blob: 7f26653e04dd79047129382cf89ea4843d8cfa69 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# SPDX-License-Identifier: AGPL-3.0-or-later
# Copyright (C) 2025-2026 Chester A. Unal <chester.a.unal@arinc9.com>
# Get the interface of lan network.
lan_network_interface="$(uci -q get network.lan.device)"
# If the interface exists, check if it is a bridge.
[ -n "$lan_network_interface" ] && for section in $(uci show network | grep "name='$lan_network_interface'" | cut -d. -f2); do
[ "$(uci -q get network.$section.type)" = bridge ] && lan_section="$section" && break
done
if [ -n "$lan_section" ]; then
# Save all interfaces.
lan_interfaces=$(uci get network.$lan_section.ports)
# Set biggest number interface as lan network.
lan_network_interface="$(echo $lan_interfaces | tr ' ' '\n' | grep '[0-9]\+$' | sort -V | tail -n1)"
# If there are no interfaces with numbers, use the first interface on
# the list.
[ -z "$lan_network_interface" ] && lan_network_interface="$(echo $lan_interfaces | tr ' ' '\n' | head -n1)"
uci set network.lan.device="$lan_network_interface"
# Remove bridge interface.
uci delete network.$lan_section
fi
# Get the interface of wan network.
wan_network_interface="$(uci -q get network.wan.device)"
# If the interface exists, check if it is a bridge.
[ -n "$wan_network_interface" ] && for section in $(uci show network | grep "name='$wan_network_interface'" | cut -d. -f2); do
[ "$(uci -q get network.$section.type)" = bridge ] && wan_section="$section" && break
done
if [ -n "$wan_section" ]; then
# Save all interfaces.
wan_network_interface="$(uci get network.$wan_section.ports)"
# Remove bridge interface.
uci delete network.$wan_section
fi
# Add a wan network entry for wan network's interface(s) and lan network
# interfaces other than the one used for lan, if there are any.
final_wan_interfaces="$wan_network_interface $(echo $lan_interfaces | tr ' ' '\n' | grep -v "^$lan_network_interface$")"
# Exit if there are no suitable wan interfaces.
[ -z "$(echo "$final_wan_interfaces" | tr ' ' '\n')" ] && exit
# Delete existing wan and wan6 networks.
uci delete network.wan
uci -q delete network.wan6
fw_section=$(uci show firewall | grep "name='wan'" | cut -d. -f2)
if [ -n "$fw_section" ]; then
uci -q del_list firewall.$fw_section.network='wan'
uci -q del_list firewall.$fw_section.network='wan6'
# If firewall section for wan doesn't exist, create one.
else
fw_section=$(uci add firewall zone)
uci set firewall.@zone[-1].name='wan'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='DROP'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
fi
index=1
for dev in $final_wan_interfaces; do
# Only metrics 1 to 8 must be allocated for WAN so do not add any more.
[ "$index" -gt 8 ] && break
uci -q delete network.wan$index
uci set network.wan$index=interface
uci set network.wan$index.device="$dev"
uci set network.wan$index.proto='dhcp'
uci set network.wan$index.metric="$index"
# Add every wan network entry to firewall wan zone.
uci add_list firewall.$fw_section.network="wan$index"
index=$((index + 1))
done
# Configure xray.
uci set xray.enabled.enabled='1'
# Add rule to use routing table 100 for transparent proxy traffic.
rule_section=$(uci show network | grep "mark='1'" | cut -d. -f2)
[ -n "$rule_section" ] && uci delete network.$rule_section
uci add network rule
uci set network.@rule[-1].priority='0'
uci set network.@rule[-1].lookup='100'
uci set network.@rule[-1].mark='1'
# Add route to route transparent proxy traffic to the loopback interface.
route_section=$(uci show network | grep "table='100'" | cut -d. -f2)
[ -n "$route_section" ] && uci delete network.$route_section
uci add network route
uci set network.@route[-1].interface='loopback'
uci set network.@route[-1].type='local'
uci set network.@route[-1].target='0.0.0.0/0'
uci set network.@route[-1].table='100'
# Commit changes.
uci commit
# Enable bonding and ignore the non-zero exit code of bsbf-bonding.
bsbf-bonding --enable || true
|
