applications/luci-ffwizard-leipzig: force /etc/firewall.freifunk include and set drop_invalid to 0

author: Jo-Philipp Wich <jow@openwrt.org> 2009-01-19 00:16:13 +0000
committer: Jo-Philipp Wich <jow@openwrt.org> 2009-01-19 00:16:13 +0000
commit: 394093af0e013ae9b9bbcb4636a7f35dd2fc3f10 (patch)
tree: c10797d1060a232fdbed0976300a679c69b10ccd /applications/luci-ffwizard-leipzig
parent: 11ebe1aa815805b4d02f48012467d265c8e7f208 (diff)
1 files changed, 21 insertions, 1 deletions
diff --git a/applications/luci-ffwizard-leipzig/luasrc/model/cbi/ffwizard.lua b/applications/luci-ffwizard-leipzig/luasrc/model/cbi/ffwizard.lua
index 87bbe4d1f..053df036a 100644
--- a/applications/luci-ffwizard-leipzig/luasrc/model/cbi/ffwizard.lua
+++ b/applications/luci-ffwizard-leipzig/luasrc/model/cbi/ffwizard.lua
@@ -187,10 +187,30 @@ function main.write(self, section, value)
 		uci:foreach(external, "fw_rule", function(section)
 			uci:section("firewall", "rule", nil, section)
 		end)
+	end
+
+	-- Enforce firewall include
+	local has_include = false
+	uci:foreach("firewall", "include",
+		function(section)
+			if section.path == "/etc/firewall.freifunk" then
+				has_include = true
+			end
+		end)
 
-		uci:save("firewall")
+	if not has_include then
+		uci:section("firewall", "include", nil,
+			{ path = "/etc/firewall.freifunk" })
 	end
 
+	-- Allow state: invalid packets
+	uci:foreach("firewall", "defaults",
+		function(section)
+			uci:set("firewall", section[".name"], "drop_invalid", "0")
+		end)
+
+	uci:save("firewall")
+
 
 	-- Crate network interface
 	local netconfig = uci:get_all("freifunk", "interface")
author	Jo-Philipp Wich <jow@openwrt.org>	2009-01-19 00:16:13 +0000
committer	Jo-Philipp Wich <jow@openwrt.org>	2009-01-19 00:16:13 +0000
commit	394093af0e013ae9b9bbcb4636a7f35dd2fc3f10 (patch)
tree	c10797d1060a232fdbed0976300a679c69b10ccd /applications/luci-ffwizard-leipzig
parent	11ebe1aa815805b4d02f48012467d265c8e7f208 (diff)