projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
contrib/freifunk-firewall: Make it work with firewall3
[project/luci.git] / contrib / package / freifunk-firewall / files / etc / hotplug.d / firewall / 23-restricted-wan
1 #!/bin/sh
2
3 clear_restricted_gw()
4 {
5         local state="$1"
6         local iface
7         local ifname
8         local subnet
9
10         config_get iface "$state" iface
11
12         if [ "$iface" = "$INTERFACE" ]; then
13                 config_get ifname "$state" ifname
14                 config_get subnet "$state" subnet
15
16                 logger -t firewall.freifunk "removing local restriction to the network connected to $ifname ($iface)"
17                 iptables -D forwarding_freifunk_rule -o $ifname -d $subnet -j REJECT --reject-with icmp-host-prohibited
18                 uci_revert_state firewall "$state"
19         fi
20 }
21
22 get_enabled()
23 {
24         local name
25         config_get name "$1" name
26
27         if [ "$name" = "$ZONE" ]; then
28                 config_get_bool local_restrict "$1" local_restrict
29         fi
30 }
31
32 if [ "$ACTION" = add ]; then
33         local enabled
34         local subnet
35
36         . /lib/functions/network.sh
37
38         network_find_wan wan
39
40         [ "$INTERFACE" = "$wan" ] || return 0
41
42         network_get_subnet subnet $INTERFACE
43
44         if [ -n "$subnet" ]; then
45                 config_load firewall
46
47                 local_restrict=0
48                 config_foreach get_enabled zone
49                 
50                 if [ "$local_restrict" = 1 ]; then
51                         logger -t firewall.freifunk "restricting local access to the network connected to $INTERFACE ($DEVICE)"
52                         iptables -I forwarding_freifunk_rule -o $DEVICE -d $subnet -j REJECT --reject-with icmp-host-prohibited
53                         local state="restricted_gw_${INTERFACE}"
54                         uci_set_state firewall "$state" "" restricted_gw_state
55                         uci_set_state firewall "$state" iface "$INTERFACE"
56                         uci_set_state firewall "$state" ifname "$DEVICE"
57                         uci_set_state firewall "$state" subnet "$subnet"
58                 fi
59         fi
60
61 elif [ "$ACTION" = remove ]; then
62         config_load firewall
63         config_foreach clear_restricted_gw restricted_gw_state   
64 fi
65
Lua Configuration Interface (mirror)