#!/bin/sh # # Beware! This script will be in /rom/etc/uci-defaults/ as part of the image. # Uncomment lines to apply: WIFI_2G_SSID="fta-bgn" WIFI_5G_SSID="fta-nac" WIFI_2G_PASSWORD="fuckingwep" WIFI_5G_PASSWORD="fuckingwep" root_password="AsD7fg" lan_ip_address="192.168.77.1" hostname="gw-elmash" # dhcp server 1 disable, 0 enable dhcpsrv="0" # log potential errors exec >/tmp/setup.log 2>&1 if [ -n "$root_password" ]; then (echo "$root_password"; sleep 1; echo "$root_password") | passwd > /dev/null fi # Configure LAN # More options: https://openwrt.org/docs/guide-user/base-system/basic-networking if [ -n "$lan_ip_address" ]; then uci set network.lan.ipaddr="$lan_ip_address" uci commit network fi # Configure WLAN # More options: https://openwrt.org/docs/guide-user/network/wifi/basic#wi-fi_interfaces echo 'Configuring Wi-Fi...' uci set wireless.radio0.channel='6' uci set wireless.radio0.country='RU' uci set wireless.radio0.legacy_rates='0' uci set wireless.radio0.noscan='1' uci del wireless.radio0.disabled &> /dev/null uci set wireless.default_radio0.ssid="${WIFI_5G_SSID}" uci set wireless.default_radio0.encryption='psk2' uci set wireless.default_radio0.key="${WIFI_5G_PASSWORD}" uci set wireless.radio1.channel='64' uci set wireless.radio1.country='RU' uci set wireless.radio1.legacy_rates='0' uci set wireless.radio1.noscan='1' uci del wireless.radio1.disabled &> /dev/null uci set wireless.default_radio1.ssid="${WIFI_2G_SSID}" uci set wireless.default_radio1.encryption='psk2' uci set wireless.default_radio1.key="${WIFI_2G_PASSWORD}" uci commit wireless # Configure system uci set system.@system[0].hostname="$hostname" uci set system.@system[0].timezone='<+05>-5' uci set system.ntp.enable_server='1' uci set system.ntp.interface='lan' uci set system.@system[0].zonename='Asia/Yekaterinburg' uci commit system /etc/init.d/system restart # Configure ssh dropbear SSHPUB="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSZsnOKXMTO7GTdrDUzuemE2h+SAIwMBbsrLVtx/CFoYidtT5qQ4ukAJG5JvRIkmZUl0t2C69z0nEEZXInTycsqQW7IlYpiy9yTlImd9QmyckZcHptTtEzyNdcCDOXOcW2Q0YEykpOoccTCkk2PHa3Xufel67jTwXfaqAVzaN5fXy6uO2I1ab5HHwCFX8zTuagBXKSYDMlHxrz9friu8ipuiPsEgl5n1LOvasypnZkpjhb5XnJi7tyRHfbzx+X+DIZc/ZW21BPtcExSXn+mmVhTD0vQh9MGG/hnfdvCXGPSKGGHMPiZEL9vzN3PvBYVchp/8DDSKtRZtJnBpNhdtl+8LjGsOgDPN51otOxcDtIQgOiMGbgX6fzMB7EN642b3f8tlFp3aVswtH3isBz6AgeVO+qqI/nW6Io7mayNXrDXVIULh0Ol4TKTZ61KGLCUhX/ZL9ifXdXWlTVeXzidaxIZ7BGF5SaTRlHJhRfqVc8fZI9BBaPFFSqxBYzybYkGzU= jeka@x220" cat << EOI > /etc/dropbear/authorized_keys ${SSHPUB} EOI chmod 600 /etc/dropbear/authorized_keys uci set dropbear.@dropbear[0].PasswordAuth="0" uci set dropbear.@dropbear[0].RootPasswordAuth="0" uci set dropbear.@dropbear[0].GatewayPorts='on' uci commit dropbear /etc/init.d/dropbear restart # Configure uhttpd uci set uhttpd.main.listen_http='0.0.0.0:8080' uci set uhttpd.main.listen_https='0.0.0.0:4431' uci commit uhttpd /etc/init.d/uhttpd restart # DHCP server on/off uci set dhcp.lan.ignore="$dhcpsrv" uci set dhcp.lan.start='50' uci set dhcp.lan.limit='100' uci add host uci set dhcp.@host[-1].name='jeka-office' uci set dhcp.@host[-1].mac='4c:cc:6a:01:5d:30' uci set dhcp.@host[-1].ip='192.168.77.35' uci add host uci set dhcp.