+
+ -- Enforce firewall include
+ local has_include = false
+ uci:foreach("firewall", "include",
+ function(section)
+ if section.path == "/etc/firewall.freifunk" then
+ has_include = true
+ end
+ end)
+
+ if not has_include then
+ uci:section("firewall", "include", nil,
+ { path = "/etc/firewall.freifunk" })
+ end
+
+ -- Allow state: invalid packets
+ uci:foreach("firewall", "defaults",
+ function(section)
+ uci:set("firewall", section[".name"], "drop_invalid", "0")
+ end)
+
+ -- Prepare advanced config
+ local has_advanced = false
+ uci:foreach("firewall", "advanced",
+ function(section) has_advanced = true end)
+
+ if not has_advanced then
+ uci:section("firewall", "advanced", nil,
+ { tcp_ecn = "0", ip_conntrack_max = "8192", tcp_westwood = "1" })
+ end
+
+ uci:save("firewall")
+
+
+ -- Create network interface
+ local netconfig = uci:get_all("freifunk", "interface")
+ util.update(netconfig, uci:get_all(external, "interface") or {})