projects
/
project
/
luci.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
5266a8c
)
* Fixed Freifunk firewall script
author
Steven Barth
<steven@midlink.org>
Mon, 28 Apr 2008 07:28:27 +0000
(07:28 +0000)
committer
Steven Barth
<steven@midlink.org>
Mon, 28 Apr 2008 07:28:27 +0000
(07:28 +0000)
module/admin-core/contrib/init.d/luci_freifunk
patch
|
blob
|
history
diff --git
a/module/admin-core/contrib/init.d/luci_freifunk
b/module/admin-core/contrib/init.d/luci_freifunk
index
6b18e14
..
5c78396
100644
(file)
--- a/
module/admin-core/contrib/init.d/luci_freifunk
+++ b/
module/admin-core/contrib/init.d/luci_freifunk
@@
-11,8
+11,18
@@
start() {
config_get lanif lan ifname
config_get ffif ff ifname
config_get lanif lan ifname
config_get ffif ff ifname
+ config_get lanip lan ipaddr
+ config_get lanmask lan netmask
+
+ config_get ffip ff ipaddr
+ config_get ffmask ff netmask
[ -n "$ffif" ] || return 0
[ -n "$ffif" ] || return 0
+
+
+ ### Creating chains
+ iptables -N luci_freifunk_forwarding
+ iptables -t nat -N luci_freifunk_postrouting
### Read from config
### Read from config
@@
-24,55
+34,40
@@
start() {
### Freifunk to Freifunk
[ "$internal" -gt 0 ] && {
### Freifunk to Freifunk
[ "$internal" -gt 0 ] && {
- iptables -A
forwarding_rule
-i "$ffif" -o "$ffif" -j ACCEPT
+ iptables -A
luci_freifunk_forwarding
-i "$ffif" -o "$ffif" -j ACCEPT
}
### Lan to Freifunk
[ -n "$lanif" ] && {
}
### Lan to Freifunk
[ -n "$lanif" ] && {
- config_get ipaddr lan ipaddr
- config_get netmask lan netmask
+ eval "$(ipcalc.sh $lanip $lanmask)"
- eval "$(ipcalc.sh $ipaddr $netmask)"
-
- iptables -A forwarding_rule -i "$lanif" -o "$ffif" -j ACCEPT
- iptables -t nat -A postrouting_rule -s "$NETWORK/$PREFIX" -o "$ffif" -j MASQUERADE
+ iptables -A luci_freifunk_forwarding -i "$lanif" -o "$ffif" -j ACCEPT
+ iptables -t nat -A luci_freifunk_postrouting -s "$NETWORK/$PREFIX" -o "$ffif" -j MASQUERADE
}
### Freifunk to Wan
}
### Freifunk to Wan
- [ "$internet" -gt 0 ] && {
- config_get ipaddr ff ipaddr
- config_get netmask ff netmask
-
- eval "$(ipcalc.sh $ipaddr $netmask)"
+ [ "$internet" -gt 0 ] && {
+ eval "$(ipcalc.sh $ffip $ffmask)"
- iptables -A
forwarding_rule
-i "$ffif" -o "$wanif" -j ACCEPT
- iptables -t nat -A
postrouting_rule
-s "$NETWORK/$PREFIX" -o "$wanif" -j MASQUERADE
+ iptables -A
luci_freifunk_forwarding
-i "$ffif" -o "$wanif" -j ACCEPT
+ iptables -t nat -A
luci_freifunk_postrouting
-s "$NETWORK/$PREFIX" -o "$wanif" -j MASQUERADE
}
}
+
+ ### Hook in the chains
+ iptables -A forwarding_rule -j luci_freifunk_forwarding
+ iptables -t nat -A postrouting_rule -j luci_freifunk_postrouting
}
stop() {
}
stop() {
- include /lib/network
- scan_interfaces
-
- ### Read interface names
- config_get wanif wan ifname
- config_get lanif lan ifname
- config_get ffif ff ifname
-
- [ -n "$ffif" ] || return 0
+ ### Hook out the chains
+ iptables -D forwarding_rule -j luci_freifunk_forwarding
+ iptables -t nat -D postrouting_rule -j luci_freifunk_postrouting
- ### Freifunk to Freifunk
- iptables -D forwarding_rule -i "$ffif" -o "$ffif" -j ACCEPT
+ ### Clear the chains
+ iptables -F luci_freifunk_forwarding
+ iptables -t nat -F luci_freifunk_postrouting
- ### Lan to Freifunk
- [ -n "$lanif" ] && {
- iptables -D forwarding_rule -i "$lanif" -o "$ffif" -j ACCEPT
- iptables -t nat -D postrouting_rule -i "$lanif" -o "$ffif" -j MASQUERADE
- }
-
- ### Freifunk to Wan
- [ -n "$wanif" -gt 0 ] && {
- iptables -D forwarding_rule -i "$ffif" -o "$wanif" -j ACCEPT
- iptables -t nat -D postrouting_rule -i "$ffif" -o "$wanif" -j MASQUERADE
- }
+ ### Delete chains
+ iptables -X luci_freifunk_forwarding
+ iptables -t nat -X luci_freifunk_postrouting
}
}