@host[-1].name='fs1370dn' uci set dhcp.@host[-1].mac='00:C0:EE:9E:01:55' uci set dhcp.@host[-1].ip='192.168.77.33' uci add host uci set dhcp.@host[-1].name='kyoceraigor' uci set dhcp.@host[-1].mac='00:17:C8:21:A7:F2' uci set dhcp.@host[-1].ip='192.168.77.30' uci add host uci set dhcp.@host[-1].name='kyocerascanner' uci set dhcp.@host[-1].mac='00:C0:EE:BB:85:2C' uci set dhcp.@host[-1].ip='192.168.77.31' uci add host uci set dhcp.@host[-1].name='natasha-office' uci set dhcp.@host[-1].mac='50:46:5D:09:D0:69' uci set dhcp.@host[-1].ip='192.168.77.36' uci add host uci set dhcp.@host[-1].name='klipper' uci set dhcp.@host[-1].mac='B8:27:EB:B9:82:6D' uci set dhcp.@host[-1].ip='192.168.77.44' uci commit dhcp /etc/init.d/dnsmasq restart # Configure network # VPN LAN BAUMANA uci set network.vpn0=interface uci set network.vpn0.proto='wireguard' uci set network.vpn0.private_key='gFr1rme9kPAo6qJ4ss9wT8GYlwqIaPP0Tk+Y0VT8smo=' uci set network.vpn0.listen_port='23555' uci add network wireguard_vpn0 uci set network.@wireguard_vpn0[0].description='Site Baumana Home' uci set network.@wireguard_vpn0[0].public_key='ZNRTOIidJnKA34g1pDHVi0F1q2n7goNcJjDfGrTUnTM=' uci set network.@wireguard_vpn0[0].preshared_key='qBhqDIizi2rR8DduM+LPedXcuTm02XQWSmtJ3s3r+NA=' uci set network.@wireguard_vpn0[0].allowed_ips='192.168.75.0/24' '192.168.3.0/24' uci set network.@wireguard_vpn0[0].route_allowed_ips='1' uci set network.@wireguard_vpn0[0].persistent_keepalive='25' uci set network.@wireguard_vpn0[0].endpoint_host='wg.npau.ru' uci set network.@wireguard_vpn0[0].endpoint_port='23555' # VPN LAN ARAMIL uci set network.vpn1=interface uci set network.vpn1.proto='wireguard' uci set network.vpn1.private_key='uGb0lzBp6xeG3QW9YX1JOe47o9j8oY3fqtRdbH4gz3c=' uci set network.vpn1.listen_port='23556' uci add network wireguard_vpn1 uci set network.@wireguard_vpn1[0].description='Site Aramil Office' uci set network.@wireguard_vpn1[0].public_key='UrNRptLKi9GEKY/NgViIzK9F63oDNsMjuUgqQApQCQE=' uci set network.@wireguard_vpn1[0].preshared_key='GdSszP+e86Vhs+/GD7uHpsLCnBCpyBZwMmOlxbS6OOg=' uci set network.@wireguard_vpn1[0].allowed_ips='192.168.47.0/24' uci set network.@wireguard_vpn1[0].route_allowed_ips='1' uci set network.@wireguard_vpn1[0].persistent_keepalive='25' uci set network.@wireguard_vpn1[0].endpoint_host='aramil.npau.ru' uci set network.@wireguard_vpn1[0].endpoint_port='23556' # VPN LAN OLGA uci set network.vpn2=interface uci set network.vpn2.proto='wireguard' uci set network.vpn2.private_key='2IOKg/anbXm5yV7CteOAL02Ae6ewVIZu1E/+V/nM2lo=' uci set network.vpn2.listen_port='23559' uci add network wireguard_vpn2 uci set network.@wireguard_vpn2[0].description='Site Olga Office' uci set network.@wireguard_vpn2[0].public_key='SWZxuUR4tFoHbS/0jQm670X4Ex8TDyHRiW8u2D8QMHw=' uci set network.@wireguard_vpn2[0].preshared_key='aUBTNiL5mBjMa2WXxSjdAUHkDr3laEv5py8tavNjndI=' uci set network.@wireguard_vpn2[0].allowed_ips='192.168.97.0/24' uci set network.@wireguard_vpn2[0].route_allowed_ips='1' uci set network.@wireguard_vpn2[0].persistent_keepalive='25' uci set network.@wireguard_vpn2[0].endpoint_host='olga.npau.ru' uci set network.