diff options
Diffstat (limited to 'net/coova-chilli/files/chilli.firewall')
| -rw-r--r-- | net/coova-chilli/files/chilli.firewall | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/net/coova-chilli/files/chilli.firewall b/net/coova-chilli/files/chilli.firewall new file mode 100644 index 000000000..a5b1d001e --- /dev/null +++ b/net/coova-chilli/files/chilli.firewall @@ -0,0 +1,41 @@ +#!/bin/sh + +chilli_firewall() { + local cfg="$1" + + local network ifname tun + + config_get network "$cfg" network + + . /lib/functions/network.sh + network_get_device ifname ${network:-lan} + + if [ "$ifname" = "" ] + then + config_get ifname "$cfg" dhcpif + fi + + config_get tun "$cfg" tundev + + for n in ACCEPT DROP REJECT + do + iptables -F zone_${network}_${n} + iptables -I zone_${network}_${n} -i $tun -j $n + iptables -I zone_${network}_${n} -o $tun -j $n + done + + iptables -D forward -i ${ifname} -j zone_${network}_forward + iptables -A forward -i ${ifname} -j DROP + iptables -A forward -i $tun -j zone_${network}_forward + + iptables -D input -i ${ifname} -j zone_${network} + iptables -A input -i $tun -j zone_${network} + + iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT + iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT +} + +chilli_post_core_cb() { + config_load chilli + config_foreach chilli_firewall chilli +} |