projects / project / luci.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
contrib/meshwizard: Cleanup and add ssid_scheme option
[project/luci.git] / contrib / package / meshwizard / files / usr / bin / meshwizard / helpers / setup_firewall.sh
diff --git a/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh b/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh
index 8399aef..e7e453d 100755 (executable)
--- a/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh
+++ b/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh
@@ -11,8 +11,15 @@ config_load firewall
 # Get some variables
 type="$(uci -q get wireless.$net.type)"
 vap="$(uci -q get meshwizard.netconfig.$net\_vap)"
-lan_ip="$(uci -q get network.lan.ipaddr)"
-lan_mask="$(uci -q get network.lan.netmask)"
+
+# Add local_restrict to wan firewall zone
+handle_zonewan() {
+       config_get name "$1" name
+       if [ "$name" == "wan" ]; then
+               uci set firewall.$1.local_restrict=1
+       fi
+}
+config_foreach handle_zonewan zone && uci_commitverbose "Enable local_restrict for zone wan" firewall
 
 # Delete old firewall zone for freifunk
 handle_fwzone() {
@@ -62,8 +69,6 @@ fi
 
 # setup freifunk firewall zone
 
-echo "    + Setup firewall zone."
-
 # add $netrenamed and if needed ${netrenamed}dhcp to the networks for this zone
 config_get network zone_freifunk network
 
@@ -86,17 +91,10 @@ set firewall.zone_freifunk.forward="$zone_freifunk_forward"
 set firewall.zone_freifunk.output="$zone_freifunk_output"
 EOF
 
-echo "    network: $network
-    input: $zone_freifunk_input
-    forward: $zone_freifunk_forward
-    output: $zone_freifunk_output"
+uci_commitverbose "Setup freifunk firewall zone" firewall
 
 # Usually we need to setup masquerading for lan, except lan is an olsr interface or has an olsr hna
 
-echo "    + Setup masquerading rules"
-
-eval $(ipcalc.sh $lan_ip $lan_mask)
-
 handle_interface() {
         config_get interface "$1" interface
         if [ "$interface" == "lan" ]; then
@@ -116,8 +114,8 @@ config_foreach handle_hna Hna4
 
 currms=$(uci -q get firewall.zone_freifunk.masq_src)
 if [ ! "$no_masq_lan" == "1" ]; then
-       uci set firewall.zone_freifunk.masq="1" && echo "    Enabled masquerading." || echo -e "\033[1mWarning:\033[0m: Could not enable masquerading."
-       [ -z "$(echo $currms |grep $NETWORK/$PREFIX)" ] && uci add_list firewall.zone_freifunk.masq_src="$NETWORK/$PREFIX"
+       uci set firewall.zone_freifunk.masq="1"
+       [ -z "$(echo $currms |grep lan)" ] && uci add_list firewall.zone_freifunk.masq_src="lan"
 fi
 
 # If wifi-interfaces are outside of the mesh network they should be natted
@@ -128,15 +126,15 @@ for i in $networks; do
         # check if the dhcprange is inside meshnet
         dhcpinmesh="$($dir/helpers/check-range-in-range.sh $dhcprange $meshnet)"
         if [ ! "$dhcpinmesh" == 1 ]; then
-                [ -z "$(echo $currms |grep $dhcprange)" ] && uci add_list firewall.zone_freifunk.masq_src="$dhcprange"
+                [ -z "$(echo $currms |grep ${netrenamed}dhcp)" ] && uci add_list firewall.zone_freifunk.masq_src="${netrenamed}dhcp"
         fi
 done
 
+uci_commitverbose "Setup masquerading rules" firewall
+
 # Rules, Forwardings, advanced config and includes
 # Clear firewall configuration
 
-echo "    + Setup rules, forwardings, advanced config and includes."
-
 for config in freifunk profile_$community; do
 
        config_load $config
@@ -153,4 +151,4 @@ for config in freifunk profile_$community; do
        done
 done
 
-uci commit
+uci_commitverbose "Setup rules, forwardings, advanced config and includes." firewall
Lua Configuration Interface (mirror)