#!/bin/sh

. /app/config/network_eth0.ini
. /app/config/network_eth1.ini
. /app/scripts/eipr_type

if [ "$EIPR_TYPE" = "REALTEK" ]; then
        LANIF=eth0.1
        #if Wi-FI enabled, use bridge interface as LAN side port
        if [ "$EIPR_WIFI" = "YES" ]; then
                LANIF=br0
        fi
else
        LANIF=eth1
fi


# check WAN Connection Type
if [ "$BOOTPROTO_ETH0" = "ppp" ]; then 
        WANIF=ppp0
else
        if [ "$EIPR_TYPE" = "REALTEK" ]; then
                WANIF=eth0.2
        else
                WANIF=eth0
        fi
fi

if [ "$EIPR_FW" != "NO" ]; then

#
# Allow access to and from loopback interface
#
iptables -I INPUT -i lo -j ACCEPT
iptables -I OUTPUT -o lo -j ACCEPT

#
# Set other common policies for chains
#
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#
# Set policy for internal interface
#
iptables -I INPUT -i $LANIF -j ACCEPT ## allow ALL inbound traffic on LAN side
iptables -I FORWARD -i $LANIF -m state --state NEW -j ACCEPT

#
# Allow Pings from the router
#
iptables -t nat -A POSTROUTING -o lo -j ACCEPT ##router pings itself

#iptables -t nat -A POSTROUTING -p icmp -o $WANIF -j ACCEPT ## router pings
                                                         ## devices on eth0
#iptables -t nat -A POSTROUTING -p icmp -o $LANIF -j ACCEPT ## router pings
                                                         ## devices on eth1
fi

# Configure iptable rules from the user settings if WAN is set for static
#
if [ "$BOOTPROTO_ETH0" = "none" ]; then 
	/app/bin/config-router
	if [ "$EIPR_BBMD" = "YES" ]; then
		/app/bin/bbmd &
	fi
fi

# Load modules for FTP connection tracking
modprobe nf_nat_ftp
modprobe nf_conntrack_ftp

# exit
exit 0
