12 config_get iface "$state" iface
14 if [ "$iface" = "$INTERFACE" ]; then
15 config_get ifname "$state" ifname
16 config_get ipaddr "$state" ipaddr
17 config_get netmask "$state" netmask
18 config_get gateway "$state" gateway
20 logger -t firewall.freifunk "removing local restriction to $iface($gateway)"
21 iptables -D "zone_${INTERFACE}_ACCEPT" ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT
22 iptables -D "zone_${INTERFACE}_ACCEPT" ! -i $ifname -o $ifname -d $gateway -j ACCEPT
24 uci_revert_state firewall "$state"
31 config_get name "$1" name
33 if [ "$name" = "$ZONE" ]; then
34 config_get_bool local_restrict "$1" local_restrict
38 if [ "$ACTION" = add ]; then
47 config_get ipaddr "$INTERFACE" ipaddr
48 config_get netmask "$INTERFACE" netmask
49 config_get gateway "$INTERFACE" gateway
51 if [ -n "$gateway" ] && [ "$gateway" != 0.0.0.0 ]; then
55 config_foreach get_enabled zone
57 if [ "$local_restrict" = 1 ]; then
58 logger -t firewall.freifunk "restricting local access to $DEVICE($gateway)"
59 iptables -I "zone_${INTERFACE}_ACCEPT" ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT
60 iptables -I "zone_${INTERFACE}_ACCEPT" ! -i $DEVICE -o $DEVICE -d $gateway -j ACCEPT
62 local state="restricted_gw_${INTERFACE}"
63 uci_set_state firewall "$state" "" restricted_gw_state
64 uci_set_state firewall "$state" iface "$INTERFACE"
65 uci_set_state firewall "$state" ifname "$DEVICE"
66 uci_set_state firewall "$state" ipaddr "$ipaddr"
67 uci_set_state firewall "$state" netmask "$netmask"
68 uci_set_state firewall "$state" gateway "$gateway"
72 elif [ "$ACTION" = remove ]; then
74 config_foreach clear_restricted_gw restricted_gw_state