Merge pull request #4911 from aleksander0m/coova-chili-fw-fix

net/coova-chili: update default firewall setup

net/coova-chilli/files/chilli.config

@@ -71,14 +71,14 @@ config chilli
     # Script executed after network interface has been brought up.
     # Executed with the following parameters: <devicename> <ip address>
     # <mask>
-    # Normally you do not need to uncomment this option.
+    # Normally you do not need to modify this option.
-    #option ipup /etc/chilli.ipup
+    option ipup /etc/chilli/up.sh
 
     # Script executed after network interface has been taken down.
     # Executed with the following parameters: <devicename> <ip address>
     # <mask>
-    # Normally you do not need to uncomment this option.
+    # Normally you do not need to modify this option.
-    #option ipdown /etc/chilli.ipdown
+    option ipdown /etc/chilli/down.sh
 
 
     # Radius parameters

net/coova-chilli/files/chilli.firewall

@@ -1,41 +0,0 @@
-#!/bin/sh
-
-chilli_firewall() {
-    local cfg="$1"
-
-    local network ifname tun
-
-    config_get network "$cfg" network
-
-    . /lib/functions/network.sh
-    network_get_device ifname ${network:-lan}
-
-    if [ "$ifname" = "" ]
-    then
-       config_get ifname "$cfg" dhcpif
-    fi
-
-    config_get tun "$cfg" tundev
-
-    for n in ACCEPT DROP REJECT
-    do
-       iptables -F zone_${network}_${n}
-       iptables -I zone_${network}_${n} -i $tun -j $n
-       iptables -I zone_${network}_${n} -o $tun -j $n
-    done
-
-    iptables -D forward -i ${ifname} -j zone_${network}_forward
-    iptables -A forward -i ${ifname} -j DROP
-    iptables -A forward -i $tun -j zone_${network}_forward
-
-    iptables -D input -i ${ifname} -j zone_${network}
-    iptables -A input -i $tun -j zone_${network}
-
-    iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT
-    iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT
-}
-
-chilli_post_core_cb() {
-    config_load chilli
-    config_foreach chilli_firewall chilli
-}