#!/bin/sh /etc/rc.common # Copyright (C) 2015 # Must keep author's information if you use this file. START=50 HISTORY_DIR="/etc/config/guestwifi" [ -e /etc/config/guestwifi ]||mkdir -p /etc/config/guestwifi enabled=$(uci get guest-wifi.@guest-wifi[0].enable) wifi_name=$(uci get guest-wifi.@guest-wifi[0].wifi_name) interface_name=$(uci get guest-wifi.@guest-wifi[0].interface_name) encryption=$(uci get guest-wifi.@guest-wifi[0].encryption) passwd=$(uci get guest-wifi.@guest-wifi[0].passwd) interface_ip=$(uci get guest-wifi.@guest-wifi[0].interface_ip) isolate=$(uci get guest-wifi.@guest-wifi[0].isolate) start=$(uci get guest-wifi.@guest-wifi[0].start) limit=$(uci get guest-wifi.@guest-wifi[0].limit) leasetime=$(uci get guest-wifi.@guest-wifi[0].leasetime) device=$(uci get guest-wifi.@guest-wifi[0].device) create=$(uci get guest-wifi.@guest-wifi[0].create) start() { [ $enabled = 1 ] && { [ $create = 1 ] && { [ -f /etc/config/guestwifi/guest_del ] || echo "#! /bin/sh" > ${HISTORY_DIR}/guest_del chmod 0755 ${HISTORY_DIR}/guest_del add_interface add_ssid mod_dhcp mod_fw /etc/init.d/network restart } uci set guest-wifi.@guest-wifi[0].create='0' uci commit guest-wifi uci del wireless.$interface_name.disabled uci commit wireless wifi } } stop() { [ $enabled = 0 ] && { [ $create = 1 ] && { ${HISTORY_DIR}/guest_del rule_c=`uci show firewall |grep "Hide My LAN for $wifi_name"|grep -o "[0-9]*[0-9]"` uci del firewall.@rule[$rule_c] uci commit firewall rule_b=`uci show firewall |grep "Allow DHCP request for $wifi_name"|grep -o "[0-9]*[0-9]"` uci del firewall.@rule[$rule_b] uci commit firewall rule_a=`uci show firewall |grep "Allow DNS Queries for $wifi_name"|grep -o "[0-9]*[0-9]"` uci del firewall.@rule[$rule_a] uci commit firewall /etc/config/guestwifi/guest_del rm -rf /etc/config/guestwifi/guest_del /etc/init.d/network restart } uci set guest-wifi.@guest-wifi[0].create='0' uci commit guest-wifi uci set wireless.$interface_name.disabled='1' uci commit wireless wifi } } restart() { stop sleep 2 start } add_interface() { name=`uci show network |grep "$interface_ip"` if [ $? = 1 ]; then uci set network.$interface_name=interface uci set network.$interface_name.proto='static' uci set network.$interface_name.ipaddr="$interface_ip" uci set network.$interface_name.netmask='255.255.255.0' echo "uci del network.$interface_name" >> ${HISTORY_DIR}/guest_del echo "uci commit network" >> ${HISTORY_DIR}/guest_del uci commit network fi } add_ssid() { check_name=`uci show wireless |grep "$wifi_name"` if [ $? = 1 ]; then uci set wireless.$interface_name=wifi-iface uci set wireless.$interface_name.device="$device" uci set wireless.$interface_name.mode='ap' uci set wireless.$interface_name.network="$interface_name" uci set wireless.$interface_name.ssid="$wifi_name" uci set wireless.$interface_name.encryption="$encryption" uci set wireless.$interface_name.isolate="$isolate" if [ "$encryption" != "none" ]; then uci set wireless.$interface_name.key="$passwd" fi echo "uci del wireless.$interface_name" >> ${HISTORY_DIR}/guest_del echo "uci commit wireless" >> ${HISTORY_DIR}/guest_del uci commit wireless fi } mod_dhcp() { check_dhcp=`uci show dhcp |grep "$interface_name=dhcp"` if [ $? = 1 ]; then uci set dhcp.$interface_name=dhcp uci set dhcp.$interface_name.interface="$interface_name" uci set dhcp.$interface_name.start="$start" uci set dhcp.