blob: e71c852dfd7ab44fb2f5e37daa4ea75208bd12e6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#!/bin/sh
clear_restricted_gw()
{
local state="$1"
local iface
local ifname
local subnet
config_get iface "$state" iface
if [ "$iface" = "$INTERFACE" ]; then
config_get ifname "$state" ifname
config_get subnet "$state" subnet
logger -t firewall.freifunk "removing local restriction to the network connected to $ifname ($iface)"
iptables -D forwarding_freifunk_rule -o $ifname -d $subnet -j REJECT --reject-with icmp-host-prohibited
uci_revert_state firewall "$state"
fi
}
get_enabled()
{
local name
config_get name "$1" name
if [ "$name" = "$ZONE" ]; then
config_get_bool local_restrict "$1" local_restrict
fi
}
if [ "$ACTION" = add ]; then
local enabled
local subnet
. /lib/functions/network.sh
network_find_wan wan
[ "$INTERFACE" = "$wan" ] || return 0
network_get_subnet subnet $INTERFACE
if [ -n "$subnet" ]; then
config_load firewall
local_restrict=0
config_foreach get_enabled zone
if [ "$local_restrict" = 1 ]; then
logger -t firewall.freifunk "restricting local access to the network connected to $INTERFACE ($DEVICE)"
iptables -I forwarding_freifunk_rule -o $DEVICE -d $subnet -j REJECT --reject-with icmp-host-prohibited
local state="restricted_gw_${INTERFACE}"
uci_set_state firewall "$state" "" restricted_gw_state
uci_set_state firewall "$state" iface "$INTERFACE"
uci_set_state firewall "$state" ifname "$DEVICE"
uci_set_state firewall "$state" subnet "$subnet"
fi
fi
elif [ "$ACTION" = remove ]; then
config_load firewall
config_foreach clear_restricted_gw restricted_gw_state
fi
|
