2 # Add "freifunk" firewall zone
3 # If wan is used for olsr then delete wan zone and all wan rules
4 # Also setup rules defined in /etc/config/freifunk and /etc/config/profile_<community>
9 wan_is_olsr
=$
(uci
-q get meshwizard.netconfig.wan_config
)
13 # Add local_restrict to wan firewall zone (if wan is not used for olsr)
14 # If wan is used for olsr then remove the firewall zone wan
16 config_get name
"$1" name
17 if [ "$name" == "wan" ]; then
18 if [ "$wan_is_olsr" == 1 ]; then
19 uci del firewall.
$1 && uci_commitverbose
"WAN is used for olsr, delete firewall zone wan" firewall
21 uci
set firewall.
$1.local_restrict
=1 && uci_commitverbose
"Enable local_restrict for zone wan" firewall
25 config_foreach handle_zonewan zone
27 # Rename firewall zone for freifunk if unnamed and delete wan zone if it is used for olsr; else enable local restrict
29 config_get name
"$1" name
30 config_get network
"$1" network
32 if [ "$name" == "freifunk" ]; then
33 # rename section if unnamed
34 if [ -z "${1/cfg[0-9a-fA-F]*/}" ]; then
35 section_rename firewall
$1 zone_freifunk
39 if [ "$name" == "wan" ]; then
40 if [ "$wan_is_olsr" == 1 ]; then
41 uci del firewall.
$1 && uci_commitverbose
"WAN is used for olsr, delete firewall zone wan" firewall
43 uci
set firewall.
$1.local_restrict
=1 && uci_commitverbose
"Enable local_restrict for zone wan" firewall
48 config_foreach handle_fwzone zone
51 set firewall.zone_freifunk="zone"
52 set firewall.zone_freifunk.name="freifunk"
53 set firewall.zone_freifunk.input="$zone_freifunk_input"
54 set firewall.zone_freifunk.forward="$zone_freifunk_forward"
55 set firewall.zone_freifunk.output="$zone_freifunk_output"
58 uci_commitverbose
"Setup firewall zones" firewall
60 # Usually we need to setup masquerading for lan, except lan is an olsr interface or has an olsr hna-entry
63 config_get interface
"$1" interface
64 if [ "$interface" == "lan" ]; then
69 config_foreach handle_interface Interface
71 LANIP
="$(uci -q get network.lan.ipaddr)"
72 if [ -n "$LANIP" ]; then
74 config_get netaddr
"$1" netaddr
75 if [ "$LANIP" == "$netaddr" ]; then
79 config_foreach handle_hna Hna4
82 currms
=$
(uci
-q get firewall.zone_freifunk.masq_src
)
83 if [ ! "$no_masq_lan" == "1" ]; then
84 uci
set firewall.zone_freifunk.masq
="1"
85 [ -z "$(echo $currms |grep lan)" ] && uci add_list firewall.zone_freifunk.masq_src
="lan"
89 # Rules, Forwardings, advanced config and includes
91 for config
in freifunk profile_
$community; do
95 for section
in advanced include fw_rule fw_forwarding
; do
97 local options
=$
(uci show
$config.
"$1")
98 options
=$
(echo "$options" |
sed -e "s/fw_//g" -e "s/^$config/firewall/g")
103 config_foreach handle_firewall
$section
106 uci_commitverbose
"Setup rules, forwardings, advanced config and includes." firewall
108 # If wan is used for olsr we need to cleanup old wan (forward) rules
110 if [ "$wan_is_olsr" == 1 ]; then
112 config_get src
"$1" src
113 config_get dest
"$1" dest
114 if [ "$src" == "wan" ] ||
[ "$dest" == "wan" ]; then
118 for i
in rule forwarding
; do
120 config_foreach handle_wanrules
$i
122 uci_commitverbose
"Wan is used for olsr, delete wan firewall rules and forwardings" firewall