contrib/freifunk-firewall: Make it work with firewall3

contrib/package/freifunk-firewall/Makefile

@@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=freifunk-firewall
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 
@@ -18,7 +18,7 @@ define Package/freifunk-firewall
   CATEGORY:=LuCI
   SUBMENU:=9. Freifunk
   TITLE:=Freifunk Firewall Addon
-  DEPENDS:=+firewall
+  DEPENDS:=+firewall3
 endef
 
 define Package/freifunk-firewall/description

contrib/package/freifunk-firewall/files/etc/firewall.freifunk

@@ -1,7 +1,7 @@
 #!/bin/sh
 # Freifunk Firewall addons
-# $Id$
 
+. /lib/functions.sh
 
 #
 # Apply advanced settings
@@ -36,7 +36,5 @@ apply_advanced() {
 
 config_foreach apply_advanced advanced
 
-[ -x /etc/init.d/luci_splash ] && ( sleep 3; /etc/init.d/luci_splash restart )&
-
 [ -x /etc/init.d/freifunk-p2pblock ] && /etc/init.d/freifunk-p2pblock enabled && \
 	( sleep 3; /etc/init.d/freifunk-p2pblock restart )&

contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan

@@ -5,20 +5,16 @@ clear_restricted_gw()
 	local state="$1"
 	local iface
 	local ifname
-	local ipaddr
+	local subnet
-	local netmask
-	local gateway
 
 	config_get iface "$state" iface
 
 	if [ "$iface" = "$INTERFACE" ]; then
 		config_get ifname "$state" ifname
-		config_get ipaddr "$state" ipaddr
+		config_get subnet "$state" subnet
-		config_get netmask "$state" netmask
-		config_get gateway "$state" gateway
 
-		logger -t firewall.freifunk "removing local restriction to $iface($gateway)"
+		logger -t firewall.freifunk "removing local restriction to the network connected to $ifname ($iface)"
-		iptables -D forwarding_rule ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited
+		iptables -D forwarding_freifunk_rule -o $ifname -d $subnet -j REJECT --reject-with icmp-host-prohibited
 		uci_revert_state firewall "$state"
 	fi
 }
@@ -35,33 +31,30 @@ get_enabled()
 
 if [ "$ACTION" = add ]; then
 	local enabled
-	local ipaddr
+	local subnet
-	local netmask
-	local gateway
 
-	include /lib/network
+	. /lib/functions/network.sh
-	scan_interfaces
 
-	config_get ipaddr "$INTERFACE" ipaddr
+	network_find_wan wan
-	config_get netmask "$INTERFACE" netmask
-	config_get gateway "$INTERFACE" gateway
 
-	if [ -n "$gateway" ] && [ "$gateway" != 0.0.0.0 ]; then
+	[ "$INTERFACE" = "$wan" ] || return 0
+
+	network_get_subnet subnet $INTERFACE
+
+	if [ -n "$subnet" ]; then
 		config_load firewall
 
 		local_restrict=0
 		config_foreach get_enabled zone
 		
 		if [ "$local_restrict" = 1 ]; then
-			logger -t firewall.freifunk "restricting local access to $DEVICE($gateway)"
+			logger -t firewall.freifunk "restricting local access to the network connected to $INTERFACE ($DEVICE)"
-			iptables -I forwarding_rule ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited
+			iptables -I forwarding_freifunk_rule -o $DEVICE -d $subnet -j REJECT --reject-with icmp-host-prohibited
 			local state="restricted_gw_${INTERFACE}"
 			uci_set_state firewall "$state" "" restricted_gw_state
 			uci_set_state firewall "$state" iface "$INTERFACE"
 			uci_set_state firewall "$state" ifname "$DEVICE"
-			uci_set_state firewall "$state" ipaddr "$ipaddr"
+			uci_set_state firewall "$state" subnet "$subnet"
-			uci_set_state firewall "$state" netmask "$netmask"
-			uci_set_state firewall "$state" gateway "$gateway"
 		fi
 	fi