@wireguard_vpn2[0].endpoint_port='23559' # VPN LAN PIVKO uci set network.vpn3=interface uci set network.vpn3.proto='wireguard' uci set network.vpn3.private_key='iJl+I4d7lako5lJuwbm3jDeuStT4SAA4AE11tStVQVc=' uci set network.vpn3.listen_port='23560' uci add network wireguard_vpn3 uci set network.@wireguard_vpn3[0].description='Site Pivko' uci set network.@wireguard_vpn3[0].public_key='Fa1MCMOZ5V55ApFY6OGcmg3YnWwScYH4QKpbQ9jDhzM=' uci set network.@wireguard_vpn3[0].preshared_key='tPDt9HWswEEGyW0qjTwD7h5GMqDhitNAGojiMt2rxNI=' uci set network.@wireguard_vpn3[0].allowed_ips='192.168.76.0/24' uci set network.@wireguard_vpn3[0].route_allowed_ips='1' uci set network.@wireguard_vpn3[0].persistent_keepalive='25' uci set network.@wireguard_vpn3[0].endpoint_host='pivko.npau.ru' uci set network.@wireguard_vpn3[0].endpoint_port='23560' # VPN OFFICE REMOTE USERS uci set network.wg777=interface uci set network.wg777.proto='wireguard' uci set network.wg777.private_key='QCOLeGs/F2dBSCzW677Tb7b0H2vuEkZXFsSDl6ZSoGI=' uci set network.wg777.listen_port='27027' uci set network.wg777.addresses='10.14.0.1/24' uci add network wireguard_wg777 uci set network.@wireguard_wg777[0].description='julia' uci set network.@wireguard_wg777[0].route_allowed_ips='1' uci set network.@wireguard_wg777[0].persistent_keepalive='25' uci set network.@wireguard_wg777[0].public_key='tZvwcrN/wsxq8kTWKWnueoF0LFcSg6jppbtWWnObJzo=' uci set network.@wireguard_wg777[0].allowed_ips='10.14.0.2/32' uci set network.@wireguard_wg777[1]=wireguard_wg777 uci set network.@wireguard_wg777[1].description='julia-andorid' uci set network.@wireguard_wg777[1].route_allowed_ips='1' uci set network.@wireguard_wg777[1].persistent_keepalive='25' uci set network.@wireguard_wg777[1].public_key='wGgvktRg+mokhs3WQu5ou0IfLp11cWRQDq/0beEQHWE=' uci set network.@wireguard_wg777[1].allowed_ips='10.14.0.21/32' uci set network.@wireguard_wg777[2]=wireguard_wg777 uci set network.@wireguard_wg777[2].description='ksusha' uci set network.@wireguard_wg777[2].route_allowed_ips='1' uci set network.@wireguard_wg777[2].persistent_keepalive='25' uci set network.@wireguard_wg777[2].public_key='UUpi9cY9oETIlOYtKF4HI4+peLqrBjMmIMlH8yf0NR4=' uci set network.@wireguard_wg777[2].allowed_ips='10.14.0.3/32' uci set network.@wireguard_wg777[3]=wireguard_wg777 uci set network.@wireguard_wg777[3].description='ksusha-android' uci set network.@wireguard_wg777[3].route_allowed_ips='1' uci set network.@wireguard_wg777[3].persistent_keepalive='25' uci set network.@wireguard_wg777[3].public_key='W0ZPGHV+jybC6Kzr279+/L+2TVjCVm8v7tHZFE6vbX4=' uci set network.@wireguard_wg777[3].allowed_ips='10.14.0.22/32' uci set network.@wireguard_wg777[4]=wireguard_wg777 uci set network.@wireguard_wg777[4].description='dan' uci set network.@wireguard_wg777[4].route_allowed_ips='1' uci set network.@wireguard_wg777[4].persistent_keepalive='25' uci set network.@wireguard_wg777[4].public_key='0prJyJ5Up0hXuKorhMJakvOQK/583+w1yJTxvoz+GH0=' uci set network.@wireguard_wg777[4].allowed_ips='10.14.0.4/32' uci set network.@wireguard_wg777[5]=wireguard_wg777 uci set network.@wireguard_wg777[5].description='dan-android' uci set network.@wireguard_wg777[5].route_allowed_ips='1' uci set network.@wireguard_wg777[5].persistent_keepalive='25' uci set network.