2 # Add "freifunk" firewall zone
3 # If wan is used for olsr then delete wan zone and all wan rules
4 # Also setup rules defined in /etc/config/freifunk and /etc/config/profile_<community>
9 wan_is_olsr=$(uci -q get meshwizard.netconfig.wan_config)
13 # Add local_restrict to wan firewall zone (if wan is not used for olsr)
14 # If wan is used for olsr then remove the firewall zone wan
16 config_get name "$1" name
17 if [ "$name" == "wan" ]; then
18 if [ "$wan_is_olsr" == 1 ]; then
19 uci del firewall.$1 && uci_commitverbose "WAN is used for olsr, delete firewall zone wan" firewall
21 uci set firewall.$1.local_restrict=1 && uci_commitverbose "Enable local_restrict for zone wan" firewall
25 config_foreach handle_zonewan zone
27 # Rename firewall zone for freifunk if unnamed and delete wan zone if it is used for olsr; else enable local restrict
29 config_get name "$1" name
30 config_get network "$1" network
32 if [ "$name" == "freifunk" ]; then
33 # rename section if unnamed
34 if [ -z "${1/cfg[0-9a-fA-F]*/}" ]; then
35 section_rename firewall $1 zone_freifunk
39 if [ "$name" == "wan" ]; then
40 if [ "$wan_is_olsr" == 1 ]; then
41 uci del firewall.$1 && uci_commitverbose "WAN is used for olsr, delete firewall zone wan" firewall
43 uci set firewall.$1.local_restrict=1 && uci_commitverbose "Enable local_restrict for zone wan" firewall
48 config_foreach handle_fwzone zone
51 set firewall.zone_freifunk="zone"
52 set firewall.zone_freifunk.name="freifunk"
53 set firewall.zone_freifunk.input="$zone_freifunk_input"
54 set firewall.zone_freifunk.forward="$zone_freifunk_forward"
55 set firewall.zone_freifunk.output="$zone_freifunk_output"
58 uci_commitverbose "Setup firewall zones" firewall
60 # Usually we need to setup masquerading for lan, except lan is an olsr interface or has an olsr hna-entry
63 config_get interface "$1" interface
64 if [ "$interface" == "lan" ]; then
69 config_foreach handle_interface Interface
71 LANIP="$(uci -q get network.lan.ipaddr)"
72 if [ -n "$LANIP" ]; then
74 config_get netaddr "$1" netaddr
75 if [ "$LANIP" == "$netaddr" ]; then
79 config_foreach handle_hna Hna4
82 currms=$(uci -q get firewall.zone_freifunk.masq_src)
83 if [ ! "$no_masq_lan" == "1" ]; then
84 uci set firewall.zone_freifunk.masq="1"
85 [ -z "$(echo $currms |grep lan)" ] && uci add_list firewall.zone_freifunk.masq_src="lan"
89 # Rules, Forwardings, advanced config and includes
91 for config in freifunk profile_$community; do
95 for section in advanced include fw_rule fw_forwarding; do
97 local options=$(uci show $config."$1")
98 options=$(echo "$options" | sed -e "s/fw_//g" -e "s/^$config/firewall/g")
103 config_foreach handle_firewall $section
106 uci_commitverbose "Setup rules, forwardings, advanced config and includes." firewall
108 # If wan is used for olsr we need to cleanup old wan (forward) rules
110 if [ "$wan_is_olsr" == 1 ]; then
112 config_get src "$1" src
113 config_get dest "$1" dest
114 if [ "$src" == "wan" ] || [ "$dest" == "wan" ]; then
118 for i in rule forwarding; do
120 config_foreach handle_wanrules $i
122 uci_commitverbose "Wan is used for olsr, delete wan firewall rules and forwardings" firewall