42 lines
1,003 B
Text
42 lines
1,003 B
Text
|
#!/bin/sh
|
||
|
|
||
|
chilli_firewall() {
|
||
|
local cfg="$1"
|
||
|
|
||
|
local network ifname tun
|
||
|
|
||
|
config_get network "$cfg" network
|
||
|
|
||
|
. /lib/functions/network.sh
|
||
|
network_get_device ifname ${network:-lan}
|
||
|
|
||
|
if [ "$ifname" = "" ]
|
||
|
then
|
||
|
config_get ifname "$cfg" dhcpif
|
||
|
fi
|
||
|
|
||
|
config_get tun "$cfg" tundev
|
||
|
|
||
|
for n in ACCEPT DROP REJECT
|
||
|
do
|
||
|
iptables -F zone_${network}_${n}
|
||
|
iptables -I zone_${network}_${n} -i $tun -j $n
|
||
|
iptables -I zone_${network}_${n} -o $tun -j $n
|
||
|
done
|
||
|
|
||
|
iptables -D forward -i ${ifname} -j zone_${network}_forward
|
||
|
iptables -A forward -i ${ifname} -j DROP
|
||
|
iptables -A forward -i $tun -j zone_${network}_forward
|
||
|
|
||
|
iptables -D input -i ${ifname} -j zone_${network}
|
||
|
iptables -A input -i $tun -j zone_${network}
|
||
|
|
||
|
iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT
|
||
|
iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT
|
||
|
}
|
||
|
|
||
|
chilli_post_core_cb() {
|
||
|
config_load chilli
|
||
|
config_foreach chilli_firewall chilli
|
||
|
}
|