From 509d4751337004a8add8ab1be1b45b806b6a0dc3 Mon Sep 17 00:00:00 2001
From: Tim Wilkinson <tim.j.wilkinson@gmail.com>
Date: Thu, 21 Dec 2023 11:06:15 -0800
Subject: [PATCH] Fix firewall rules. (#1041)

1. Allow wireguard tunnels in iface mesh setup (treat like vtuns)
2. Fix incorrectly setting up dtd/wifi to wan rules
---
 files/etc/hotplug.d/iface/11-meshrouting | 2 +-
 files/usr/local/bin/node-setup           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/etc/hotplug.d/iface/11-meshrouting b/files/etc/hotplug.d/iface/11-meshrouting
index 6c942bc8..b3b76aec 100755
--- a/files/etc/hotplug.d/iface/11-meshrouting
+++ b/files/etc/hotplug.d/iface/11-meshrouting
@@ -50,7 +50,7 @@ if [ "$ACTION" = "ifup" ] ; then
 
   echo "Setting routing rules."
 
-  if [ "$INTERFACE" == "wifi" ] || [ "$INTERFACE" == "dtdlink" ] || [ "${INTERFACE:0:3}" = "tun" ] || [ "$xlink" != "" ]; then
+  if [ "$INTERFACE" == "wifi" ] || [ "$INTERFACE" == "dtdlink" ] || [ "${INTERFACE:0:3}" = "tun" ] || [ "${INTERFACE:0:2}" = "wg" ] || [ "$xlink" != "" ]; then
     if [ "$(/sbin/uci -q get aredn.@dmz[0].mode)" != "0" ] ; then 
       ip rule add pref 20010 iif $DEVICE lookup 29
     fi
diff --git a/files/usr/local/bin/node-setup b/files/usr/local/bin/node-setup
index 99da8923..9ed3be7d 100755
--- a/files/usr/local/bin/node-setup
+++ b/files/usr/local/bin/node-setup
@@ -584,7 +584,7 @@ if fw then
         fw:write("\nconfig 'include'\n        option 'path' '/etc/firewall.natmode'\n        option 'reload' '1'\n")
     end
 
-    if c:get("aredn", "@wan[0]", "olsrd_gw") == "1" then
+    if nc:get("aredn", "@wan[0]", "olsrd_gw") == "1" then
         fw:write("\nconfig forwarding\n        option src    wifi\n        option dest   wan\n")
         fw:write("\nconfig forwarding\n        option src    dtdlink\n        option dest   wan\n")
     end