2022-10-03 18:50:31 -06:00
|
|
|
#! /usr/bin/lua
|
|
|
|
--[[
|
|
|
|
|
|
|
|
Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
|
|
|
|
Copyright (C) 2022 Tim Wilkinson
|
|
|
|
Original Perl Copyright (C) 2015 Conrad Lara
|
|
|
|
See Contributors file for additional contributors
|
|
|
|
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation version 3 of the License.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
Additional Terms:
|
|
|
|
|
|
|
|
Additional use restrictions exist on the AREDN(TM) trademark and logo.
|
|
|
|
See AREDNLicense.txt for more info.
|
|
|
|
|
|
|
|
Attributions to the AREDN Project must be retained in the source code.
|
|
|
|
If importing this code into a new or existing project attribution
|
|
|
|
to the AREDN project must be added to the source code.
|
|
|
|
|
|
|
|
You must not misrepresent the origin of the material contained within.
|
|
|
|
|
|
|
|
Modified versions must be modified to attribute to the original source
|
|
|
|
and be marked in reasonable ways as differentiate it from the original
|
|
|
|
version
|
|
|
|
|
|
|
|
--]]
|
|
|
|
|
|
|
|
require("nixio")
|
|
|
|
require("uci")
|
|
|
|
|
|
|
|
if nixio.fs.stat("/etc/config.mesh/xlink") then
|
2022-12-22 13:22:49 -07:00
|
|
|
function nft_delete(list, query)
|
|
|
|
for line in io.popen("/usr/sbin/nft -a list chain ip fw4 " .. list):lines()
|
|
|
|
do
|
|
|
|
local handle = line:match(query .. "%s*# handle (%d+)")
|
|
|
|
if handle then
|
|
|
|
os.execute("/usr/sbin/nft delete rule ip fw4 " .. list .. " handle " .. handle)
|
|
|
|
return
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2022-10-03 18:50:31 -06:00
|
|
|
uci.cursor("/etc/config.mesh"):foreach("xlink", "interface",
|
|
|
|
function(section)
|
|
|
|
local ifname = section.ifname
|
2022-12-22 13:22:49 -07:00
|
|
|
nft_delete("forward", "iifname \"" .. ifname .. "\".*jump forward_dtdlink")
|
|
|
|
nft_delete("input", "iifname \"" .. ifname .. "\".*jump input_dtdlink")
|
2022-12-23 22:00:35 -07:00
|
|
|
nft_delete("output", "oifname \"" .. ifname .. "\".*jump output_dtdlink")
|
2022-12-22 13:22:49 -07:00
|
|
|
nft_delete("accept_to_dtdlink", "oifname \"" .. ifname .. "\".*accept")
|
|
|
|
nft_delete("reject_to_dtdlink", "oifname \"" .. ifname .. "\".*reject")
|
|
|
|
nft_delete("reject_from_dtdlink", "iifname \"" .. ifname .. "\".*reject")
|
2022-10-03 18:50:31 -06:00
|
|
|
end
|
|
|
|
)
|
2022-12-22 13:22:49 -07:00
|
|
|
nft_delete("forward_dtdlink", "jump accept_to_dtdlink")
|
|
|
|
local addrule = false
|
2022-10-03 18:50:31 -06:00
|
|
|
uci.cursor("/etc/config.mesh"):foreach("xlink", "interface",
|
|
|
|
function(section)
|
|
|
|
local ifname = section.ifname
|
2022-12-22 13:22:49 -07:00
|
|
|
os.execute("/usr/sbin/nft insert rule ip fw4 forward iifname \"" .. ifname .. "\" counter jump forward_dtdlink")
|
2022-12-23 22:00:35 -07:00
|
|
|
os.execute("/usr/sbin/nft add rule ip fw4 input iifname \"" .. ifname .. "\" counter jump input_dtdlink")
|
|
|
|
os.execute("/usr/sbin/nft add rule ip fw4 output oifname \"" .. ifname .. "\" counter jump output_dtdlink")
|
2022-12-22 13:22:49 -07:00
|
|
|
os.execute("/usr/sbin/nft add rule ip fw4 accept_to_dtdlink oifname \"" .. ifname .. "\" counter accept")
|
|
|
|
os.execute("/usr/sbin/nft add rule ip fw4 reject_to_dtdlink oifname \"" .. ifname .. "\" counter reject")
|
|
|
|
os.execute("/usr/sbin/nft add rule ip fw4 reject_from_dtdlink iifname \"" .. ifname .. "\" counter reject")
|
|
|
|
addrule = true
|
2022-10-03 18:50:31 -06:00
|
|
|
end
|
|
|
|
)
|
2022-12-22 13:22:49 -07:00
|
|
|
if addrule then
|
|
|
|
os.execute("/usr/sbin/nft add rule ip fw4 forward_dtdlink counter jump accept_to_dtdlink")
|
|
|
|
end
|
2022-10-03 18:50:31 -06:00
|
|
|
end
|