From 272d234c0ad3416ab52a680fae297152eb689eb5 Mon Sep 17 00:00:00 2001
From: Aleksander Morgado <aleksander@aleksander.es>
Date: Sat, 7 Oct 2017 13:17:39 +0200
Subject: [PATCH] net/coova-chili: update default firewall setup

Remove the obsolete firewall configuration as the legacy firewall
package was removed in a901329781eae4716c21d3d8f70a18501d9f2352.

And at the same time, define in the configuration the correct paths
for the firewall rules, installed as /etc/chilli/{up|down}.sh

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
---
 net/coova-chilli/files/chilli.config   |  8 ++---
 net/coova-chilli/files/chilli.firewall | 41 --------------------------
 2 files changed, 4 insertions(+), 45 deletions(-)
 delete mode 100644 net/coova-chilli/files/chilli.firewall

diff --git a/net/coova-chilli/files/chilli.config b/net/coova-chilli/files/chilli.config
index 4c037c62d..41ee6cd26 100644
--- a/net/coova-chilli/files/chilli.config
+++ b/net/coova-chilli/files/chilli.config
@@ -71,14 +71,14 @@ config chilli
     # Script executed after network interface has been brought up.
     # Executed with the following parameters: <devicename> <ip address>
     # <mask>
-    # Normally you do not need to uncomment this option.
-    #option ipup /etc/chilli.ipup
+    # Normally you do not need to modify this option.
+    option ipup /etc/chilli/up.sh
 
     # Script executed after network interface has been taken down.
     # Executed with the following parameters: <devicename> <ip address>
     # <mask>
-    # Normally you do not need to uncomment this option.
-    #option ipdown /etc/chilli.ipdown
+    # Normally you do not need to modify this option.
+    option ipdown /etc/chilli/down.sh
 
 
     # Radius parameters
diff --git a/net/coova-chilli/files/chilli.firewall b/net/coova-chilli/files/chilli.firewall
deleted file mode 100644
index a5b1d001e..000000000
--- a/net/coova-chilli/files/chilli.firewall
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-
-chilli_firewall() {
-    local cfg="$1"
-
-    local network ifname tun
-
-    config_get network "$cfg" network
-
-    . /lib/functions/network.sh
-    network_get_device ifname ${network:-lan}
-
-    if [ "$ifname" = "" ]
-    then
-       config_get ifname "$cfg" dhcpif
-    fi
-
-    config_get tun "$cfg" tundev
-
-    for n in ACCEPT DROP REJECT
-    do
-       iptables -F zone_${network}_${n}
-       iptables -I zone_${network}_${n} -i $tun -j $n
-       iptables -I zone_${network}_${n} -o $tun -j $n
-    done
-
-    iptables -D forward -i ${ifname} -j zone_${network}_forward
-    iptables -A forward -i ${ifname} -j DROP
-    iptables -A forward -i $tun -j zone_${network}_forward
-
-    iptables -D input -i ${ifname} -j zone_${network}
-    iptables -A input -i $tun -j zone_${network}
-
-    iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT
-    iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT
-}
-
-chilli_post_core_cb() {
-    config_load chilli
-    config_foreach chilli_firewall chilli
-}