luci-0.9: merge r5310
This commit is contained in:
Jo-Philipp Wich
parent
5a91868704
commit
dd6dd2d8f5
2 changed files with 77 additions and 1 deletions
|
|
@ -7,7 +7,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=freifunk-firewall
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,76 @@
|
|||
#!/bin/sh
|
||||
|
||||
clear_restricted_gw()
|
||||
{
|
||||
local state="$1"
|
||||
local iface
|
||||
local ifname
|
||||
local ipaddr
|
||||
local netmask
|
||||
local gateway
|
||||
|
||||
config_get iface "$state" iface
|
||||
|
||||
if [ "$iface" = "$INTERFACE" ]; then
|
||||
config_get ifname "$state" ifname
|
||||
config_get ipaddr "$state" ipaddr
|
||||
config_get netmask "$state" netmask
|
||||
config_get gateway "$state" gateway
|
||||
|
||||
logger -t firewall.freifunk "removing local restriction to $iface($gateway)"
|
||||
iptables -D "zone_${INTERFACE}_ACCEPT" -i ! $ifname -o $ifname -d $ipaddr/$netmask -j REJECT
|
||||
iptables -D "zone_${INTERFACE}_ACCEPT" -i ! $ifname -o $ifname -d $gateway -j ACCEPT
|
||||
|
||||
uci_revert_state firewall "$state"
|
||||
fi
|
||||
}
|
||||
|
||||
get_enabled()
|
||||
{
|
||||
local name
|
||||
config_get name "$1" name
|
||||
|
||||
if [ "$name" = "$ZONE" ]; then
|
||||
config_get_bool local_restrict "$1" local_restrict
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "$ACTION" = add ]; then
|
||||
local enabled
|
||||
local ipaddr
|
||||
local netmask
|
||||
local gateway
|
||||
|
||||
include /lib/network
|
||||
scan_interfaces
|
||||
|
||||
config_get ipaddr "$INTERFACE" ipaddr
|
||||
config_get netmask "$INTERFACE" netmask
|
||||
config_get gateway "$INTERFACE" gateway
|
||||
|
||||
if [ -n "$gateway" ] && [ "$gateway" != 0.0.0.0 ]; then
|
||||
config_load firewall
|
||||
|
||||
local_restrict=0
|
||||
config_foreach get_enabled zone
|
||||
|
||||
if [ "$local_restrict" = 1 ]; then
|
||||
logger -t firewall.freifunk "restricting local access to $DEVICE($gateway)"
|
||||
iptables -I "zone_${INTERFACE}_ACCEPT" -i ! $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT
|
||||
iptables -I "zone_${INTERFACE}_ACCEPT" -i ! $DEVICE -o $DEVICE -d $gateway -j ACCEPT
|
||||
|
||||
local state="restricted_gw_${INTERFACE}"
|
||||
uci_set_state firewall "$state" "" restricted_gw_state
|
||||
uci_set_state firewall "$state" iface "$INTERFACE"
|
||||
uci_set_state firewall "$state" ifname "$DEVICE"
|
||||
uci_set_state firewall "$state" ipaddr "$ipaddr"
|
||||
uci_set_state firewall "$state" netmask "$netmask"
|
||||
uci_set_state firewall "$state" gateway "$gateway"
|
||||
fi
|
||||
fi
|
||||
|
||||
elif [ "$ACTION" = remove ]; then
|
||||
config_load firewall
|
||||
config_foreach clear_restricted_gw restricted_gw_state
|
||||
fi
|
||||
|
||||
Loading…
Reference in a new issue