From 59fc9b891a6e3cacb834ca33e39b9c58f4e103d8 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 1 Aug 2021 15:48:22 +0200
Subject: preapre ele-tub

---
 inventory/host_vars/ele-tub.yml | 49 ++++++++++++++++++++++++++---------------
 1 file changed, 31 insertions(+), 18 deletions(-)

(limited to 'inventory/host_vars/ele-tub.yml')

diff --git a/inventory/host_vars/ele-tub.yml b/inventory/host_vars/ele-tub.yml
index 4ab8ae70..47c06223 100644
--- a/inventory/host_vars/ele-tub.yml
+++ b/inventory/host_vars/ele-tub.yml
@@ -46,17 +46,35 @@ openwrt_mixin:
   /etc/htoprc:
     file: "{{ global_files_dir }}/common/htoprc"
 
-  /etc/rc.local:
+  /etc/rc.d/S22network-fw:
+    link: "../init.d/network-fw"
+
+  /etc/rc.d/K92network-fw:
+    link: "../init.d/network-fw"
+
+  /etc/init.d/network-fw:
+    mode: "0755"
     content: |
-      # Put your custom commands here that should be executed once
-      # the system init finished. By default this file does nothing.
+      #!/bin/sh /etc/rc.common
+
+      START=22
+      STOP=91
 
-      ip rule add pref 42000 lookup default
-      ip rule del pref 32767
-      ip route add default via {{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets['ele-mur']) | ipaddr('address') }} table 172
-      ip rule add pref 33000 from {{ network_zones.funkfeuer.prefix }} lookup 172
+      start() {
+        FF_IF=$(uci get network.ff.ifname)
+        FFSUBNET_IF=$(uci get network.ffsubnet.ifname)
+        FFSUBNET_IPADDR=$(uci get network.ffsubnet.ipaddr)
+        FFSUBNET_NETMASK=$(uci get network.ffsubnet.netmask)
 
-      exit 0
+        iptables -A FORWARD -i "$FFSUBNET_IF" -o "$FF_IF" -s "$FFSUBNET_IPADDR/$FFSUBNET_IPADDR" -j ACCEPT
+        iptables -A FORWARD -i "$FF_IF" -o "$FFSUBNET_IF" -d "$FFSUBNET_IPADDR/$FFSUBNET_IPADDR" -j ACCEPT
+        iptables -P FORWARD DROP
+      }
+
+      stop() {
+        iptables -P FORWARD ACCEPT
+        iptables -F FORWARD
+      }
 
 
 openwrt_uci:
@@ -98,12 +116,14 @@ openwrt_uci:
         ipaddr: 127.0.0.1
         netmask: 255.0.0.0
 
-    - name: interface 'unused'
+    - name: interface 'mgmt'
       options:
         ifname: eth0
-        proto: none
+        proto: static
+        ipaddr: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address') }}"
+        netmask: "{{ network_zones.mgmt.prefix | ipaddr('netmask') }}"
 
-    - name: interface 'uhrturm'
+    - name: interface 'ffsubnet'
       options:
         ifname: eth1
         proto: static
@@ -118,13 +138,6 @@ openwrt_uci:
         netmask: 255.255.0.0
         dns: "{{ network_zones.funkfeuer.dns }}"
 
-    - name: interface 'murattransfer'
-      options:
-        ifname: eth2
-        proto: static
-        ipaddr: "{{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets[inventory_hostname]) | ipaddr('address') }}"
-        netmask: "{{ network_zones.murat_transfer.prefix | ipaddr('netmask') }}"
-
   olsrd:
     - name: olsrd
       options:
-- 
cgit v1.2.3