X-Git-Url: http://git.archive.openwrt.org/?a=blobdiff_plain;f=contrib%2Fpackage%2Fmeshwizard%2Ffiles%2Fusr%2Fbin%2Fmeshwizard%2Fhelpers%2Fsetup_firewall.sh;h=7eceb508836eaf37e03f35b073161ce89413feef;hb=dc7cf4417d7bdaa95227de2e476b8c82ae11be6a;hp=33ff9a2bd9330fdd7a8173da84b04a88771c9505;hpb=1e7a41732fa299d5dc56d573a97c4ce97491b35c;p=project%2Fluci.git

diff --git a/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh b/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh
index 33ff9a2bd..7eceb5088 100755
--- a/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh
+++ b/contrib/package/meshwizard/files/usr/bin/meshwizard/helpers/setup_firewall.sh
@@ -109,4 +109,31 @@ if [ "$profile_ipv6_config" = "auto-ipv6-dhcpv6" ]; then
 	EOF
 fi
 
+# Firewall rules to allow incoming ssh and web if enabled
+
+if [ "$wan_allowssh" == 1 ]; then
+	uci batch <<- EOF
+		set firewall.wanssh=rule
+		set firewall.wanssh.src=wan
+		set firewall.wanssh.target=ACCEPT
+		set firewall.wanssh.proto=tcp
+		set firewall.wanssh.dest_port=22
+	EOF
+fi
+
+if [ "$wan_allowweb" == 1 ]; then
+	uci batch <<- EOF
+		set firewall.wanweb=rule
+		set firewall.wanweb.src=wan
+		set firewall.wanweb.target=ACCEPT
+		set firewall.wanweb.proto=tcp
+		set firewall.wanweb.dest_port=80
+		set firewall.wanwebhttps=rule
+		set firewall.wanwebhttps.src=wan
+		set firewall.wanwebhttps.target=ACCEPT
+		set firewall.wanwebhttps.proto=tcp
+		set firewall.wanwebhttps.dest_port=443
+	EOF
+fi
+
 uci_commitverbose "Setup rules, forwardings, advanced config and includes." firewall