#!/bin/bash
############################################################################
# Shorewall 1.4 -- /etc/shorewall/start
#
# Add commands below that you want to be executed after shorewall has
# been started or restarted.
#

INTERFACE=%s
BRIDGE_INT=%s
WLAN_INT=%s
DHCP_WLAN_PORT=%s

# ACCEPT VPN traffic
rfc1918_in_INTERFACE_fwd=`iptables --line-numbers -n -L ${INTERFACE}_fwd | grep rfc1918 | cut -d\  -f1`
rfc1918_in_INTERFACE_in=`iptables --line-numbers -n -L ${INTERFACE}_in | grep rfc1918 | cut -d\  -f1`

if test "x$rfc1918_in_INTERFACE_fwd" = "x" ; then
  echo "Error : no rfc1918 rule in ${INTERFACE}_fwd"
  exit 1
fi

if test "x$rfc1918_in_INTERFACE_in" = "x" ; then
  echo "Error : no rfc1918 rule in ${INTERFACE}_in"
  exit 1
fi

iptables -I ${INTERFACE}_fwd $rfc1918_in_INTERFACE_fwd -m mark --mark 1 -j ACCEPT
iptables -I ${INTERFACE}_in $rfc1918_in_INTERFACE_in -m mark --mark 1 -j ACCEPT

# DNAT wlan dhcpd
if test "x$WLAN_INT" != "x" ; then
  iptables -t nat -A PREROUTING -i $BRIDGE_INT -m physdev --physdev-in $WLAN_INT -p udp --dport 67 -j DNAT --to-destination 255.255.255.255:$DHCP_WLAN_PORT
fi