backport of 46c36b3e3542ffe5609ab5cc10a60de7335d6cd9 double check after rebase

backport of c837cde92304cfaf4a44c31dfb40bbadfd05fe04

backport of a0102669d2d842163d17d61e254dbd0ba8a3ea92

touch up

backport of a55c0555b6fb92a6b6b239a9dce2fde2100e7ae5

roles/network/templates/gateway/iiab-gen-iptables

@@ -1,4 +1,5 @@
 #!/bin/bash -x
+source /etc/iiab/iiab.env
 {% if is_debuntu %}
 IPTABLES=/sbin/iptables
 IPTABLES_DATA=/etc/iptables.up.rules
@@ -6,8 +7,8 @@ IPTABLES_DATA=/etc/iptables.up.rules
 IPTABLES=/usr/sbin/iptables
 IPTABLES_DATA=/etc/sysconfig/iptables
 {% endif %}
-LANIF=`cat /etc/sysconfig/iiab_lan_device`
-WANIF=`cat /etc/sysconfig/iiab_wan_device`
+LANIF=$IIAB_LAN_DEVICE
+WANIF=$IIAB_WAN_DEVICE
 MODE=`grep iiab_network_mode_applied  /etc/iiab/iiab.ini | gawk '{print $3}'`
 
 clear_fw() {
@@ -33,7 +34,7 @@ $IPTABLES -A INPUT -p tcp --dport 5984 -j DROP
 $IPTABLES -A INPUT -p udp --dport 5984 -j DROP
 }
 
-if [  "x$WANIF" == "x" ] || [ "$MODE" == 'Appliance' ]; then
+if [  "x$WANIF" == "xnone" ] || [ "$MODE" == 'Appliance' ]; then
     clear_fw
     # save the rule set
 	{% if is_debuntu %}
@@ -119,7 +120,7 @@ if [ "$captive_portal_enabled" == "True" ];then
    $IPTABLES -t mangle -A internet -j MARK --set-mark 99
    $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}
 
-elif [ -f /etc/sysconfig/xs_httpcache_on ]; then
+elif [ "$HTTPCACHE_ON" == "True" ]; then
     $IPTABLES  -t nat  -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
 fi