Skip to content
Snippets Groups Projects

WIP: Bugfix/collect invalid uci default

Merged Karel Koci requested to merge bugfix/collect-invalid-uci-default into develop
Files
11
#!/bin/sh
uci -q batch <<EOT
delete firewall.haas_proxy_mark
set firewall.haas_proxy_mark=rule
set firewall.haas_proxy_mark.name=HaaS proxy WAN port 22 mark to pass Sentinel dynamic firewall
set firewall.haas_proxy_mark.src=wan
set firewall.haas_proxy_mark.src_dport=22
set firewall.haas_proxy_mark.set_mark=0x10
set firewall.haas_proxy_mark.proto=tcp
set firewall.haas_proxy_mark.target=MARK
delete firewall.haas_proxy
set firewall.haas_proxy=redirect
set firewall.haas_proxy.name=HaaS proxy WAN port 22 redirect
set firewall.haas_proxy.src=wan
set firewall.haas_proxy.src_dport=22
set firewall.haas_proxy.dest_port=2525
set firewall.haas_proxy.proto=tcp
set firewall.haas_proxy.target=DNAT
if [ "$(uci -q get firewall.haas_proxy_mark)" != "rule" ]; then
uci -q batch <<EOT
delete firewall.haas_proxy_mark
set firewall.haas_proxy_mark='rule'
set firewall.haas_proxy_mark.name='HaaS proxy WAN port 22 mark to pass Sentinel dynamic firewall'
set firewall.haas_proxy_mark.src='wan'
set firewall.haas_proxy_mark.dest_port='22'
set firewall.haas_proxy_mark.set_mark='0x10'
set firewall.haas_proxy_mark.proto='tcp'
set firewall.haas_proxy_mark.target='MARK'
commit firewall.haas_proxy_mark
EOT
fi
commit firewall
if [ "$(uci -q get firewall.haas_proxy)" != "redirect" ]; then
uci -q batch <<EOT
delete firewall.haas_proxy
set firewall.haas_proxy='redirect'
set firewall.haas_proxy.name='HaaS proxy WAN port 22 redirect'
set firewall.haas_proxy.src='wan'
set firewall.haas_proxy.src_dport='22'
set firewall.haas_proxy.dest_port='2525'
set firewall.haas_proxy.proto='tcp'
set firewall.haas_proxy.target='DNAT'
commit firewall.haas_proxy
EOT
# TODO we should possibly move marking rule before drop rule of Sentinel dynamic firewall
fi