Merge pull request #2728 from holta/iptables2

PR #2727 w/ on-screen warnings for iiab-internet-on|off

roles/network/tasks/computed_network.yml

@@ -141,6 +141,13 @@
     line: 'IIAB_LAN_DEVICE={{ iiab_lan_iface }}'
     state: present
 
+- name: Record 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' in {{ iiab_env_file }}
+  lineinfile:
+    path: "{{ iiab_env_file }}"
+    regexp: '^IIAB_GATEWAY_ENABLED=*'
+    line: 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}'
+    state: present
+
 - name: Add 'computed_network' variable values to {{ iiab_ini_file }}
   ini_file:
     dest: "{{ iiab_ini_file }}"

roles/network/tasks/enable_services.yml

@@ -205,6 +205,17 @@
     group: root
     mode: 0755
 
+- name: Install iiab-internet-on|off
+  template:
+    src: "{{ item }}"
+    dest: /usr/bin/
+    owner: root
+    group: root
+    mode: 0755
+  with_items:
+    - gateway/iiab-internet-on
+    - gateway/iiab-internet-off
+
 - name: Add 'squid' variable values to {{ iiab_ini_file }}
   ini_file:
     path: "{{ iiab_ini_file }}"

roles/network/tasks/restart.yml

@@ -53,12 +53,6 @@
     name: avahi-daemon
     state: restarted
 
-- name: Create gateway flag
-  shell: echo 1 > /etc/sysconfig/olpc-scripts/setup.d/installed/gateway
-  args:
-    creates: /etc/sysconfig/olpc-scripts/setup.d/installed/gateway
-  when: iiab_network_mode == "Gateway"
-
 #netplan de-configures pre-created bridged interfaces 
 #- name: Reload netplan when Wifi is not gateway on Ubuntu 18+
 #  shell: netplan apply

roles/network/templates/gateway/iiab-gen-iptables

@@ -37,6 +37,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables
 source {{ iiab_env_file }}
 lan=$IIAB_LAN_DEVICE
 wan=$IIAB_WAN_DEVICE
+iiab_gateway_enabled=$IIAB_GATEWAY_ENABLED
 echo -e "\nLAN: $lan"
 echo -e "WAN: $wan\n"
 #network_mode=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'`
@@ -49,7 +50,6 @@ gw_block_https={{ gw_block_https }}
 sshd_port={{ sshd_port }}
 #gui_wan= [no longer needed]
 gui_port={{ gui_port }}
-iiab_gateway_enabled={{ iiab_gateway_enabled }}
 block_DNS={{ block_DNS }}
 
 azuracast_ports="{{ azuracast_port_range_prefix }}000:{{ azuracast_port_range_prefix }}100"
@@ -86,14 +86,6 @@ elif [ "$ports_externally_visible" -lt 0 ] || [ "$ports_externally_visible" -gt
     exit 1
 fi
 
-#if [ "$wan" != "none" ] && [ "$network_mode" != "Appliance" ]; then
-# Load iptables kernel modules
-/sbin/modprobe ip_tables
-/sbin/modprobe iptable_filter
-/sbin/modprobe ip_conntrack
-/sbin/modprobe iptable_nat
-#fi
-
 # Delete all existing firewall rules
 $IPTABLES -F
 $IPTABLES -t nat -F

roles/network/templates/gateway/iiab-internet-off

@@ -0,0 +1,11 @@
+#!/bin/bash
+sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=False/" {{ iiab_env_file }}
+/usr/bin/iiab-gen-iptables
+
+cat << EOF
+
+WARNING: If you want to _permanently_ change your IIAB's default behavior
+(i.e. to specify whether student client devices should have Internet or not,
+in general!) then modify variable 'iiab_gateway_enabled' in
+/etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network'
+EOF

roles/network/templates/gateway/iiab-internet-on

@@ -0,0 +1,11 @@
+#!/bin/bash
+sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=True/" {{ iiab_env_file }}
+/usr/bin/iiab-gen-iptables
+
+cat << EOF
+
+WARNING: If you want to _permanently_ change your IIAB's default behavior
+(i.e. to specify whether student client devices should have Internet or not,
+in general!) then modify variable 'iiab_gateway_enabled' in
+/etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network'
+EOF