# Script executed after network interface has been brought up.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
- # Normally you do not need to uncomment this option.
- #option ipup /etc/chilli.ipup
+ # Normally you do not need to modify this option.
+ option ipup /etc/chilli/up.sh
# Script executed after network interface has been taken down.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
- # Normally you do not need to uncomment this option.
- #option ipdown /etc/chilli.ipdown
+ # Normally you do not need to modify this option.
+ option ipdown /etc/chilli/down.sh
# Radius parameters
+++ /dev/null
-#!/bin/sh
-
-chilli_firewall() {
- local cfg="$1"
-
- local network ifname tun
-
- config_get network "$cfg" network
-
- . /lib/functions/network.sh
- network_get_device ifname ${network:-lan}
-
- if [ "$ifname" = "" ]
- then
- config_get ifname "$cfg" dhcpif
- fi
-
- config_get tun "$cfg" tundev
-
- for n in ACCEPT DROP REJECT
- do
- iptables -F zone_${network}_${n}
- iptables -I zone_${network}_${n} -i $tun -j $n
- iptables -I zone_${network}_${n} -o $tun -j $n
- done
-
- iptables -D forward -i ${ifname} -j zone_${network}_forward
- iptables -A forward -i ${ifname} -j DROP
- iptables -A forward -i $tun -j zone_${network}_forward
-
- iptables -D input -i ${ifname} -j zone_${network}
- iptables -A input -i $tun -j zone_${network}
-
- iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT
- iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT
-}
-
-chilli_post_core_cb() {
- config_load chilli
- config_foreach chilli_firewall chilli
-}
git.99rst.org / openwrt-packages.git / commitdiff