Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

* Fixed Freifunk firewall script

Browse source
This commit is contained in:
Steven Barth 2008-04-28 07:28:27 +00:00
parent 5266a8c01c
commit 4446f079fd
1 changed files with 31 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
module/admin-core/contrib/init.d/luci_freifunk
View file

@ -11,10 +11,20 @@ start() {
config_get lanif lan ifname config_get lanif lan ifname
config_get ffif ff ifname config_get ffif ff ifname
config_get lanip lan ipaddr
config_get lanmask lan netmask
config_get ffip ff ipaddr
config_get ffmask ff netmask
[ -n "$ffif" ] || return 0 [ -n "$ffif" ] || return 0
### Creating chains
iptables -N luci_freifunk_forwarding
iptables -t nat -N luci_freifunk_postrouting
### Read from config ### Read from config
config_load freifunk config_load freifunk
@ -24,55 +34,40 @@ start() {
### Freifunk to Freifunk ### Freifunk to Freifunk
[ "$internal" -gt 0 ] && { [ "$internal" -gt 0 ] && {
iptables -A forwarding_rule -i "$ffif" -o "$ffif" -j ACCEPT iptables -A luci_freifunk_forwarding -i "$ffif" -o "$ffif" -j ACCEPT
} }
### Lan to Freifunk ### Lan to Freifunk
[ -n "$lanif" ] && { [ -n "$lanif" ] && {
config_get ipaddr lan ipaddr eval "$(ipcalc.sh $lanip $lanmask)"
config_get netmask lan netmask
eval "$(ipcalc.sh $ipaddr $netmask)" iptables -A luci_freifunk_forwarding -i "$lanif" -o "$ffif" -j ACCEPT
iptables -t nat -A luci_freifunk_postrouting -s "$NETWORK/$PREFIX" -o "$ffif" -j MASQUERADE
iptables -A forwarding_rule -i "$lanif" -o "$ffif" -j ACCEPT
iptables -t nat -A postrouting_rule -s "$NETWORK/$PREFIX" -o "$ffif" -j MASQUERADE
} }
### Freifunk to Wan ### Freifunk to Wan
[ "$internet" -gt 0 ] && { [ "$internet" -gt 0 ] && {
config_get ipaddr ff ipaddr eval "$(ipcalc.sh $ffip $ffmask)"
config_get netmask ff netmask
eval "$(ipcalc.sh $ipaddr $netmask)" iptables -A luci_freifunk_forwarding -i "$ffif" -o "$wanif" -j ACCEPT
iptables -t nat -A luci_freifunk_postrouting -s "$NETWORK/$PREFIX" -o "$wanif" -j MASQUERADE
iptables -A forwarding_rule -i "$ffif" -o "$wanif" -j ACCEPT
iptables -t nat -A postrouting_rule -s "$NETWORK/$PREFIX" -o "$wanif" -j MASQUERADE
} }
### Hook in the chains
iptables -A forwarding_rule -j luci_freifunk_forwarding
iptables -t nat -A postrouting_rule -j luci_freifunk_postrouting
} }
stop() { stop() {
include /lib/network ### Hook out the chains
scan_interfaces iptables -D forwarding_rule -j luci_freifunk_forwarding
iptables -t nat -D postrouting_rule -j luci_freifunk_postrouting
### Read interface names ### Clear the chains
config_get wanif wan ifname iptables -F luci_freifunk_forwarding
config_get lanif lan ifname iptables -t nat -F luci_freifunk_postrouting
config_get ffif ff ifname
[ -n "$ffif" ] || return 0 ### Delete chains
iptables -X luci_freifunk_forwarding
### Freifunk to Freifunk iptables -t nat -X luci_freifunk_postrouting
iptables -D forwarding_rule -i "$ffif" -o "$ffif" -j ACCEPT
### Lan to Freifunk
[ -n "$lanif" ] && {
iptables -D forwarding_rule -i "$lanif" -o "$ffif" -j ACCEPT
iptables -t nat -D postrouting_rule -i "$lanif" -o "$ffif" -j MASQUERADE
}
### Freifunk to Wan
[ -n "$wanif" -gt 0 ] && {
iptables -D forwarding_rule -i "$ffif" -o "$wanif" -j ACCEPT
iptables -t nat -D postrouting_rule -i "$ffif" -o "$wanif" -j MASQUERADE
}
} }