#!/bin/sh <<'LICENSE' Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks Copyright (C) 2015 Joe Ayers ae6xe@arrl.net See Contributors file for additional contributors This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 3 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Additional Terms: Additional use restrictions exist on the AREDN(TM) trademark and logo. See AREDNLicense.txt for more info. Attributions to the AREDN Project must be retained in the source code. If importing this code into a new or existing project attribution to the AREDN project must be added to the source code. You must not misrepresent the origin of the material conained within. Modified versions must be modified to attribute to the original source and be marked in reasonable ways as differentiate it from the original version. LICENSE # This script assumes a pre-existing OpenWRT-UCI netfilter table structure # $1 = tun0 | tun1 | ... | tun9 # $2 = up | down interface=$1 action=$2 configmode=$(uci -q -c /etc/local/uci/ get hsmmmesh.settings.config) echo "Firewall rules for $interface $action" # Do nothing if node is not in mesh mode if [ "$configmode" != "mesh" ] ; then exit 0; fi if [ "$action" = "up" ] ; then # Adding route policies for tunnel interface # identical to hotplug for dtdlink if ( ! ip rule list | egrep "^20020:.*$interface.*30" > /dev/null ) then if [ -e /etc/config/dmz-mode ] ; then ip rule add pref 20010 iif "$interface" lookup 29 # local interfaces fi ip rule add pref 20020 iif "$interface" lookup 30 # mesh ip rule add pref 20080 iif "$interface" lookup 31 # gateway ip rule add pref 20090 iif "$interface" lookup main ip rule add pref 20099 iif "$interface" unreachable fi else # Remove route policies for tunnel interface ip rule del pref 20010 iif "$interface" lookup 29 ip rule del pref 20020 iif "$interface" lookup 30 ip rule del pref 20080 iif "$interface" lookup 31 ip rule del pref 20090 iif "$interface" lookup main ip rule del pref 20099 iif "$interface" unreachable fi exit 0;