forked from libremesh/lime-packages
-
Notifications
You must be signed in to change notification settings - Fork 1
/
wan.lua
60 lines (49 loc) · 1.94 KB
/
wan.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/usr/bin/lua
--! LibreMesh community mesh networks meta-firmware
--!
--! Copyright (C) 2014-2023 Gioacchino Mazzurco <gio@eigenlab.org>
--! Copyright (C) 2023 Asociación Civil Altermundi <info@altermundi.net>
--!
--! SPDX-License-Identifier: AGPL-3.0-only
local libuci = require("uci")
local fs = require("nixio.fs")
local utils = require("lime.utils")
wan = {}
wan.configured = false
function wan.configure(args)
if wan.configured then return end
wan.configured = true
local uci = libuci:cursor()
uci:set("network", "wan", "interface")
uci:set("network", "wan", "proto", "dhcp")
uci:save("network")
end
function wan.setup_interface(ifname, args)
local uci = libuci:cursor()
uci:set("network", "wan", "device", ifname)
uci:save("network")
if utils.is_installed('firewall') then
fs.remove("/etc/firewall.lime.d/20-wan-out-masquerade")
else
fs.mkdir("/etc/firewall.lime.d")
fs.writefile(
"/etc/firewall.lime.d/20-wan-out-masquerade",
"iptables -t nat -D POSTROUTING -o " .. ifname .. " -j MASQUERADE\n" ..
"iptables -t nat -A POSTROUTING -o " .. ifname .. " -j MASQUERADE\n"
)
end
if utils.is_installed('firewall') then
fs.mkdir("/etc/firewall.lime.d")
fs.writefile(
"/etc/firewall.lime.d/20-allow-all-fe80-traffic-over-wan",
"# These will do nothing if fw3 is not running, since *put_wan_rule will not exist\n" ..
"ip6tables -D input_wan_rule -j ACCEPT -p all -s fe80::/10 -m comment --comment 'Allow all link-local traffic over WAN'\n" ..
"ip6tables -A input_wan_rule -j ACCEPT -p all -s fe80::/10 -m comment --comment 'Allow all link-local traffic over WAN'\n" ..
"ip6tables -D output_wan_rule -j ACCEPT -p all -s fe80::/10 -m comment --comment 'Allow all link-local traffic over WAN'\n" ..
"ip6tables -A output_wan_rule -j ACCEPT -p all -s fe80::/10 -m comment --comment 'Allow all link-local traffic over WAN'\n"
)
else
fs.remove("/etc/firewall.lime.d/20-allow-all-fe80-traffic-over-wan")
end
end
return wan