done
# If we use auto-ipv6-dhcp then allow 547/udp on the freifunk zone
-if [ "$profile_ipv6_config" = "auto-ipv6-dhcpv6" ]; then
+if [ "$ipv6_config" = "auto-ipv6-dhcpv6" ]; then
uci batch <<- EOF
- firewall.dhcpv6=rule
- firewall.dhcpv6.src=freifunk
- firewall.dhcpv6.target=ACCEPT
- firewall.dhcpv6.dest_port=547
- firewall.dhcpv6.proto=udp
+ set firewall.dhcpv6=rule
+ set firewall.dhcpv6.src=freifunk
+ set firewall.dhcpv6.target=ACCEPT
+ set firewall.dhcpv6.dest_port=547
+ set firewall.dhcpv6.proto=udp
+ EOF
+fi
+
+# Firewall rules to allow incoming ssh and web if enabled
+
+if [ "$wan_allowssh" == 1 ]; then
+ uci batch <<- EOF
+ set firewall.wanssh=rule
+ set firewall.wanssh.src=wan
+ set firewall.wanssh.target=ACCEPT
+ set firewall.wanssh.proto=tcp
+ set firewall.wanssh.dest_port=22
+ EOF
+fi
+
+if [ "$wan_allowweb" == 1 ]; then
+ uci batch <<- EOF
+ set firewall.wanweb=rule
+ set firewall.wanweb.src=wan
+ set firewall.wanweb.target=ACCEPT
+ set firewall.wanweb.proto=tcp
+ set firewall.wanweb.dest_port=80
+ set firewall.wanwebhttps=rule
+ set firewall.wanwebhttps.src=wan
+ set firewall.wanwebhttps.target=ACCEPT
+ set firewall.wanwebhttps.proto=tcp
+ set firewall.wanwebhttps.dest_port=443
EOF
fi