summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorManuel Munz <freifunk@somakoma.de>2011-03-14 19:34:23 +0000
committerManuel Munz <freifunk@somakoma.de>2011-03-14 19:34:23 +0000
commitdaadcb9ea2edc6d6c99b379b40ea9f8a56864a04 (patch)
treee810ad54254f42e99cb06743b1ab04c228c0d579
parentf5bfd8b75be995e7e7d106343475172a38f4802f (diff)
Add freifunk-policyrouting and luci-app-freifunk-policyrouting
-rw-r--r--applications/luci-freifunk-policyrouting/Makefile4
-rw-r--r--applications/luci-freifunk-policyrouting/luasrc/controller/freifunk/policy-routing.lua23
-rw-r--r--applications/luci-freifunk-policyrouting/luasrc/model/cbi/freifunk/policyrouting.lua40
-rw-r--r--contrib/package/freifunk-policyrouting/Makefile39
-rw-r--r--contrib/package/freifunk-policyrouting/files/etc/config/freifunk-policyrouting6
-rw-r--r--contrib/package/freifunk-policyrouting/files/etc/hotplug.d/firewall/24-policyrouting72
-rw-r--r--contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting78
-rw-r--r--contrib/package/freifunk-policyrouting/files/etc/uci-defaults/freifunk-policyrouting7
-rw-r--r--contrib/package/luci/Makefile3
-rw-r--r--po/ca/freifunk-policyrouting.po31
-rw-r--r--po/de/freifunk-policyrouting.po55
-rw-r--r--po/el/freifunk-policyrouting.po31
-rw-r--r--po/en/freifunk-policyrouting.po31
-rw-r--r--po/es/freifunk-policyrouting.po31
-rw-r--r--po/fr/freifunk-policyrouting.po31
-rw-r--r--po/it/freifunk-policyrouting.po31
-rw-r--r--po/ja/freifunk-policyrouting.po31
-rw-r--r--po/ms/freifunk-policyrouting.po31
-rw-r--r--po/no/freifunk-policyrouting.po31
-rw-r--r--po/pl/freifunk-policyrouting.po31
-rw-r--r--po/pt/freifunk-policyrouting.po31
-rw-r--r--po/pt_BR/freifunk-policyrouting.po31
-rw-r--r--po/ru/freifunk-policyrouting.po31
-rw-r--r--po/templates/freifunk-policyrouting.pot34
-rw-r--r--po/vi/freifunk-policyrouting.po31
-rw-r--r--po/zh_CN/freifunk-policyrouting.po31
26 files changed, 826 insertions, 0 deletions
diff --git a/applications/luci-freifunk-policyrouting/Makefile b/applications/luci-freifunk-policyrouting/Makefile
new file mode 100644
index 000000000..3efa329b7
--- /dev/null
+++ b/applications/luci-freifunk-policyrouting/Makefile
@@ -0,0 +1,4 @@
+PO = freifunk-policyrouting
+
+include ../../build/config.mk
+include ../../build/module.mk
diff --git a/applications/luci-freifunk-policyrouting/luasrc/controller/freifunk/policy-routing.lua b/applications/luci-freifunk-policyrouting/luasrc/controller/freifunk/policy-routing.lua
new file mode 100644
index 000000000..32c9c0ba4
--- /dev/null
+++ b/applications/luci-freifunk-policyrouting/luasrc/controller/freifunk/policy-routing.lua
@@ -0,0 +1,23 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2011 Manuel Munz <freifunk at somakoma de>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+]]--
+
+
+module "luci.controller.freifunk.policy-routing"
+
+function index()
+ require("luci.i18n").loadc("freifunk-policyrouting")
+ local i18n = luci.i18n.translate
+
+ entry({"admin", "freifunk", "policyrouting"}, cbi("freifunk/policyrouting"), i18n("Policy Routing"), 60)
+end
+
+
diff --git a/applications/luci-freifunk-policyrouting/luasrc/model/cbi/freifunk/policyrouting.lua b/applications/luci-freifunk-policyrouting/luasrc/model/cbi/freifunk/policyrouting.lua
new file mode 100644
index 000000000..b3cac9a10
--- /dev/null
+++ b/applications/luci-freifunk-policyrouting/luasrc/model/cbi/freifunk/policyrouting.lua
@@ -0,0 +1,40 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2011 Manuel Munz <freifunk at somakoma de>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+]]--
+
+luci.i18n.loadc("freifunk")
+local uci = require "luci.model.uci".cursor()
+
+m = Map("freifunk-policyrouting", translate("Policy Routing"), translate("These pages can be used to setup policy routing for certain firewall zones. "..
