applications/luci-ffwizard-leipzig: force /etc/firewall.freifunk include and set drop_invalid to 0

2009-01-19 00:16:13 +00:00 · 2009-01-19 00:16:13 +00:00 · 394093af0e
commit 394093af0e
parent 11ebe1aa81
1 changed files with 22 additions and 2 deletions
--- a/applications/luci-ffwizard-leipzig/luasrc/model/cbi/ffwizard.lua
+++ b/applications/luci-ffwizard-leipzig/luasrc/model/cbi/ffwizard.lua
@ -187,10 +187,30 @@ function main.write(self, section, value)
 		uci:foreach(external, "fw_rule", function(section)
 			uci:section("firewall", "rule", nil, section)
 		end)
-
-		uci:save("firewall")
 	end

+	-- Enforce firewall include
+	local has_include = false
+	uci:foreach("firewall", "include",
+		function(section)
+			if section.path == "/etc/firewall.freifunk" then
+				has_include = true
+			end
+		end)
+
+	if not has_include then
+		uci:section("firewall", "include", nil,
+			{ path = "/etc/firewall.freifunk" })
+	end
+
+	-- Allow state: invalid packets
+	uci:foreach("firewall", "defaults",
+		function(section)
+			uci:set("firewall", section[".name"], "drop_invalid", "0")
+		end)
+
+	uci:save("firewall")
+

 	-- Crate network interface
 	local netconfig = uci:get_all("freifunk", "interface")