@wireguard_wg777[5].public_key='VGPLY5IB/Ml35UJwhAOdT54hH+obEXGfaDZvi1QMwkQ=' uci set network.@wireguard_wg777[5].allowed_ips='10.14.0.23/32' uci set network.@wireguard_wg777[6]=wireguard_wg777 uci set network.@wireguard_wg777[6].description='lev' uci set network.@wireguard_wg777[6].route_allowed_ips='1' uci set network.@wireguard_wg777[6].persistent_keepalive='25' uci set network.@wireguard_wg777[6].public_key='D2FU7Za9VLcHvh6gp+vqViSYsiZY4BOjleVzBm2gx0E=' uci set network.@wireguard_wg777[6].allowed_ips='10.14.0.5/32' uci set network.@wireguard_wg777[7]=wireguard_wg777 uci set network.@wireguard_wg777[7].description='lev-android' uci set network.@wireguard_wg777[7].route_allowed_ips='1' uci set network.@wireguard_wg777[7].persistent_keepalive='25' uci set network.@wireguard_wg777[7].public_key='LS2C/943tsBS0SdtU4aRCYJAFOfCW93hsNF+9WdwZSc=' uci set network.@wireguard_wg777[7].allowed_ips='10.14.0.27/32' uci set network.@wireguard_wg777[8]=wireguard_wg777 uci set network.@wireguard_wg777[8].description='natasha' uci set network.@wireguard_wg777[8].route_allowed_ips='1' uci set network.@wireguard_wg777[8].persistent_keepalive='25' uci set network.@wireguard_wg777[8].public_key='BAPSq8QDxVSRsB3jFDFlWygh3dXoWeBF0WkV6W7ljEk=' uci set network.@wireguard_wg777[8].allowed_ips='10.14.0.6/32' uci set network.@wireguard_wg777[9]=wireguard_wg777 uci set network.@wireguard_wg777[9].description='natasha-android' uci set network.@wireguard_wg777[9].route_allowed_ips='1' uci set network.@wireguard_wg777[9].persistent_keepalive='25' uci set network.@wireguard_wg777[9].public_key='CFH22K5ji7bDuhON2ELxVhn41bvJjy6aZC1nILNZeAg=' uci set network.@wireguard_wg777[9].allowed_ips='10.14.0.24/32' uci set network.@wireguard_wg777[10]=wireguard_wg777 uci set network.@wireguard_wg777[10].description='sia' uci set network.@wireguard_wg777[10].route_allowed_ips='1' uci set network.@wireguard_wg777[10].persistent_keepalive='25' uci set network.@wireguard_wg777[10].public_key='H4xEoK4mqf01i/8AAgkYbLAc0px7K/zoFk8gpkbqX3Q=' uci set network.@wireguard_wg777[10].allowed_ips='10.14.0.7/32' uci set network.@wireguard_wg777[11]=wireguard_wg777 uci set network.@wireguard_wg777[11].description='tonya' uci set network.@wireguard_wg777[11].route_allowed_ips='1' uci set network.@wireguard_wg777[11].persistent_keepalive='25' uci set network.@wireguard_wg777[11].public_key='5qgq0gGJ4xBcVLA3qU4oi7YmQMkdix62Br5NXvO0xGc=' uci set network.@wireguard_wg777[11].allowed_ips='10.14.0.8/32' uci set network.@wireguard_wg777[12]=wireguard_wg777 uci set network.@wireguard_wg777[12].description='lva-android' uci set network.@wireguard_wg777[12].route_allowed_ips='1' uci set network.@wireguard_wg777[12].persistent_keepalive='25' uci set network.@wireguard_wg777[12].public_key='heWrgu7oPmpYIqT0WbziNZ0tZUFTOp7rPCz7Su8yM3g=' uci set network.@wireguard_wg777[12].allowed_ips='10.14.0.25/32' # VPN ANTIZAPRET uci set network.wg0=interface uci set network.wg0.proto='wireguard' uci set network.wg0.listen_port='51820' uci set network.wg0.private_key='WFmfbE7X7MJ/769Ifd9ENEgkyzuWJItKErOht4X3iG8=' uci set network.wg0.addresses='192.168.100.2/24' uci add network wireguard_wg0 uci set network.@wireguard_wg0[0].name='wg0_client' uci set network.