+ "This is useful if you need to use your own internet connection for yourself but you don't want to share it with others (thats why it can also be "..
+ "called 'Ego Mode'). Your own traffic is then sent via your internet connection while traffic originating from the mesh will use another gateway in the mesh. "))
+m:chain("network")
+
+c = m:section(NamedSection, "pr", "settings", "")
+
+local pr = c:option(Flag, "enable", translate("Enable Policy Routing"))
+pr.rmempty = false
+
+local strict = c:option(Flag, "strict", translate("Strict Filtering"), translate("If no default route is received from the mesh network then traffic which belongs to "..
+ "the selected firewall zones is routed via your internet connection as a fallback. If you do not want this and instead block that traffic then you should "..
+ "select this option."))
+strict.rmempty = false
+
+local zones = c:option(MultiValue, "zones", translate("Firewall zones"), translate("All traffic from interfaces belonging to these zones will be sent via "..
+ "a gateway in the mesh network."))
+uci:foreach("firewall", "zone", function(section)
+ local name = section.name
+ if not (name == "wan") then
+ zones:value(name)
+ end
+end)
+
+return m
diff --git a/contrib/package/freifunk-policyrouting/Makefile b/contrib/package/freifunk-policyrouting/Makefile
new file mode 100644
index 000000000..7ff0b07d6
--- /dev/null
+++ b/contrib/package/freifunk-policyrouting/Makefile
@@ -0,0 +1,39 @@
+# Copyright (C) 2011 Manuel Munz <freifunk at somakoma de>
+# This is free software, licensed under the Apache 2.0 license.
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=freifunk-policyrouting
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/freifunk-policyrouting
+ SECTION:=luci
+ CATEGORY:=LuCI
+ SUBMENU:=Freifunk
+ TITLE:=Freifunk policy routing addon
+ DEPENDS:=+firewall +ip
+endef
+
+define Package/freifunk-policyrouting/description
+ Allows you to send your own traffic via your own default gateway while sending traffic received from the mesh to a gateway in the mesh.
+endef
+
+define Build/Prepare
+ mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+endef
+
+define Package/freifunk-policyrouting/install
+ $(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,freifunk-policyrouting))
diff --git a/contrib/package/freifunk-policyrouting/files/etc/config/freifunk-policyrouting b/contrib/package/freifunk-policyrouting/files/etc/config/freifunk-policyrouting
new file mode 100644
index 000000000..ba58625bc
--- /dev/null
+++ b/contrib/package/freifunk-policyrouting/files/etc/config/freifunk-policyrouting
@@ -0,0 +1,6 @@
+
+config 'settings' 'pr'
+ option 'enable' '0'
+ option 'strict' '1'
+ option 'zones' ''
+
diff --git a/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/firewall/24-policyrouting b/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/firewall/24-policyrouting
new file mode 100644
index 000000000..3e6f8155c
--- /dev/null
+++ b/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/firewall/24-policyrouting
@@ -0,0 +1,72 @@
+if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
+ pr=`uci get freifunk-policyrouting.pr.enable`
+ strict=`uci get freifunk-policyrouting.pr.strict`
+ zones=`uci get freifunk-policyrouting.pr.zones`
+
+ if [ $pr = "1" ]; then
+
+ # The wan device name
+ if [ -n "`uci -p /var/state get network.wan.ifname`" ]; then
+ wandev=`uci -p /var/state get network.wan.ifname`
+ else
+ wandev=`uci -p /var/state get network.wan.device`
+ fi
+
+ iptables -t mangle -D PREROUTING -j prerouting_policy > /dev/null 2>&1
+ iptables -t mangle -F prerouting_policy > /dev/null 2>&1
+ iptables -t mangle -N prerouting_policy > /dev/null 2>&1
+ iptables -t mangle -I PREROUTING -j prerouting_policy > /dev/null 2>&1
+
+ # If no route is in table olsr-default, then usually the hosts local default route is used.
