From 64a902327893b11456ecccf8d40561a3f9102f92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Wed, 6 Apr 2022 15:55:26 +0200
Subject: [PATCH] mesh-olsrd: add babel rules

---
 .../upgrade/310-gluon-mesh-babel-firewall     | 103 ++++++++++++++++++
 .../430-gluon-mesh-babel-add-mmfd-interface   |  10 ++
 2 files changed, 113 insertions(+)
 create mode 100755 package/gluon-mesh-olsrd/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall
 create mode 100755 package/gluon-mesh-olsrd/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface

diff --git a/package/gluon-mesh-olsrd/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall b/package/gluon-mesh-olsrd/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall
new file mode 100755
index 00000000..5f3a8976
--- /dev/null
+++ b/package/gluon-mesh-olsrd/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall
@@ -0,0 +1,103 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+local site = require "gluon.site"
+
+uci:section('firewall', 'zone', 'l3roamd', {
+	name = 'l3roamd',
+	input = 'ACCEPT',
+	output = 'ACCEPT',
+	forward = 'REJECT',
+	device = 'l3roam+',
+	log = '1',
+})
+
+uci:section('firewall', 'zone', 'mmfd', {
+	name = 'mmfd',
+	input = 'REJECT',
+	output = 'accept',
+	forward = 'REJECT',
+	device = 'mmfd+',
+	log = '1',
+})
+
+-- forwardings and respective rules
+uci:section('firewall', 'forwarding', 'fcc', {
+	src = 'loc_client',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fcm', {
+	src = 'loc_client',
+	dest = 'mesh',
+})
+
+uci:section('firewall', 'forwarding', 'fmc', {
+	src = 'mesh',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fmm', {
+	src = 'mesh',
+	dest = 'mesh',
+})
+
+uci:section('firewall', 'forwarding', 'flc', {
+	src = 'l3roamd',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fcl', {
+	src = 'loc_client',
+	dest = 'l3roamd',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
+	src = 'mesh',
+	src_ip = 'fe80::/64' ,
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast2', {
+	src = 'mesh',
+	src_ip = site.node_prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_ll', {
+	src = 'mmfd',
+	src_ip = 'fe80::/64',
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_mesh', {
+	src = 'mmfd',
+	src_ip = site.node_prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_mmfd', {
+	src = 'mesh',
+	src_ip = 'fe80::/64',
+	dest_port = '27275',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule', 'mesh_babel', {
+	src = 'mesh',
+	src_ip = 'fe80::/64',
+	dest_port = '6696',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:save('firewall')
diff --git a/package/gluon-mesh-olsrd/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface b/package/gluon-mesh-olsrd/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface
new file mode 100755
index 00000000..073d288e
--- /dev/null
+++ b/package/gluon-mesh-olsrd/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface
@@ -0,0 +1,10 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+uci:section('network', 'interface', 'mmfd', {
+	proto = 'static',
+	ifname = 'mmfd0',
+	ip6addr = 'fe80::1/64'
+})
+uci:save('network')