+get_wan_ifnames()
+{
+ local wanifnames word catch_next
+
+ which ip >/dev/null || return 1
+
+ set -- $( ip route list exact 0.0.0.0/0 table all )
+ for word in $*; do
+ case "$word" in
+ dev)
+ catch_next="true"
+ ;;
+ *)
+ [ -n "$catch_next" ] && {
+ case "$wanifnames" in
+ *" $word "*)
+ ;;
+ *)
+ wanifnames="$wanifnames $word "
+ ;;
+ esac
+
+ catch_next=
+ }
+ ;;
+ esac
+ done
+
+ echo "$wanifnames"
+}
+
+olsrd_setup_smartgw_rules() {
+ local funcname="olsrd_setup_smartgw_rules"
+ # Check if ipip is installed
+ [ -e /etc/modules.d/[0-9]*-ipip ] || {
+ log "$funcname() Warning: kmod-ipip is missing. SmartGateway will not work until you install it."
+ return 1
+ }
+
+ local wanifnames="$( get_wan_ifnames )"
+
+ if [ -z "$wanifnames" ]; then
+ nowan=1
+ else
+ nowan=0
+ fi
+
+ IP4T=$(which iptables)
+ IP6T=$(which ip6tables)
+
+ # Delete smartgw firewall rules first
+ for IPT in $IP4T $IP6T; do
+ while $IPT -D forwarding_rule -o tnl_+ -j ACCEPT 2> /dev/null; do :;done
+ for IFACE in $wanifnames; do
+ while $IPT -D forwarding_rule -i tunl0 -o $IFACE -j ACCEPT 2> /dev/null; do :; done
+ done
+ for IFACE in $ifsglobal; do
+ while $IPT -D input_rule -i $IFACE -p 4 -j ACCEPT 2> /dev/null; do :; done
+ done
+ done
+ while $IP4T -t nat -D postrouting_rule -o tnl_+ -j MASQUERADE 2> /dev/null; do :;done
+
+ if [ "$smartgateway" == "yes" ]; then
+ log "$funcname() Notice: Inserting firewall rules for SmartGateway"
+ if [ ! "$smartgatewayuplink" == "none" ]; then
+ if [ "$smartgatewayuplink" == "ipv4" ]; then
+ # Allow everything to be forwarded to tnl_+ and use NAT for it
+ $IP4T -I forwarding_rule -o tnl_+ -j ACCEPT
+ $IP4T -t nat -I postrouting_rule -o tnl_+ -j MASQUERADE
+ # Allow forwarding from tunl0 to (all) wan-interfaces
+ if [ "$nowan"="0" ]; then
+ for IFACE in $wanifnames; do
+ $IP4T -A forwarding_rule -i tunl0 -o $IFACE -j ACCEPT
+ done
+ fi
+ # Allow incoming ipip on all olsr-interfaces
+ for IFACE in $ifsglobal; do
+ $IP4T -I input_rule -i $IFACE -p 4 -j ACCEPT
+ done
+ elif [ "$smartgatewayuplink" == "ipv6" ]; then
+ $IP6T -I forwarding_rule -o tnl_+ -j ACCEPT
+ if [ "$nowan"="0" ]; then
+ for IFACE in $wanifnames; do
+ $IP6T -A forwarding_rule -i tunl0 -o $IFACE -j ACCEPT
+ done
+ fi
+ for IFACE in $ifsglobal; do
+ $IP6T -I input_rule -i $IFACE -p 4 -j ACCEPT
+ done
+ else
+ for IPT in $IP4T $IP6T; do
+ $IPT -I forwarding_rule -o tnl_+ -j ACCEPT
+ $IPT -t nat -I postrouting_rule -o tnl_+ -j MASQUERADE
+ if [ "$nowan"="0" ]; then
+ for IFACE in $wanifnames; do
+ $IPT -A forwarding_rule -i tunl0 -o $IFACE -j ACCEPT
+ done
+ fi
+ for IFACE in $ifsglobal; do
+ $IPT -I input_rule -i $IFACE -p 4 -j ACCEPT
+ done
+ done
+ fi
+ fi
+ fi
+}
+
+error() {
+ log "error() ${initscript}: $@"
+}
+