net/coova-chili: update default firewall setup

Remove the obsolete firewall configuration as the legacy firewall package was removed in a901329781eae4716c21d3d8f70a18501d9f2352. And at the same time, define in the configuration the correct paths for the firewall rules, installed as /etc/chilli/{up|down}.sh Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
2017-10-07 13:17:39 +02:00 · 2017-10-07 13:17:39 +02:00 · 272d234c0a
commit 272d234c0a
parent 79ef85aa8c
2 changed files with 4 additions and 45 deletions
--- a/net/coova-chilli/files/chilli.config
+++ b/net/coova-chilli/files/chilli.config
@ -71,14 +71,14 @@ config chilli
    # Script executed after network interface has been brought up.
    # Executed with the following parameters: <devicename> <ip address>
    # <mask>
-    # Normally you do not need to uncomment this option.
-    #option ipup /etc/chilli.ipup
+    # Normally you do not need to modify this option.
+    option ipup /etc/chilli/up.sh

    # Script executed after network interface has been taken down.
    # Executed with the following parameters: <devicename> <ip address>
    # <mask>
-    # Normally you do not need to uncomment this option.
-    #option ipdown /etc/chilli.ipdown
+    # Normally you do not need to modify this option.
+    option ipdown /etc/chilli/down.sh


    # Radius parameters
--- a/net/coova-chilli/files/chilli.firewall
+++ b/net/coova-chilli/files/chilli.firewall
@ -1,41 +0,0 @@
-#!/bin/sh
-
-chilli_firewall() {
-    local cfg="$1"
-
-    local network ifname tun
-
-    config_get network "$cfg" network
-
-    . /lib/functions/network.sh
-    network_get_device ifname ${network:-lan}
-
-    if [ "$ifname" = "" ]
-    then
-       config_get ifname "$cfg" dhcpif
-    fi
-
-    config_get tun "$cfg" tundev
-
-    for n in ACCEPT DROP REJECT
-    do
-       iptables -F zone_${network}_${n}
-       iptables -I zone_${network}_${n} -i $tun -j $n
-       iptables -I zone_${network}_${n} -o $tun -j $n
-    done
-
-    iptables -D forward -i ${ifname} -j zone_${network}_forward
-    iptables -A forward -i ${ifname} -j DROP
-    iptables -A forward -i $tun -j zone_${network}_forward
-
-    iptables -D input -i ${ifname} -j zone_${network}
-    iptables -A input -i $tun -j zone_${network}
-
-    iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT
-    iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT
-}
-
-chilli_post_core_cb() {
-    config_load chilli
-    config_foreach chilli_firewall chilli
-}