projects / project / luci.git / blob
? search:


14134e5c6dca8b1f30b16f48884d4d17e42a283d
[project/luci.git] / contrib / package / meshwizard / files / usr / bin / meshwizard / helpers / setup_firewall.sh
1 #!/bin/sh
2 # Add "freifunk" firewall zone
3 # If wan is used for olsr then delete wan zone and all wan rules
4 # Also setup rules defined in /etc/config/freifunk and /etc/config/profile_<community>
5
6 . /etc/functions.sh
7 . $dir/functions.sh
8
9 wan_is_olsr=$(uci -q get meshwizard.netconfig.wan_config)
10
11 config_load firewall
12
13 # Add local_restrict to wan firewall zone (if wan is not used for olsr)
14 # If wan is used for olsr then remove the firewall zone wan
15 handle_zonewan() {
16 config_get name "$1" name
17 if [ "$name" == "wan" ]; then
18 if [ "$wan_is_olsr" == 1 ]; then
19 uci del firewall.$1 && uci_commitverbose "WAN is used for olsr, delete firewall zone wan" firewall
20 else
21 uci set firewall.$1.local_restrict=1 && uci_commitverbose "Enable local_restrict for zone wan" firewall
22 fi
23 fi
24 }
25 config_foreach handle_zonewan zone
26
27 # Rename firewall zone for freifunk if unnamed and delete wan zone if it is used for olsr; else enable local restrict
28 handle_fwzone() {
29 config_get name "$1" name
30 config_get network "$1" network
31
32 if [ "$name" == "freifunk" ]; then
33 # rename section if unnamed
34 if [ -z "${1/cfg[0-9a-fA-F]*/}" ]; then
35 section_rename firewall $1 zone_freifunk
36 fi
37 fi
38
39 if [ "$name" == "wan" ]; then
40 if [ "$wan_is_olsr" == 1 ]; then
41 uci del firewall.$1 && uci_commitverbose "WAN is used for olsr, delete firewall zone wan" firewall
42 else
43 uci set firewall.$1.local_restrict=1 && uci_commitverbose "Enable local_restrict for zone wan" firewall
44 fi
45 fi
46 }
47
48 config_foreach handle_fwzone zone
49
50 uci batch << EOF
51 set firewall.zone_freifunk="zone"
52 set firewall.zone_freifunk.name="freifunk"
53 set firewall.zone_freifunk.input="$zone_freifunk_input"
54 set firewall.zone_freifunk.forward="$zone_freifunk_forward"
55 set firewall.zone_freifunk.output="$zone_freifunk_output"
56 EOF
57
58 uci_commitverbose "Setup firewall zones" firewall
59
60 # Usually we need to setup masquerading for lan, except lan is an olsr interface or has an olsr hna-entry
61
62 handle_interface() {
63 config_get interface "$1" interface
64 if [ "$interface" == "lan" ]; then
65 no_masq_lan=1
66 fi
67 }
68 config_load olsrd
69 config_foreach handle_interface Interface
70
71 LANIP="$(uci -q get network.lan.ipaddr)"
72 if [ -n "$LANIP" ]; then
73 handle_hna() {
74 config_get netaddr "$1" netaddr
75 if [ "$LANIP" == "$netaddr" ]; then
76 no_masq_lan=1
77 fi
78 }
79 config_foreach handle_hna Hna4
80 fi
81
82 currms=$(uci -q get firewall.zone_freifunk.masq_src)
83 if [ ! "$no_masq_lan" == "1" ]; then
84 uci set firewall.zone_freifunk.masq="1"
85 [ -z "$(echo $currms |grep lan)" ] && uci add_list firewall.zone_freifunk.masq_src="lan"
86 fi
87
88
89 # Rules, Forwardings, advanced config and includes
90
91 for config in freifunk profile_$community; do
92
93 config_load $config
94
95 for section in advanced include fw_rule fw_forwarding; do
96 handle_firewall() {
97 local options=$(uci show $config."$1")
98 options=$(echo "$options" | sed -e "s/fw_//g" -e "s/^$config/firewall/g")
99 for o in $options; do
100 uci set $o
101 done
102 }
103 config_foreach handle_firewall $section
104 done
105 done
106 uci_commitverbose "Setup rules, forwardings, advanced config and includes." firewall
107
108 # If wan is used for olsr we need to cleanup old wan (forward) rules
109
110 if [ "$wan_is_olsr" == 1 ]; then
111 handle_wanrules() {
112 config_get src "$1" src
113 config_get dest "$1" dest
114 if [ "$src" == "wan" ] || [ "$dest" == "wan" ]; then
115 uci del firewall.$1
116 fi
117 }
118 for i in rule forwarding; do
119 config_load firewall
120 config_foreach handle_wanrules $i
121 done
122 uci_commitverbose "Wan is used for olsr, delete wan firewall rules and forwardings" firewall
123 fi
124
Lua Configuration Interface (mirror)