Verhindern, dass Firewallregeln neu angelegt werden, sofern sie schon…

… existieren.
ffac · Jul 2, 2024 · 0275e56 · 0275e56
1 parent 124ca22
commit 0275e56
Showing 1 changed file with 47 additions and 16 deletions.
diff --git a/ffac-private-wan-dhcp/luasrc/lib/gluon/upgrade/400-private-wan-dhcp-nat b/ffac-private-wan-dhcp/luasrc/lib/gluon/upgrade/400-private-wan-dhcp-nat
@@ -13,27 +13,58 @@ uci:commit('network')
 -- Forwarding über das wwan-Interface erlauben
 uci:set('firewall', '@zone[1]', 'forward', 'ACCEPT')
 
+-- Funktion um zu prüfen, ob eine Regel bereits existiert
+local function rule_exists(name)
+    local exists = false
+    uci:foreach('firewall', 'rule', function(section)
+        if section.name == name then
+            exists = true
+            return false
+        end
+    end)
+    return exists
+end
+
 -- DHCP in Firewall auf WAN erlauben
-uci:add('firewall', 'rule')
-uci:set('firewall', '@rule[-1]', 'name', 'Allow-DHCP-WAN')
-uci:set('firewall', '@rule[-1]', 'src', 'wan')
-uci:set('firewall', '@rule[-1]', 'proto', 'udp')
-uci:set('firewall', '@rule[-1]', 'src_port', '67 68')
-uci:set('firewall', '@rule[-1]', 'dest_port', '67 68')
-uci:set('firewall', '@rule[-1]', 'target', 'ACCEPT')
+if not rule_exists('Allow-DHCP-WAN') then
+    uci:add('firewall', 'rule')
+    uci:set('firewall', '@rule[-1]', 'name', 'Allow-DHCP-WAN')
+    uci:set('firewall', '@rule[-1]', 'src', 'wan')
+    uci:set('firewall', '@rule[-1]', 'proto', 'udp')
+    uci:set('firewall', '@rule[-1]', 'src_port', '67 68')
+    uci:set('firewall', '@rule[-1]', 'dest_port', '67 68')
+    uci:set('firewall', '@rule[-1]', 'target', 'ACCEPT')
+end
 
 -- DNS in Firewall auf WAN erlauben
-uci:add('firewall', 'rule')
-uci:set('firewall', '@rule[-1]', 'name', 'Allow-DNS-WAN')
-uci:set('firewall', '@rule[-1]', 'src', 'wan')
-uci:set('firewall', '@rule[-1]', 'proto', 'tcp udp')
-uci:set('firewall', '@rule[-1]', 'dest_port', '53')
-uci:set('firewall', '@rule[-1]', 'target', 'ACCEPT')
+if not rule_exists('Allow-DNS-WAN') then
+    uci:add('firewall', 'rule')
+    uci:set('firewall', '@rule[-1]', 'name', 'Allow-DNS-WAN')
+    uci:set('firewall', '@rule[-1]', 'src', 'wan')
+    uci:set('firewall', '@rule[-1]', 'proto', 'tcp udp')
+    uci:set('firewall', '@rule[-1]', 'dest_port', '53')
+    uci:set('firewall', '@rule[-1]', 'target', 'ACCEPT')
+end
+
+-- Funktion um zu prüfen, ob ein Forwarding bereits existiert
+local function forwarding_exists(src, dest)
+    local exists = false
+    uci:foreach('firewall', 'forwarding', function(section)
+        if section.src == src and section.dest == dest then
+            exists = true
+            return false
+        end
+    end)
+    return exists
+end
 
 -- NAT von wan auf wwan einrichten
-uci:add('firewall', 'forwarding')
-uci:set('firewall', '@forwarding[-1]', 'src', 'wan')
-uci:set('firewall', '@forwarding[-1]', 'dest', 'wwan')
+if not forwarding_exists('wan', 'wwan') then
+    uci:add('firewall', 'forwarding')
+    uci:set('firewall', '@forwarding[-1]', 'src', 'wan')
+    uci:set('firewall', '@forwarding[-1]', 'dest', 'wwan')
+end
+
 uci:commit('firewall')
 
 -- DHCP-Server einstellen für wan