#!/bin/sh
# miniupnpd integration for firewall3

IP6TABLES=/usr/sbin/ip6tables

iptables -t filter -N MINIUPNPD 2>/dev/null
iptables -t nat -N MINIUPNPD 2>/dev/null

[ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null

. /lib/functions/network.sh

add_extzone_rules() {
    local ext_zone=$1

    # IPv4 - due to NAT, need to add both to nat and filter table
    iptables -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
    iptables -t nat -I zone_${ext_zone}_prerouting -j MINIUPNPD

    # IPv6 if available - filter only
    [ -x $IP6TABLES ] && {
        $IP6TABLES -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
    }
}

network_find_wan wan_iface
network_get_device wan_device $wan_iface

for ext_zone in $(fw3 -q device "$wan_device"); do
    add_extzone_rules $ext_zone
done

for ext_iface in $(uci -q get upnpd.config.external_iface); do
	for ext_zone in $(fw3 -q network "$ext_iface"); do
            add_extzone_rules $ext_zone
	done
done