+ # If set to strict then we add a filter which prevents this
+ if [ "$strict" == "1" ]; then
+ ln=$(( `iptables -L FORWARD -v --line-numbers | grep -m 1 reject | awk {' print $1 '}` - 1 ))
+ if [ ! $ln -gt 0 ]; then
+ ln=1
+ fi
+ if [ -z "`iptables -L |grep 'Chain forward_policy'`" ]; then
+ iptables -N forward_policy
+ fi
+ if [ -z "`iptables -L FORWARD -v |grep forward_policy`" ]; then
+ iptables -I FORWARD $ln -m mark --mark 1 -j forward_policy
+ fi
+ iptables -F forward_policy
+ iptables -I forward_policy -o $wandev -j REJECT --reject-with icmp-net-prohibited
+ fi
+
+ # set mark 1 for all packets coming in via enabled zones
+ for i in $zones; do
+ # find out which interfaces belong to this zone
+ zone=`uci show firewall |grep "name=$i" |awk {' FS="."; print $1"."$2 '}`
+ interfaces=`uci get $zone.network`
+ if [ "$interfaces" == "" ]; then
+ interfaces=$i
+ fi
+ for int in $interfaces; do
+ if [ "`uci -q get network.$int.type`" == "bridge" ]; then
+ dev="br-$int"
+ else
+ dev=`uci get network.$int.ifname`
+ fi
+ logger -t policyrouting "Add mark 1 to packages coming in via interface $dev"
+ iptables -t mangle -I prerouting_policy -i $dev -j MARK --set-mark 1
+ done
+ done
+ else
+ # Cleanup policy routing stuff that might be lingering around
+ if [ -n "`iptables -t mangle -L PREROUTING |grep _policy`" ]; then
+ logger -t policyrouting "Delete prerouting_policy chain in table mangle"
+ iptables -t mangle -D PREROUTING -j prerouting_policy
+ iptables -t mangle -F prerouting_policy
+ iptables -t mangle -X prerouting_policy
+ fi
+ if [ -n "`iptables -L FORWARD |grep forward_policy`" ]; then
+ logger -t policyrouting "Delete strict forwarding rules"
+ iptables -D FORWARD -m mark --mark 1 -j forward_policy
+ iptables -F forward_policy
+ iptables -X forward_policy
+ fi
+ logger -t policyrouting "All firewall rules for policyrouting removed."
+ fi
+fi
+
diff --git a/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting b/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting
new file mode 100644
index 000000000..e3b0edeb3
--- /dev/null
+++ b/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting
@@ -0,0 +1,78 @@
+[ "$INTERFACE" != "wan" ] && exit 0
+
+case $ACTION in
+ ifup)
+ pr=`uci get freifunk-policyrouting.pr.enable`
+ if [ $pr = "1" ]; then
+ logger -t policyrouting "Starting policy routing on $INTERFACE"
+
+ # Setup new tables
+ tables="/etc/iproute2/rt_tables"
+ if [ -z "`grep "111" $tables`" ]; then
+ echo "111 olsr" >> $tables
+ fi
+ if [ -z "`grep "112" $tables`" ]; then
+ echo "112 olsr-default" >> $tables
+ fi
+
+ # Make sure Rt_tables in olsrd are in place
+ if [ ! "`uci -q get olsrd.@olsrd[0].RtTable`" == "111" ] || [ ! "`uci -q get olsrd.@olsrd[0].RtTableDefault`" == "112" ]; then
+ uci set olsrd.@olsrd[0].RtTable='111'
+ uci set olsrd.@olsrd[0].RtTableDefault='112'
+ uci commit
+ /etc/init.d/olsrd restart
+ fi
+
+ # Disable dyn_gw and dyngw_plain
+ dyngwlib=`uci show olsrd |grep dyn_gw.so |awk {' FS="."; print $1"."$2 '}`
+ if [ -n "$dyngwlib" ]; then
+ uci set $dyngwlib.ignore=1
+ uci commit
+ fi
+
+ dyngwplainlib=`uci show olsrd |grep dyn_gw_plain |awk {' FS="."; print $1"."$2 '}`
