "" ]
  14     then
  15        config_get ifname "$cfg" dhcpif
  16     fi
  17
  18     config_get tun "$cfg" tundev
  19
  20     for n in ACCEPT DROP REJECT
  21     do
  22        iptables -F zone_${network}_${n}
  23        iptables -I zone_${network}_${n} -i $tun -j $n
  24        iptables -I zone_${network}_${n} -o $tun -j $n
  25     done
  26
  27     iptables -D forward -i ${ifname} -j zone_${network}_forward
  28     iptables -A forward -i ${ifname} -j DROP
  29     iptables -A forward -i $tun -j zone_${network}_forward
  30
  31     iptables -D input -i ${ifname} -j zone_${network}
  32     iptables -A input -i $tun -j zone_${network}
  33
  34     iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT
  35     iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT
  36 }
  37
  38 chilli_post_core_cb() {
  39     config_load chilli
  40     config_foreach chilli_firewall chilli
  41 }