summaryrefslogtreecommitdiffhomepage
path: root/contrib/package/freifunk-firewall/files
diff options
context:
space:
mode:
authorManuel Munz <freifunk@somakoma.de>2013-06-02 16:29:29 +0000
committerManuel Munz <freifunk@somakoma.de>2013-06-02 16:29:29 +0000
commit61a94b2329a8b0c94251c605f5775473d3f1beb7 (patch)
treebd670ebe1fe6b475d85616d02fb87906e66e2f61 /contrib/package/freifunk-firewall/files
parent6c3a86cb77e7b058ceefc4efb9cc9246fa2c54e8 (diff)
contrib/freifunk-firewall: Make it work with firewall3
Diffstat (limited to 'contrib/package/freifunk-firewall/files')
-rw-r--r--contrib/package/freifunk-firewall/files/etc/firewall.freifunk4
-rw-r--r--contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan39
2 files changed, 17 insertions, 26 deletions
diff --git a/contrib/package/freifunk-firewall/files/etc/firewall.freifunk b/contrib/package/freifunk-firewall/files/etc/firewall.freifunk
index 4c3f3c476..d2805f668 100644
--- a/contrib/package/freifunk-firewall/files/etc/firewall.freifunk
+++ b/contrib/package/freifunk-firewall/files/etc/firewall.freifunk
@@ -1,7 +1,7 @@
#!/bin/sh
# Freifunk Firewall addons
-# $Id$
+. /lib/functions.sh
#
# Apply advanced settings
@@ -36,7 +36,5 @@ apply_advanced() {
config_foreach apply_advanced advanced
-[ -x /etc/init.d/luci_splash ] && ( sleep 3; /etc/init.d/luci_splash restart )&
-
[ -x /etc/init.d/freifunk-p2pblock ] && /etc/init.d/freifunk-p2pblock enabled && \
( sleep 3; /etc/init.d/freifunk-p2pblock restart )&
diff --git a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
index d6f94ea90..e71c852df 100644
--- a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
+++ b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
@@ -5,20 +5,16 @@ clear_restricted_gw()
local state="$1"
local iface
local ifname
- local ipaddr
- local netmask
- local gateway
+ local subnet
config_get iface "$state" iface
if [ "$iface" = "$INTERFACE" ]; then
config_get ifname "$state" ifname
- config_get ipaddr "$state" ipaddr
- config_get netmask "$state" netmask
- config_get gateway "$state" gateway
+ config_get subnet "$state" subnet
- logger -t firewall.freifunk "removing local restriction to $iface($gateway)"
- iptables -D forwarding_rule ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited
+ logger -t firewall.freifunk "removing local restriction to the network connected to $ifname ($iface)"
+ iptables -D forwarding_freifunk_rule -o $ifname -d $subnet -j REJECT --reject-with icmp-host-prohibited
uci_revert_state firewall "$state"
fi
}
@@ -35,33 +31,30 @@ get_enabled()
if [ "$ACTION" = add ]; then
local enabled
- local ipaddr
- local netmask
- local gateway
+ local subnet
- include /lib/network
- scan_interfaces
+ . /lib/functions/network.sh
- config_get ipaddr "$INTERFACE" ipaddr
- config_get netmask "$INTERFACE" netmask
- config_get gateway "$INTERFACE" gateway
+ network_find_wan wan
- if [ -n "$gateway" ] && [ "$gateway" != 0.0.0.0 ]; then
+ [ "$INTERFACE" = "$wan" ] || return 0
+
+ network_get_subnet subnet $INTERFACE
+
+ if [ -n "$subnet" ]; then
config_load firewall
local_restrict=0
config_foreach get_enabled zone
-
+
if [ "$local_restrict" = 1 ]; then
- logger -t firewall.freifunk "restricting local access to $DEVICE($gateway)"
- iptables -I forwarding_rule ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited
+ logger -t firewall.freifunk "restricting local access to the network connected to $INTERFACE ($DEVICE)"
+ iptables -I forwarding_freifunk_rule -o $DEVICE -d $subnet -j REJECT --reject-with icmp-host-prohibited
local state="restricted_gw_${INTERFACE}"
uci_set_state firewall "$state" "" restricted_gw_state
uci_set_state firewall "$state" iface "$INTERFACE"
uci_set_state firewall "$state" ifname "$DEVICE"
- uci_set_state firewall "$state" ipaddr "$ipaddr"
- uci_set_state firewall "$state" netmask "$netmask"
- uci_set_state firewall "$state" gateway "$gateway"
+ uci_set_state firewall "$state" subnet "$subnet"
fi
fi