+ if [ -n "$dyngwplainlib" ]; then
+ uci set $dyngwplainlib.ignore=1
+ uci commit
+ fi
+
+ gw=`uci -p /var/state get network.wan.gateway`
+ netmask=`uci -p /var/state get network.wan.netmask`
+ if [ -z "$netmask" ]; then
+ NETMASK="255.255.255.255"
+ fi
+
+ if [ -n "`uci -p /var/state get network.wan.ifname`" ]; then
+ device=`uci -p /var/state get network.wan.ifname`
+ else
+ device=`uci -p /var/state get network.wan.device`
+ fi
+
+ eval `ipcalc.sh $gw $netmask`
+
+ test -n "`ip r s t default`" && ip r d default t default
+ test -n "`ip r s |grep default`" && ip route del default
+ ip route add $NETWORK/$NETMASK dev $device table default
+ ip route add default via $gw dev $device table default
+
+ ip rule del lookup main
+ ip rule add fwmark 1 lookup olsr-default
+ ip rule add lookup main
+ ip rule add lookup olsr
+ else
+ # Remove custom routing tables from olsrd
+ if [ "`uci -q get olsrd.@olsrd[0].RtTable`" == "111" ] || [ "`uci -q get olsrd.@olsrd[0].RtTableDefault`" == "112" ]; then
+ uci delete olsrd.@olsrd[0].RtTable
+ uci delete olsrd.@olsrd[0].RtTableDefault
+ uci commit
+ /etc/init.d/olsrd restart
+ fi
+ fi
+ ;;
+
+ ifdown)
+ logger -t policyrouting "Deleting policy rules for $INTERFACE"
+ ip rule del fwmark 1 lookup olsr-default > /dev/null 2>&1
+ ip rule del lookup olsr > /dev/null 2>&1
+ ;;
+esac
diff --git a/contrib/package/freifunk-policyrouting/files/etc/uci-defaults/freifunk-policyrouting b/contrib/package/freifunk-policyrouting/files/etc/uci-defaults/freifunk-policyrouting
new file mode 100644
index 000000000..a6412d4df
--- /dev/null
+++ b/contrib/package/freifunk-policyrouting/files/etc/uci-defaults/freifunk-policyrouting
@@ -0,0 +1,7 @@
+#!/bin/sh
+uci batch <<-EOF
+ add ucitrack freifunk-policyrouting
+ add_list ucitrack.@freifunk-policyrouting[-1].affects="network"
+ commit ucitrack
+EOF
+
diff --git a/contrib/package/luci/Makefile b/contrib/package/luci/Makefile
index 364175790..354de1e62 100644
--- a/contrib/package/luci/Makefile
+++ b/contrib/package/luci/Makefile
@@ -306,6 +306,9 @@ $(eval $(call application,siitwizard,SIIT IPv4-over-IPv6 configuration wizard,\
$(eval $(call application,firewall,Firmware and Portforwarding application,\
+PACKAGE_luci-app-firewall:firewall))
+$(eval $(call application,freifunk-policyrouting,Policy routing for mesh traffic,\
+ +PACKAGE_luci-app-freifunk-policyrouting:freifunk-policyrouting +luci-mod-freifunk))
+
$(eval $(call application,olsr,OLSR configuration and status module,\
+luci-mod-admin-full +PACKAGE_luci-app-olsr:olsrd +PACKAGE_luci-app-olsr:olsrd-mod-txtinfo))
diff --git a/po/ca/freifunk-policyrouting.po b/po/ca/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/ca/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/de/freifunk-policyrouting.po b/po/de/freifunk-policyrouting.po
new file mode 100644
index 000000000..edbe375fe
--- /dev/null
+++ b/po/de/freifunk-policyrouting.po
@@ -0,0 +1,55 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Last-Translator: Manuel Munz <freifunk@somakoma.de>\n"
+"Language-Team: \n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+"Traffic der aus diesen Zonen kommt wird über ein Internetgateway im Mesh "
+"weitergeleitet."
