projects / project / luci.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
meshwizard: ipv6 fixes, fix uhttpd setup
[project/luci.git] / contrib / package / meshwizard / files / usr / bin / meshwizard / helpers / setup_firewall.sh
diff --git a/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh b/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh
index fb2232e..bf47241 100755 (executable)
--- a/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh
+++ b/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh
@@ -99,13 +99,40 @@ for config in freifunk profile_$community; do
 done
 
 # If we use auto-ipv6-dhcp then allow 547/udp on the freifunk zone
-if [ "$profile_ipv6_config" = "auto-ipv6-dhcpv6" ]; then
+if [ "$ipv6_config" = "auto-ipv6-dhcpv6" ]; then
        uci batch <<- EOF
-               firewall.dhcpv6=rule
-               firewall.dhcpv6.src=freifunk
-               firewall.dhcpv6.target=ACCEPT
-               firewall.dhcpv6.dest_port=547
-               firewall.dhcpv6.proto=udp
+               set firewall.dhcpv6=rule
+               set firewall.dhcpv6.src=freifunk
+               set firewall.dhcpv6.target=ACCEPT
+               set firewall.dhcpv6.dest_port=547
+               set firewall.dhcpv6.proto=udp
+       EOF
+fi
+
+# Firewall rules to allow incoming ssh and web if enabled
+
+if [ "$wan_allowssh" == 1 ]; then
+       uci batch <<- EOF
+               set firewall.wanssh=rule
+               set firewall.wanssh.src=wan
+               set firewall.wanssh.target=ACCEPT
+               set firewall.wanssh.proto=tcp
+               set firewall.wanssh.dest_port=22
+       EOF
+fi
+
+if [ "$wan_allowweb" == 1 ]; then
+       uci batch <<- EOF
+               set firewall.wanweb=rule
+               set firewall.wanweb.src=wan
+               set firewall.wanweb.target=ACCEPT
+               set firewall.wanweb.proto=tcp
+               set firewall.wanweb.dest_port=80
+               set firewall.wanwebhttps=rule
+               set firewall.wanwebhttps.src=wan
+               set firewall.wanwebhttps.target=ACCEPT
+               set firewall.wanwebhttps.proto=tcp
+               set firewall.wanwebhttps.dest_port=443
        EOF
 fi
 
Lua Configuration Interface (mirror)