diff options
| author | Steven Barth <steven@midlink.org> | 2008-04-28 07:28:27 +0000 |
|---|---|---|
| committer | Steven Barth <steven@midlink.org> | 2008-04-28 07:28:27 +0000 |
| commit | 4446f079fd26a1a8687dd0aed192ebb457e668a2 (patch) | |
| tree | 14679a9665a2514c13f8e2de6c59c5300ad1746e | |
| parent | 5266a8c01c29bd371afa32dbb1354e0ea3e76045 (diff) | |
* Fixed Freifunk firewall script
| -rw-r--r-- | module/admin-core/contrib/init.d/luci_freifunk | 67 |
1 files changed, 31 insertions, 36 deletions
diff --git a/module/admin-core/contrib/init.d/luci_freifunk b/module/admin-core/contrib/init.d/luci_freifunk index 6b18e1442..5c7839695 100644 --- a/module/admin-core/contrib/init.d/luci_freifunk +++ b/module/admin-core/contrib/init.d/luci_freifunk @@ -11,8 +11,18 @@ start() { config_get lanif lan ifname config_get ffif ff ifname + config_get lanip lan ipaddr + config_get lanmask lan netmask + + config_get ffip ff ipaddr + config_get ffmask ff netmask [ -n "$ffif" ] || return 0 + + + ### Creating chains + iptables -N luci_freifunk_forwarding + iptables -t nat -N luci_freifunk_postrouting ### Read from config @@ -24,55 +34,40 @@ start() { ### Freifunk to Freifunk [ "$internal" -gt 0 ] && { - iptables -A forwarding_rule -i "$ffif" -o "$ffif" -j ACCEPT + iptables -A luci_freifunk_forwarding -i "$ffif" -o "$ffif" -j ACCEPT } ### Lan to Freifunk [ -n "$lanif" ] && { - config_get ipaddr lan ipaddr - config_get netmask lan netmask + eval "$(ipcalc.sh $lanip $lanmask)" - eval "$(ipcalc.sh $ipaddr $netmask)" - - iptables -A forwarding_rule -i "$lanif" -o "$ffif" -j ACCEPT - iptables -t nat -A postrouting_rule -s "$NETWORK/$PREFIX" -o "$ffif" -j MASQUERADE + iptables -A luci_freifunk_forwarding -i "$lanif" -o "$ffif" -j ACCEPT + iptables -t nat -A luci_freifunk_postrouting -s "$NETWORK/$PREFIX" -o "$ffif" -j MASQUERADE } ### Freifunk to Wan - [ "$internet" -gt 0 ] && { - config_get ipaddr ff ipaddr - config_get netmask ff netmask - - eval "$(ipcalc.sh $ipaddr $netmask)" + [ "$internet" -gt 0 ] && { + eval "$(ipcalc.sh $ffip $ffmask)" - iptables -A forwarding_rule -i "$ffif" -o "$wanif" -j ACCEPT - iptables -t nat -A postrouting_rule -s "$NETWORK/$PREFIX" -o "$wanif" -j MASQUERADE + iptables -A luci_freifunk_forwarding -i "$ffif" -o "$wanif" -j ACCEPT + iptables -t nat -A luci_freifunk_postrouting -s "$NETWORK/$PREFIX" -o "$wanif" -j MASQUERADE } + + ### Hook in the chains + iptables -A forwarding_rule -j luci_freifunk_forwarding + iptables -t nat -A postrouting_rule -j luci_freifunk_postrouting } stop() { - include /lib/network - scan_interfaces - - ### Read interface names - config_get wanif wan ifname - config_get lanif lan ifname - config_get ffif ff ifname - - [ -n "$ffif" ] || return 0 + ### Hook out the chains + iptables -D forwarding_rule -j luci_freifunk_forwarding + iptables -t nat -D postrouting_rule -j luci_freifunk_postrouting - ### Freifunk to Freifunk - iptables -D forwarding_rule -i "$ffif" -o "$ffif" -j ACCEPT + ### Clear the chains + iptables -F luci_freifunk_forwarding + iptables -t nat -F luci_freifunk_postrouting - ### Lan to Freifunk - [ -n "$lanif" ] && { - iptables -D forwarding_rule -i "$lanif" -o "$ffif" -j ACCEPT - iptables -t nat -D postrouting_rule -i "$lanif" -o "$ffif" -j MASQUERADE - } - - ### Freifunk to Wan - [ -n "$wanif" -gt 0 ] && { - iptables -D forwarding_rule -i "$ffif" -o "$wanif" -j ACCEPT - iptables -t nat -D postrouting_rule -i "$ffif" -o "$wanif" -j MASQUERADE - } + ### Delete chains + iptables -X luci_freifunk_forwarding + iptables -t nat -X luci_freifunk_postrouting } |