feature: FirewallIncludes: Add program that will auto include firewall rules that are in a set directory.

This is the basis for allowing packages to contain firewall rules that can be just dropped in a folder at install time.

files/etc/config.mesh/firewall

@@ -80,6 +80,10 @@ config rule
         option family           ipv4
         option target           ACCEPT
 
+config include
+        option path /usr/local/bin/mesh-firewall
+        option reload           1
+
 config include
         option path /etc/firewall.user
 

files/etc/local/mesh-firewall/README

@@ -0,0 +1,4 @@
+## This directory includes shell scripts that will be auto executed each time the firewall is reloaded
+## Some variables are set in the environment to make checks easier.
+## Files should follow the ##-name structure and be marked executable.
+## This directory is NOT saved during an OTA Upgrade

files/usr/local/bin/mesh-firewall

@@ -0,0 +1,67 @@
+#!/bin/sh
+<<'LICENSE'
+  Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+  Copyright (C) 2015 Conrad Lara
+   See Contributors file for additional contributors
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation version 3 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+  Additional Terms:
+
+  Additional use restrictions exist on the AREDN(TM) trademark and logo.
+    See AREDNLicense.txt for more info.
+
+  Attributions to the AREDN Project must be retained in the source code.
+  If importing this code into a new or existing project attribution
+  to the AREDN project must be added to the source code.
+
+  You must not misrepresent the origin of the material conained within.
+
+  Modified versions must be modified to attribute to the original source
+  and be marked in reasonable ways as differentiate it from the original
+  version.
+
+LICENSE
+
+
+### Lets export some variables to help other scripts we call later.
+
+#Are we in NAT mode
+if [ -f "/etc/config/dmz-mode" ]
+then
+  export MESHFW_NATLAN=0
+else
+  export MESHFW_NATLAN=1
+fi
+
+#Is this node a meshgw
+export MESHFW_MESHGW
+MESHFW_MESHGW=$(grep -i olsrd_gw /etc/config.mesh/_setup|cut -d ' ' -f 3)
+
+# Are tunnels 'enabled'
+if [ -x "/usr/sbin/vtund" ]
+then
+  export MESHFW_TUNNELS_ENABLED=1
+else
+  export MESHFW_TUNNELS_ENABLED=0
+fi
+
+# Lets execute each include file
+
+for file in /etc/local/mesh-firewall/*
+do
+  if ( [ -x "$file" ] && [ -f "$file" ] ); then
+    echo "mesh-firewall: Executing $file"
+    $file
+  fi
+done