#!/bin/sh

#Source definition files
. /app/config/network_eth0.ini
. /app/config/network_eth1.ini
. /app/scripts/eipr_type

if [ "$EIPR_TYPE" = "REALTEK" ]; then
        LANIF=eth0.1
        #if Wi-FI enabled, use bridge interface as LAN side port
        if [ "$EIPR_WIFI" = "YES" ]; then
                LANIF=br0
        fi
else
        LANIF=eth1
fi


# check WAN Connection Type
if [ "$BOOTPROTO_ETH0" = "ppp" ]; then 
        WANIF=ppp0
else
        if [ "$EIPR_TYPE" = "REALTEK" ]; then
                WANIF=eth0.2
        else
                WANIF=eth0
        fi
fi

if [ "$EIPR_FW" != "NO" ]; then

# Flush iptables
#
iptables -F
iptables -F -t nat

# Drop current connections
conntrack -F
conntrack -F -t nat

#
# Allow access to and from loopback interface
#
iptables -I INPUT -i lo -j ACCEPT
iptables -I OUTPUT -o lo -j ACCEPT

#
# Set other common policies for chains
#
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#
# Set policy for internal interface
#
iptables -I INPUT -i $LANIF -j ACCEPT ## allow ALL inbound traffic on LAN side
iptables -I FORWARD -i $LANIF -m state --state NEW -j ACCEPT

#
# Allow Pings from the router
#
iptables -t nat -A POSTROUTING -o lo -j ACCEPT ##router pings itself

#iptables -t nat -A POSTROUTING -p icmp -o $WANIF -j ACCEPT ## router pings
                                                         ## devices on eth0
#iptables -t nat -A POSTROUTING -p icmp -o $LANIF -j ACCEPT ## router pings
                                                         ## devices on eth1


#
# Enable Wifi2 lan communication
#
if [ "$EIPR_WIFI" = "YES" ]; then
	eval $(ipcalc -np $IPADDR_ETH1 $NETMASK_ETH1)
	#echo $NETWORK
	#echo $PREFIX
	iptables -t nat -A POSTROUTING -s $NETWORK/$PREFIX -o br0 -j ACCEPT
fi

fi