+
+msgid "Enable Policy Routing"
+msgstr "Policy Routing aktivieren"
+
+msgid "Firewall zones"
+msgstr "Firewallzonen"
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+"Falls im Mesh kein anderer Internetgateway verfügbar ist, dann wird Traffic "
+"aus den ausgewählten Zonen als Fallback über die Internetverbindung dieses "
+"Routers geleitet. Wenn das nicht gewünscht ist und dieser Traffic dann "
+"stattdessen geblockt werden soll, dann aktiviere diese Option."
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr "Strenges Filtern"
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
+"Auf diesen Seiten kann Policy Routing für bestimmte Firewallzonen aktiviert "
+"werden. Dies ist z.B. nützlich, wenn du deinen eigenen Internetverkehr über "
+"deine eigene Internetverbindung routen aber diese nicht mit anderen teilen "
+"willst ('Mein Gateway für mich allein'). Eigener Traffic wird dann über die "
+"eigene Internetverbindung geschickt während Traffic aus den ausgewählten "
+"Firewallzonen über einen anderen Gateway im Mesh geleitet wird."
diff --git a/po/el/freifunk-policyrouting.po b/po/el/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/el/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/en/freifunk-policyrouting.po b/po/en/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/en/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/es/freifunk-policyrouting.po b/po/es/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/es/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/fr/freifunk-policyrouting.po b/po/fr/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/fr/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/it/freifunk-policyrouting.po b/po/it/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/it/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/ja/freifunk-policyrouting.po b/po/ja/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/ja/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/ms/freifunk-policyrouting.po b/po/ms/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/ms/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/no/freifunk-policyrouting.po b/po/no/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/no/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/pl/freifunk-policyrouting.po b/po/pl/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/pl/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/pt/freifunk-policyrouting.po b/po/pt/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/pt/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/pt_BR/freifunk-policyrouting.po b/po/pt_BR/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/pt_BR/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/ru/freifunk-policyrouting.po b/po/ru/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/ru/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/templates/freifunk-policyrouting.pot b/po/templates/freifunk-policyrouting.pot
new file mode 100644
index 000000000..c9465d4cf
--- /dev/null
+++ b/po/templates/freifunk-policyrouting.pot
@@ -0,0 +1,34 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/vi/freifunk-policyrouting.po b/po/vi/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/vi/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""
diff --git a/po/zh_CN/freifunk-policyrouting.po b/po/zh_CN/freifunk-policyrouting.po
new file mode 100644
index 000000000..b739057fb
--- /dev/null
+++ b/po/zh_CN/freifunk-policyrouting.po
@@ -0,0 +1,31 @@
+msgid ""
+"All traffic from interfaces belonging to these zones will be sent via a "
+"gateway in the mesh network."
+msgstr ""
+
+msgid "Enable Policy Routing"
+msgstr ""
+
+msgid "Firewall zones"
+msgstr ""
+
+msgid ""
+"If no default route is received from the mesh network then traffic which "
+"belongs to the selected firewall zones is routed via your internet "
+"connection as a fallback. If you do not want this and instead block that "
+"traffic then you should select this option."
+msgstr ""
+
+msgid "Policy Routing"
+msgstr ""
+
+msgid "Strict Filtering"
+msgstr ""
+
+msgid ""
+"These pages can be used to setup policy routing for certain firewall zones. "
+"This is useful if you need to use your own internet connection for yourself "
+"but you don't want to share it with others (thats why it can also be called "
+"'Ego Mode'). Your own traffic is then sent via your internet connection "
+"while traffic originating from the mesh will use another gateway in the mesh."
+msgstr ""