#!/bin/bash

BR_INT=%s

LAN_INT=%s
LAN_NET=%s
LAN_PREFIX=%s

WLAN_INT=%s
WLAN_NET=%s
WLAN_PREFIX=%s
DHCP_WLAN_PORT=%s

brctl addbr $BR_INT
brctl addif $BR_INT $LAN_INT
brctl addif $BR_INT $WLAN_INT

ifup $BR_INT

# Filter ip addresses based on interface (allow only net/mask and dhcp)
ebtables -A INPUT -i $LAN_INT -p IPv4 --ip-src $LAN_NET/$LAN_PREFIX -j ACCEPT
ebtables -A INPUT -i $LAN_INT -p IPv4 --ip-src 0.0.0.0 --ip-dst 255.255.255.255\
 --ip-proto udp --ip-sport 68 --ip-dport 67 -j ACCEPT
ebtables -A INPUT -i $LAN_INT -p IPv4 -j DROP --log-ip --log-prefix 'eb_lan_in_drop'

ebtables -A FORWARD -i $LAN_INT -p IPv4 --ip-src $LAN_NET/$LAN_PREFIX -j ACCEPT
ebtables -A FORWARD -i $LAN_INT -p IPv4 --ip-src 0.0.0.0 --ip-dst 255.255.255.255\
 --ip-proto udp --ip-sport 68 --ip-dport 67 -j ACCEPT
ebtables -A FORWARD -i $LAN_INT -p IPv4 -j DROP --log-ip --log-prefix 'eb_lan_fwd_drop'

ebtables -A INPUT -i $WLAN_INT -p IPv4 --ip-src $WLAN_NET/$WLAN_PREFIX -j ACCEPT
ebtables -A INPUT -i $WLAN_INT -p IPv4 --ip-src 0.0.0.0 --ip-dst 255.255.255.255\
 --ip-proto udp --ip-sport 68 --ip-dport $DHCP_WLAN_PORT -j ACCEPT
ebtables -A INPUT -i $WLAN_INT -p IPv4 -j DROP --log-ip --log-prefix 'eb_wlan_in_drop'

ebtables -A FORWARD -i $WLAN_INT -p IPv4 --ip-src $WLAN_NET/$WLAN_PREFIX -j ACCEPT
ebtables -A FORWARD -i $WLAN_INT -p IPv4 --ip-src 0.0.0.0 --ip-dst 255.255.255.255\
 --ip-proto udp --ip-sport 68 --ip-dport $DHCP_WLAN_PORT -j ACCEPT
ebtables -A FORWARD -i $WLAN_INT -p IPv4 -j DROP --log-ip --log-prefix 'eb_wlan_fwd_drop'