net/coova-chili: update default firewall setup

Remove the obsolete firewall configuration as the legacy firewall
package was removed in a901329781eae4716c21d3d8f70a18501d9f2352.

And at the same time, define in the configuration the correct paths
for the firewall rules, installed as /etc/chilli/{up|down}.sh

Signed-off-by: Aleksander Morgado <>
This commit is contained in:
Aleksander Morgado 2017-10-07 13:17:39 +02:00
parent 79ef85aa8c
commit 272d234c0a
2 changed files with 4 additions and 45 deletions

View File

@ -71,14 +71,14 @@ config chilli
# Script executed after network interface has been brought up.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this option.
#option ipup /etc/chilli.ipup
# Normally you do not need to modify this option.
option ipup /etc/chilli/
# Script executed after network interface has been taken down.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this option.
#option ipdown /etc/chilli.ipdown
# Normally you do not need to modify this option.
option ipdown /etc/chilli/
# Radius parameters

View File

@ -1,41 +0,0 @@
chilli_firewall() {
local cfg="$1"
local network ifname tun
config_get network "$cfg" network
. /lib/functions/
network_get_device ifname ${network:-lan}
if [ "$ifname" = "" ]
config_get ifname "$cfg" dhcpif
config_get tun "$cfg" tundev
iptables -F zone_${network}_${n}
iptables -I zone_${network}_${n} -i $tun -j $n
iptables -I zone_${network}_${n} -o $tun -j $n
iptables -D forward -i ${ifname} -j zone_${network}_forward
iptables -A forward -i ${ifname} -j DROP
iptables -A forward -i $tun -j zone_${network}_forward
iptables -D input -i ${ifname} -j zone_${network}
iptables -A input -i $tun -j zone_${network}
iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT
iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT
chilli_post_core_cb() {
config_load chilli
config_foreach chilli_firewall chilli