nicer firewall script

2 files changed, 14 insertions, 12 deletions

diff --git a/inventory/group_vars/dolmetsch-ctl/main.yml b/inventory/group_vars/dolmetsch-ctl/main.yml
index cd9255f8..d1ffc8ae 100644
--- a/inventory/group_vars/dolmetsch-ctl/main.yml
+++ b/inventory/group_vars/dolmetsch-ctl/main.yml
@@ -62,14 +62,15 @@ openwrt_mixin:
       START=22
       STOP=91
 
-      MGMT_IF=$(uci get network.mgmt.ifname)
-      MGMT_IPADDR=$(uci get network.mgmt.ipaddr)
-      MGMT_NETMASK=$(uci get network.mgmt.netmask)
-      MIXER_IF=br-mixer
-      MIXER_IPADDR=$(uci get network.mixer.ipaddr)
-      MIXER_NETMASK=$(uci get network.mixer.netmask)
-
       start() {
+        MGMT_IF=$(uci get network.mgmt.ifname)
+        MGMT_IPADDR=$(uci get network.mgmt.ipaddr)
+        MGMT_NETMASK=$(uci get network.mgmt.netmask)
+        MIXER_IF=br-mixer
+        MIXER_IPADDR=$(uci get network.mixer.ipaddr)
+        MIXER_NETMASK=$(uci get network.mixer.netmask)
+
+
         iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT
         iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT
 
diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml
index 826a25cb..a4bcd4ce 100644
--- a/inventory/host_vars/ele-router.yml
+++ b/inventory/host_vars/ele-router.yml
@@ -184,12 +184,13 @@ openwrt_mixin:
       START=22
       STOP=91
 
-      WAN_IF=$(uci get network.wan.ifname)
-      MGMT_IF=$(uci get network.mgmt.ifname)
-      MGMT_IPADDR=$(uci get network.mgmt.ipaddr)
-      MGMT_NETMASK=$(uci get network.mgmt.netmask)
-
       start() {
+        WAN_IF=$(uci get network.wan.ifname)
+        MGMT_IF=$(uci get network.mgmt.ifname)
+        MGMT_IPADDR=$(uci get network.mgmt.ipaddr)
+        MGMT_NETMASK=$(uci get network.mgmt.netmask)
+
+
         iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT
         iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT