10 config_get iface "$state" iface
12 if [ "$iface" = "$INTERFACE" ]; then
13 config_get ifname "$state" ifname
14 config_get subnet "$state" subnet
16 logger -t firewall.freifunk "removing local restriction to the network connected to $ifname ($iface)"
17 iptables -D forwarding_freifunk_rule -o $ifname -d $subnet -j REJECT --reject-with icmp-host-prohibited
18 uci_revert_state firewall "$state"
25 config_get name "$1" name
27 if [ "$name" = "$ZONE" ]; then
28 config_get_bool local_restrict "$1" local_restrict
32 if [ "$ACTION" = add ]; then
36 . /lib/functions/network.sh
40 [ "$INTERFACE" = "$wan" ] || return 0
42 network_get_subnet subnet $INTERFACE
44 if [ -n "$subnet" ]; then
48 config_foreach get_enabled zone
50 if [ "$local_restrict" = 1 ]; then
51 logger -t firewall.freifunk "restricting local access to the network connected to $INTERFACE ($DEVICE)"
52 iptables -I forwarding_freifunk_rule -o $DEVICE -d $subnet -j REJECT --reject-with icmp-host-prohibited
53 local state="restricted_gw_${INTERFACE}"
54 uci_set_state firewall "$state" "" restricted_gw_state
55 uci_set_state firewall "$state" iface "$INTERFACE"
56 uci_set_state firewall "$state" ifname "$DEVICE"
57 uci_set_state firewall "$state" subnet "$subnet"
61 elif [ "$ACTION" = remove ]; then
63 config_foreach clear_restricted_gw restricted_gw_state