From 2b92e12de39cf0bbc6726e81ab84144177adca3d Mon Sep 17 00:00:00 2001
From: Michael Schwarz <me@oscarminus.de>
Date: Mon, 18 May 2015 20:09:09 +0200
Subject: [PATCH] Get allowed prefixes from site.conf

With this commit, the allowed networks for ipv4 and ipv6 are
retrieved from the global config file site.conf. An additional
option was added "additional_prefix6" to hold all extra prefixes
beside the main prefix given in "prefix6".

See https://git.c3pb.de/freifunk-pb/ffpb-packages/issues/3
---
 .../ebtables/110-ffpb-net-allow-ipv4-space    | 11 +++++----
 .../ebtables/110-ffpb-net-allow-ipv6-spaces   | 24 +++++++++++++++----
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv4-space b/ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv4-space
index fdf2e9c..72c9402 100644
--- a/ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv4-space
+++ b/ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv4-space
@@ -1,4 +1,7 @@
-rule 'FFPB_NET_ONLY -p IPv4 --ip-protocol udp --ip-destination-port 67 -j RETURN'
-rule 'FFPB_NET_ONLY -p IPv4 --ip-src 10.132.0.0/17 -j RETURN'
-rule 'FFPB_NET_ONLY -p ARP --arp-ip-src 10.132.0.0/17 --arp-ip-dst 10.132.0.0/17 -j RETURN'
-rule 'FFPB_NET_ONLY -p ARP --arp-ip-src 0.0.0.0/0 --arp-ip-dst 10.132.0.0/17 -j RETURN'
+siteConfig = require("gluon.site_config")
+prefix4 = siteConfig.prefix4
+
+rule ('FFPB_NET_ONLY -p IPv4 --ip-protocol udp --ip-destination-port 67 -j RETURN')
+rule ('FFPB_NET_ONLY -p IPv4 --ip-src ' .. prefix4 .. ' -j RETURN')
+rule ('FFPB_NET_ONLY -p ARP --arp-ip-src ' .. prefix4 .. ' --arp-ip-dst ' .. prefix4 .. ' -j RETURN')
+rule ('FFPB_NET_ONLY -p ARP --arp-ip-src 0.0.0.0/0 --arp-ip-dst ' .. prefix4 .. ' -j RETURN')
diff --git a/ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv6-spaces b/ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv6-spaces
index 90a79c9..1c3f9ad 100644
--- a/ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv6-spaces
+++ b/ffpb/ffpb-ebtables-net-rules/files/lib/gluon/ebtables/110-ffpb-net-allow-ipv6-spaces
@@ -1,5 +1,19 @@
-rule 'FFPB_NET_ONLY -p IPv6 --ip6-src fe80::/10 -j RETURN'
-rule 'FFPB_NET_ONLY -p IPv6 --ip6-dst ff00::/8 -j RETURN'
-rule 'FFPB_NET_ONLY -p IPv6 --ip6-src fdca:ffee:ff12:132::/64 -j RETURN'
-rule 'FFPB_NET_ONLY -p IPv6 --ip6-src 2001:470:6d:860::/64 -j RETURN'
-rule 'FFPB_NET_ONLY -p IPv6 --ip6-src 2a03:2260:113::/48 -j RETURN'
+siteConfig = require("gluon.site_config")
+
+-- iterate through lists
+function list_iter (_table)
+    local i = 0 
+    local n = table.getn(_table)
+    return function ()
+        i = i + 1 
+        if i <= n then return _table[i] end 
+    end 
+end
+
+rule ('FFPB_NET_ONLY -p IPv6 --ip6-src fe80::/10 -j RETURN')
+rule ('FFPB_NET_ONLY -p IPv6 --ip6-dst ff00::/8 -j RETURN')
+rule ('FFPB_NET_ONLY -p IPv6 --ip6-src ' .. siteConfig.prefix6 .. ' -j RETURN')
+
+for prefix in list_iter(siteConfig.additional_prefix6) do
+	rule ('FFPB_NET_ONLY -p IPv6 --ip6-src ' .. prefix .. ' -j RETURN')
+end
-- 
GitLab