mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-02-13 19:11:51 +00:00
90 lines
2.7 KiB
Bash
Executable file
90 lines
2.7 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
if [ "$(uci -q get firewall.@zone[2].name)" = "vpn" ]; then
|
|
uci -q batch <<-EOF >/dev/null
|
|
del firewall.@zone[2]
|
|
commit firewall
|
|
EOF
|
|
fi
|
|
|
|
if [ "$(uci -q get firewall.zone_vpn)" = "" ]; then
|
|
uci -q batch <<-EOF >/dev/null
|
|
set firewall.zone_vpn=zone
|
|
set firewall.zone_vpn.name=vpn
|
|
set firewall.zone_vpn.network=glorytun
|
|
set firewall.zone_vpn.masq=1
|
|
set firewall.zone_vpn.input=REJECT
|
|
set firewall.zone_vpn.forward=ACCEPT
|
|
set firewall.zone_vpn.output=ACCEPT
|
|
commit firewall
|
|
EOF
|
|
fi
|
|
|
|
if [ "$(uci -q show firewall | grep Allow-All-Ping)" = "" ]; then
|
|
uci -q batch <<-EOF >/dev/null
|
|
add firewall rule
|
|
set firewall.@rule[-1].enabled='1'
|
|
set firewall.@rule[-1].target='ACCEPT'
|
|
set firewall.@rule[-1].name='Allow-All-Ping'
|
|
set firewall.@rule[-1].proto='icmp'
|
|
set firewall.@rule[-1].dest='*'
|
|
set firewall.@rule[-1].src='*'
|
|
set firewall.@rule[-1].icmp_type='echo-request'
|
|
commit firewall
|
|
EOF
|
|
fi
|
|
if [ "$(uci -q show firewall | grep Allow-VPN-ICMP)" = "" ]; then
|
|
uci -q batch <<-EOF >/dev/null
|
|
add firewall rule
|
|
set firewall.@rule[-1].enabled='1'
|
|
set firewall.@rule[-1].target='ACCEPT'
|
|
set firewall.@rule[-1].name='Allow-VPN-ICMP'
|
|
set firewall.@rule[-1].proto='icmp'
|
|
set firewall.@rule[-1].src='vpn'
|
|
commit firewall
|
|
EOF
|
|
fi
|
|
if [ "$(uci -q show firewall | grep Allow-Lan-to-Wan)" = "" ]; then
|
|
uci -q batch <<-EOF >/dev/null
|
|
add firewall rule
|
|
set firewall.@rule[-1].enabled='1'
|
|
set firewall.@rule[-1].target='ACCEPT'
|
|
set firewall.@rule[-1].name='Allow-Lan-to-Wan'
|
|
set firewall.@rule[-1].dest='wan'
|
|
set firewall.@rule[-1].src='lan'
|
|
commit firewall
|
|
EOF
|
|
fi
|
|
|
|
if [ "$(uci -q show firewall | grep ICMPv6-Lan-to-OMR)" = "" ]; then
|
|
uci -q batch <<-EOF >/dev/null
|
|
add firewall rule
|
|
set firewall.@rule[-1].enabled='1'
|
|
set firewall.@rule[-1].target='ACCEPT'
|
|
set firewall.@rule[-1].name='ICMPv6-Lan-to-OMR'
|
|
set firewall.@rule[-1].src='lan'
|
|
set firewall.@rule[-1].family='ipv6'
|
|
set firewall.@rule[-1].proto='icmp'
|
|
set firewall.@rule[-1].limit='1000/sec'
|
|
set firewall.@rule[-1].icmp_type='echo-reply destination-unreachable echo-request router-advertisement router-solicitation time-exceeded'
|
|
commit firewall
|
|
EOF
|
|
fi
|
|
uci -q batch <<-EOF >/dev/null
|
|
del_list firewall.wan.masq_dest='!10.0.0.0/8'
|
|
del_list firewall.wan.masq_dest='!172.16.0.0/12'
|
|
del_list firewall.wan.masq_dest='!192.168.0.0/16'
|
|
add_list firewall.wan.masq_dest='!10.0.0.0/8'
|
|
add_list firewall.wan.masq_dest='!172.16.0.0/12'
|
|
add_list firewall.wan.masq_dest='!192.168.0.0/16'
|
|
EOF
|
|
if [ "$(ubus call system board | jsonfilter -e '@.board_name')" = "bananapi,bpi-r2" ]; then
|
|
uci -q batch <<-EOF >/dev/null
|
|
set firewall.@defaults[0].flow_offloading='1'
|
|
set firewall.@defaults[0].flow_offloading_hw='1'
|
|
EOF
|
|
fi
|
|
|
|
rm -f /tmp/luci-indexcache
|
|
|
|
exit 0
|