mirror of https://github.com/aredn/aredn.git
55 lines
2.0 KiB
Bash
Executable File
55 lines
2.0 KiB
Bash
Executable File
#!/bin/sh
|
|
<<'LICENSE'
|
|
Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
|
|
Copyright (C) 2022 Tim Wilkinson
|
|
See Contributors file for additional contributors
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation version 3 of the License.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
Additional Terms:
|
|
|
|
Additional use restrictions exist on the AREDN(TM) trademark and logo.
|
|
See AREDNLicense.txt for more info.
|
|
|
|
Attributions to the AREDN Project must be retained in the source code.
|
|
If importing this code into a new or existing project attribution
|
|
to the AREDN project must be added to the source code.
|
|
|
|
You must not misrepresent the origin of the material contained within.
|
|
|
|
Modified versions must be modified to attribute to the original source
|
|
and be marked in reasonable ways as differentiate it from the original
|
|
version.
|
|
|
|
LICENSE
|
|
|
|
lan_dhcp_route=$(/sbin/uci -q get aredn.@wan[0].lan_dhcp_route)
|
|
wan=$(grep "wan_intf" /etc/config.mesh/_setup | sed s/^wan_intf\ =\ //)
|
|
|
|
case "${lan_dhcp_route}" in
|
|
0)
|
|
# LAN to WAN forwarding is disabled
|
|
# Inserted in reverse order
|
|
# Block traffic forwarding between LAN and local WAN (need this rule if WAN happens to be 10.X or 172.16.X)
|
|
# Allow traffic for mesh-IPs and tun-IPs
|
|
# Block traffic to all other IPs
|
|
nft insert rule ip fw4 forward_lan reject
|
|
nft insert rule ip fw4 forward_lan ip daddr 172.16.0.0/12 accept
|
|
nft insert rule ip fw4 forward_lan ip daddr 10.0.0.0/8 accept
|
|
nft insert rule ip fw4 forward_lan oifname "${wan}" reject
|
|
;;
|
|
*)
|
|
# LAN to WAN okay
|
|
;;
|
|
esac
|