$interface_name.limit="$limit" uci set dhcp.$interface_name.leasetime="$leasetime" echo "uci del dhcp.$interface_name" >> ${HISTORY_DIR}/guest_del echo "uci commit dhcp" >> ${HISTORY_DIR}/guest_del uci commit dhcp fi } mod_fw() { num_a=`uci show firewall |grep '=zone' |wc -l` num_b=`uci show firewall |grep '=forwarding' |wc -l` check_zone=`uci show firewall |grep "name=\'$interface_name\'"` if [ $? = 1 ]; then uci add firewall zone echo "uci del firewall.@zone[$num_a]" >> ${HISTORY_DIR}/guest_del echo "uci commit firewall" >> ${HISTORY_DIR}/guest_del uci set firewall.@zone[$num_a]=zone uci set firewall.@zone[$num_a].name="$interface_name" uci set firewall.@zone[$num_a].network="$interface_name" uci set firewall.@zone[$num_a].forward='REJECT' uci set firewall.@zone[$num_a].output='ACCEPT' uci set firewall.@zone[$num_a].input='REJECT' uci commit firewall fi check_forward=`uci show firewall |grep "forwarding\[.*\].src=\'"$interface_name\'""` if [ $? = 1 ]; then uci add firewall forwarding echo "uci del firewall.@forwarding[$num_b]" >> ${HISTORY_DIR}/guest_del echo "uci commit firewall" >> ${HISTORY_DIR}/guest_del uci set firewall.@forwarding[$num_b]=forwarding uci set firewall.@forwarding[$num_b].src="$interface_name" uci set firewall.@forwarding[$num_b].dest='wan' uci commit firewall fi check_DNS=`uci show firewall |grep "Allow DNS Queries for $wifi_name"` if [ $? = 1 ]; then num_c=`uci show firewall |grep '=rule' |wc -l` uci add firewall rule uci set firewall.@rule[$num_c]=rule uci set firewall.@rule[$num_c].name="Allow DNS Queries for $wifi_name" uci set firewall.@rule[$num_c].src="$interface_name" uci set firewall.@rule[$num_c].dest_port='53' uci set firewall.@rule[$num_c].proto='tcpudp' uci set firewall.@rule[$num_c].target='ACCEPT' uci commit firewall unset num_c fi check_DHCP=`uci show firewall |grep "Allow DHCP request for $wifi_name"` if [ $? = 1 ]; then num_c=`uci show firewall |grep '=rule' |wc -l` uci add firewall rule uci set firewall.@rule[$num_c]=rule uci set firewall.@rule[$num_c].name="Allow DHCP request for $wifi_name" uci set firewall.@rule[$num_c].src="$interface_name" uci set firewall.@rule[$num_c].src_port='67-68' uci set firewall.@rule[$num_c].dest_port='67-68' uci set firewall.@rule[$num_c].proto='udp' uci set firewall.@rule[$num_c].target='ACCEPT' uci commit firewall unset num_c fi check_HIDE=`uci show firewall |grep "Hide My LAN for $wifi_name"` if [ $? = 1 ]; then num_c=`uci show firewall |grep '=rule' |wc -l` uci add firewall rule uci set firewall.@rule[$num_c]=rule uci set firewall.@rule[$num_c].enabled='1' uci set firewall.@rule[$num_c].name="Hide My LAN for $wifi_name" uci set firewall.@rule[$num_c].proto='all' uci set firewall.@rule[$num_c].src="$interface_name" #convert netmask to cidr local lan_netmask=`uci get network.lan.netmask` local nbits=0 local IFS=. for netmask_dec in $lan_netmask ; do case $netmask_dec in 255) let nbits+=8 ;; 254) let nbits+=7 ;; 252) let nbits+=6 ;; 248) let nbits+=5 ;; 240) let nbits+=4 ;; 224) let nbits+=3 ;; 192) let nbits+=2 ;; 128) let nbits+=1 ;; 0) ;; *) echo "Error: $netmask_dec can not be recognised as netmask decimal." && exit 1 ;; esac done unset netmask_dec uci set firewall.@rule[$num_c].dest_ip="`uci get network.lan.ipaddr`/$nbits" uci set firewall.@rule[$num_c].target='REJECT' uci commit firewall unset num_c fi }