diff options
author | Manuel Munz <freifunk@somakoma.de> | 2013-06-02 16:29:29 +0000 |
---|---|---|
committer | Manuel Munz <freifunk@somakoma.de> | 2013-06-02 16:29:29 +0000 |
commit | 61a94b2329a8b0c94251c605f5775473d3f1beb7 (patch) | |
tree | bd670ebe1fe6b475d85616d02fb87906e66e2f61 /contrib/package | |
parent | 6c3a86cb77e7b058ceefc4efb9cc9246fa2c54e8 (diff) |
contrib/freifunk-firewall: Make it work with firewall3
Diffstat (limited to 'contrib/package')
3 files changed, 19 insertions, 28 deletions
diff --git a/contrib/package/freifunk-firewall/Makefile b/contrib/package/freifunk-firewall/Makefile index eed1d7a8af..413ea47326 100644 --- a/contrib/package/freifunk-firewall/Makefile +++ b/contrib/package/freifunk-firewall/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=freifunk-firewall -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) @@ -18,7 +18,7 @@ define Package/freifunk-firewall CATEGORY:=LuCI SUBMENU:=9. Freifunk TITLE:=Freifunk Firewall Addon - DEPENDS:=+firewall + DEPENDS:=+firewall3 endef define Package/freifunk-firewall/description diff --git a/contrib/package/freifunk-firewall/files/etc/firewall.freifunk b/contrib/package/freifunk-firewall/files/etc/firewall.freifunk index 4c3f3c476e..d2805f668c 100644 --- a/contrib/package/freifunk-firewall/files/etc/firewall.freifunk +++ b/contrib/package/freifunk-firewall/files/etc/firewall.freifunk @@ -1,7 +1,7 @@ #!/bin/sh # Freifunk Firewall addons -# $Id$ +. /lib/functions.sh # # Apply advanced settings @@ -36,7 +36,5 @@ apply_advanced() { config_foreach apply_advanced advanced -[ -x /etc/init.d/luci_splash ] && ( sleep 3; /etc/init.d/luci_splash restart )& - [ -x /etc/init.d/freifunk-p2pblock ] && /etc/init.d/freifunk-p2pblock enabled && \ ( sleep 3; /etc/init.d/freifunk-p2pblock restart )& diff --git a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan index d6f94ea901..e71c852dfd 100644 --- a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan +++ b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan @@ -5,20 +5,16 @@ clear_restricted_gw() local state="$1" local iface local ifname - local ipaddr - local netmask - local gateway + local subnet config_get iface "$state" iface if [ "$iface" = "$INTERFACE" ]; then config_get ifname "$state" ifname - config_get ipaddr "$state" ipaddr - config_get netmask "$state" netmask - config_get gateway "$state" gateway + config_get subnet "$state" subnet - logger -t firewall.freifunk "removing local restriction to $iface($gateway)" - iptables -D forwarding_rule ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited + logger -t firewall.freifunk "removing local restriction to the network connected to $ifname ($iface)" + iptables -D forwarding_freifunk_rule -o $ifname -d $subnet -j REJECT --reject-with icmp-host-prohibited uci_revert_state firewall "$state" fi } @@ -35,33 +31,30 @@ get_enabled() if [ "$ACTION" = add ]; then local enabled - local ipaddr - local netmask - local gateway + local subnet - include /lib/network - scan_interfaces + . /lib/functions/network.sh - config_get ipaddr "$INTERFACE" ipaddr - config_get netmask "$INTERFACE" netmask - config_get gateway "$INTERFACE" gateway + network_find_wan wan - if [ -n "$gateway" ] && [ "$gateway" != 0.0.0.0 ]; then + [ "$INTERFACE" = "$wan" ] || return 0 + + network_get_subnet subnet $INTERFACE + + if [ -n "$subnet" ]; then config_load firewall local_restrict=0 config_foreach get_enabled zone - + if [ "$local_restrict" = 1 ]; then - logger -t firewall.freifunk "restricting local access to $DEVICE($gateway)" - iptables -I forwarding_rule ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited + logger -t firewall.freifunk "restricting local access to the network connected to $INTERFACE ($DEVICE)" + iptables -I forwarding_freifunk_rule -o $DEVICE -d $subnet -j REJECT --reject-with icmp-host-prohibited local state="restricted_gw_${INTERFACE}" uci_set_state firewall "$state" "" restricted_gw_state uci_set_state firewall "$state" iface "$INTERFACE" uci_set_state firewall "$state" ifname "$DEVICE" - uci_set_state firewall "$state" ipaddr "$ipaddr" - uci_set_state firewall "$state" netmask "$netmask" - uci_set_state firewall "$state" gateway "$gateway" + uci_set_state firewall "$state" subnet "$subnet" fi fi |