#!/bin/sh

. /app/config/network_eth0.ini
. /app/scripts/eipr_type

if [ "$EIPR_TYPE" = "REALTEK" ]; then
	LANIF=eth0.1
else
	LANIF=eth1
fi


# check WAN Connection Type
if [ "$BOOTPROTO_ETH0" = "ppp" ]; then 
	WANIF=ppp0
else
	if [ "$EIPR_TYPE" = "REALTEK" ]; then
		WANIF=eth0.2
	else
		WANIF=eth0
	fi
fi

# Flush iptables
#
iptables -F
iptables -F -t nat

if [ "$EIPR_FW" != "NO" ]; then
# Set default policies of built-in chains to drop
#
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING DROP 
iptables -t nat -P OUTPUT ACCEPT

#
# Allow access to and from loopback interface
#
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#
# Set other common policies for chains
#
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#
# Set policy for internal interface
#
iptables -A INPUT -i $LANIF -j ACCEPT ## allow ALL inbound traffic on LAN side
iptables -A FORWARD -i $LANIF -m state --state NEW -j ACCEPT

#
# Allow Pings from the router
#
iptables -t nat -A POSTROUTING -o lo -j ACCEPT ##router pings itself

#iptables -t nat -A POSTROUTING -p icmp -o $WANIF -j ACCEPT ## router pings
                                                         ## devices on eth0
#iptables -t nat -A POSTROUTING -p icmp -o $LANIF -j ACCEPT ## router pings
                                                         ## devices on eth1
fi

# Configure iptable rules from the user settings
#
/app/bin/config-router

# Load modules for FTP connection tracking
modprobe nf_nat_ftp
modprobe nf_conntrack_ftp

# exit
exit 0
