summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorSteven Barth <steven@midlink.org>2008-04-28 07:28:27 +0000
committerSteven Barth <steven@midlink.org>2008-04-28 07:28:27 +0000
commit4446f079fd26a1a8687dd0aed192ebb457e668a2 (patch)
tree14679a9665a2514c13f8e2de6c59c5300ad1746e
parent5266a8c01c29bd371afa32dbb1354e0ea3e76045 (diff)
* Fixed Freifunk firewall script
-rw-r--r--module/admin-core/contrib/init.d/luci_freifunk67
1 files changed, 31 insertions, 36 deletions
diff --git a/module/admin-core/contrib/init.d/luci_freifunk b/module/admin-core/contrib/init.d/luci_freifunk
index 6b18e14425..5c78396958 100644
--- a/module/admin-core/contrib/init.d/luci_freifunk
+++ b/module/admin-core/contrib/init.d/luci_freifunk
@@ -11,8 +11,18 @@ start() {
config_get lanif lan ifname
config_get ffif ff ifname
+ config_get lanip lan ipaddr
+ config_get lanmask lan netmask
+
+ config_get ffip ff ipaddr
+ config_get ffmask ff netmask
[ -n "$ffif" ] || return 0
+
+
+ ### Creating chains
+ iptables -N luci_freifunk_forwarding
+ iptables -t nat -N luci_freifunk_postrouting
### Read from config
@@ -24,55 +34,40 @@ start() {
### Freifunk to Freifunk
[ "$internal" -gt 0 ] && {
- iptables -A forwarding_rule -i "$ffif" -o "$ffif" -j ACCEPT
+ iptables -A luci_freifunk_forwarding -i "$ffif" -o "$ffif" -j ACCEPT
}
### Lan to Freifunk
[ -n "$lanif" ] && {
- config_get ipaddr lan ipaddr
- config_get netmask lan netmask
+ eval "$(ipcalc.sh $lanip $lanmask)"
- eval "$(ipcalc.sh $ipaddr $netmask)"
-
- iptables -A forwarding_rule -i "$lanif" -o "$ffif" -j ACCEPT
- iptables -t nat -A postrouting_rule -s "$NETWORK/$PREFIX" -o "$ffif" -j MASQUERADE
+ iptables -A luci_freifunk_forwarding -i "$lanif" -o "$ffif" -j ACCEPT
+ iptables -t nat -A luci_freifunk_postrouting -s "$NETWORK/$PREFIX" -o "$ffif" -j MASQUERADE
}
### Freifunk to Wan
- [ "$internet" -gt 0 ] && {
- config_get ipaddr ff ipaddr
- config_get netmask ff netmask
-
- eval "$(ipcalc.sh $ipaddr $netmask)"
+ [ "$internet" -gt 0 ] && {
+ eval "$(ipcalc.sh $ffip $ffmask)"
- iptables -A forwarding_rule -i "$ffif" -o "$wanif" -j ACCEPT
- iptables -t nat -A postrouting_rule -s "$NETWORK/$PREFIX" -o "$wanif" -j MASQUERADE
+ iptables -A luci_freifunk_forwarding -i "$ffif" -o "$wanif" -j ACCEPT
+ iptables -t nat -A luci_freifunk_postrouting -s "$NETWORK/$PREFIX" -o "$wanif" -j MASQUERADE
}
+
+ ### Hook in the chains
+ iptables -A forwarding_rule -j luci_freifunk_forwarding
+ iptables -t nat -A postrouting_rule -j luci_freifunk_postrouting
}
stop() {
- include /lib/network
- scan_interfaces
-
- ### Read interface names
- config_get wanif wan ifname
- config_get lanif lan ifname
- config_get ffif ff ifname
-
- [ -n "$ffif" ] || return 0
+ ### Hook out the chains
+ iptables -D forwarding_rule -j luci_freifunk_forwarding
+ iptables -t nat -D postrouting_rule -j luci_freifunk_postrouting
- ### Freifunk to Freifunk
- iptables -D forwarding_rule -i "$ffif" -o "$ffif" -j ACCEPT
+ ### Clear the chains
+ iptables -F luci_freifunk_forwarding
+ iptables -t nat -F luci_freifunk_postrouting
- ### Lan to Freifunk
- [ -n "$lanif" ] && {
- iptables -D forwarding_rule -i "$lanif" -o "$ffif" -j ACCEPT
- iptables -t nat -D postrouting_rule -i "$lanif" -o "$ffif" -j MASQUERADE
- }
-
- ### Freifunk to Wan
- [ -n "$wanif" -gt 0 ] && {
- iptables -D forwarding_rule -i "$ffif" -o "$wanif" -j ACCEPT
- iptables -t nat -D postrouting_rule -i "$ffif" -o "$wanif" -j MASQUERADE
- }
+ ### Delete chains
+ iptables -X luci_freifunk_forwarding
+ iptables -t nat -X luci_freifunk_postrouting
}