From e7f7fd594fe8974efc97f02884113b134617f854 Mon Sep 17 00:00:00 2001
From: Jesse Gilles <jgilles@multitech.com>
Date: Thu, 19 Dec 2013 17:01:41 -0600
Subject: ocg-scripts: add lan-interfaces option to ocg-cell-router

---
 .../ocg-scripts/ocg-scripts-1.0/ocg-cell-router    | 23 ++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router
index 0d48a9e..27287e0 100755
--- a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router
+++ b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router
@@ -3,6 +3,8 @@
 set -e
 
 do_start() {
+	lan_interfaces=$(echo "$1" | sed "s/,/ /g")
+
 	echo "Configuring firewall rules..."
 	# Flush all the tables first
 	iptables -t filter -F
@@ -16,8 +18,13 @@ do_start() {
 	# Allow packets in for existing socket connections
 	iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
-	# Accept all from LAN (Wired)
+	# Accept all from LAN interfaces (always accept on eth0)
 	iptables -t filter -A INPUT -i eth0 -j ACCEPT
+	for i in $lan_interfaces; do
+		if [ "$i" != "eth0" ]; then
+			iptables -t filter -A INPUT -i $i -j ACCEPT
+		fi
+	done
 
 	# Accept ssh from the LAN (Wired)
 	#iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
@@ -31,10 +38,12 @@ do_start() {
 	# Accept http from the WAN (Wireless)
 	#iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
 
-	# Allow packet fowarding from eth0 to ppp0 (cell router)
+	# Allow packet fowarding from LAN interfaces to ppp0 (cell router)
 	iptables -t filter -P FORWARD DROP
 	iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-	iptables -t filter -A FORWARD -i eth0 -o ppp0 -j ACCEPT
+	for i in $lan_interfaces; do
+		iptables -t filter -A FORWARD -i $i -o ppp0 -j ACCEPT
+	done
 
 	# Allow all output packets
 	iptables -t filter -P OUTPUT ACCEPT
@@ -65,14 +74,16 @@ do_stop() {
 	echo "Done"
 }
 
-if [[ $# -ne 1 ]]; then
-	echo "Usage: $(basename $0) start|stop"
+if [[ $# < 1 || $# > 2 ]]; then
+	echo "Usage: $(basename $0) start|stop [lan-interfaces]"
+	echo "       lan-interfaces: comma-separated list of LAN interfaces to forward to cellular"
+	echo "                       defaults to \"eth0\""
 	exit 1
 fi
 
 case $1 in
 	start)
-		do_start
+		do_start "${2:-eth0}"
 		;;
 	stop)
 		do_stop
-- 
cgit v1.2.3