Opennet Firmware
init/on-openvpn
gehe zur Dokumentation dieser Datei
1#!/bin/sh
2
3
4# shellcheck source=opennet/packages/on-core/files/usr/lib/opennet/on-helper.sh
5. "${IPKG_INSTROOT:-}/usr/lib/opennet/on-helper.sh"
6
7
8configure_tunnel_network() {
9 local uci_prefix=network.on_vpn
10
11 # Abbruch falls das Netzwerk schon vorhanden ist
12 [ -n "$(uci_get "$uci_prefix")" ] && return
13
14 # add new network to configuration (to be recognized by olsrd)
15 uci set "${uci_prefix}=interface"
16 uci set "${uci_prefix}.proto=none"
17 uci set "${uci_prefix}.device=tun-on-user"
18
19 apply_changes network
20}
21
22
23configure_tunnel_firewall() {
24 local was_changed=0
25 local uci_prefix
26 uci_prefix=$(find_first_uci_section firewall zone "name=$ZONE_TUNNEL")
27
28 # Zone erzeugen, falls sie noch nicht vorhanden ist
29 if [ -z "$(uci_get "$uci_prefix")" ]; then
30 # Zone fuer ausgehenden Verkehr definieren
31 uci_prefix=firewall.$(uci add firewall zone)
32 uci set "${uci_prefix}.name=$ZONE_TUNNEL"
33 uci add_list "${uci_prefix}.network=$NETWORK_TUNNEL"
34 uci set "${uci_prefix}.forward=REJECT"
35 uci set "${uci_prefix}.input=REJECT"
36 uci set "${uci_prefix}.output=ACCEPT"
37 uci set "${uci_prefix}.masq=1"
38 was_changed=1
39 fi
40 create_uci_section_if_missing firewall forwarding \
41 "src=$ZONE_LOCAL" "dest=$ZONE_TUNNEL" \
42 && was_changed=1
43 create_uci_section_if_missing firewall rule \
44 "src=$ZONE_TUNNEL" "dest_port=22" "target=ACCEPT" "name=on-user-ssh" \
45 && was_changed=1
46 create_uci_section_if_missing firewall rule \
47 "src=$ZONE_TUNNEL" "proto=icmp" "target=ACCEPT" "name=on-user-icmp" \
48 && was_changed=1
49 [ "$was_changed" = "0" ] && return 0
50 apply_changes firewall
51}
52
53
54configure_tunnel_network
55configure_tunnel_firewall
create_uci_section_if_missing
create_uci_section_if_missing()
Prüfe, ob eine definierte UCI-Sektion existiert und lege sie andernfalls an.
Definition: uci.sh:58