@wireguard_wg0[0].route_allowed_ips='0' uci set network.@wireguard_wg0[0].persistent_keepalive='25' uci set network.@wireguard_wg0[0].allowed_ips='0.0.0.0/0' uci set network.@wireguard_wg0[0].endpoint_host='88.210.11.80' uci set network.@wireguard_wg0[0].endpoint_port='51820' uci set network.@wireguard_wg0[0].public_key='E/3AhjY3/nteAEy7uPR72kKbXwyJL3ANEhsEoMHP43o=' uci set network.@wireguard_wg0[0].preshared_key='tI8KGVUFcPRn0h9BPXlr8gccVJqsxAsXgZPTWHsnUDI=' uci commit network /etc/init.d/network restart # Configure firewall uci set firewall.@defaults[0].drop_invalid='1' uci set firewall.@defaults[0].synflood_protect='1' # ADD ZONES uci add firewall zone uci set firewall.@zone[-1].name='vpn0' uci set firewall.@zone[-1].input='ACCEPT' uci set firewall.@zone[-1].forward='ACCEPT' uci set firewall.@zone[-1].device='vpn0' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].network='vpn0' uci add firewall zone uci set firewall.@zone[-1].name='vpn1' uci set firewall.@zone[-1].input='ACCEPT' uci set firewall.@zone[-1].forward='ACCEPT' uci set firewall.@zone[-1].device='vpn1' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].network='vpn1' uci add firewall zone uci set firewall.@zone[-1].name='vpn2' uci set firewall.@zone[-1].input='ACCEPT' uci set firewall.@zone[-1].forward='ACCEPT' uci set firewall.@zone[-1].device='vpn2' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].network='vpn2' uci add firewall zone uci set firewall.@zone[-1].name='vpn3' uci set firewall.@zone[-1].input='ACCEPT' uci set firewall.@zone[-1].forward='ACCEPT' uci set firewall.@zone[-1].device='vpn3' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].network='vpn3' uci add firewall zone uci set firewall.@zone[-1].name='wg777' uci set firewall.@zone[-1].input='ACCEPT' uci set firewall.@zone[-1].forward='ACCEPT' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].network='wg777' uci add firewall zone uci set firewall.@zone[-1].name='wg' uci set firewall.@zone[-1].family='ipv4' uci set firewall.@zone[-1].masq='1' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].forward='REJECT' uci set firewall.@zone[-1].input='REJECT' uci set firewall.@zone[-1].mtu_fix='1' uci set firewall.@zone[-1].network='wg0' # ADD RULES uci add firewall rule uci set firewall.@rule[-1].target='ACCEPT' uci set firewall.@rule[-1].src='wan' uci set firewall.@rule[-1].proto='tcp udp' uci set firewall.@rule[-1].dest_port='5001' uci set firewall.@rule[-1].name='iperf ' uci add firewall rule uci set firewall.@rule[-1].target='ACCEPT' uci set firewall.@rule[-1].proto='udp' uci set firewall.@rule[-1].dest_port='23555' uci set firewall.@rule[-1].name='Allow-Baumana-Elmash-Inbound' uci set firewall.@rule[-1].src='wan' uci add firewall rule uci set firewall.@rule[-1].target='ACCEPT' uci set firewall.@rule[-1].proto='udp' uci set firewall.@rule[-1].dest_port='23556' uci set firewall.@rule[-1].name='Allow-Elmash-Aramil-Inbound' uci set firewall.@rule[-1].src='wan' uci add firewall rule uci set firewall.@rule[-1].target='ACCEPT' uci set firewall.@rule[-1].proto='udp' uci set firewall.@rule[-1].dest_port='23559' uci set firewall.@rule[-1].name='Allow-Elmash-Olga-Inbound' uci set firewall.@rule[-1].src='wan' uci add firewall rule uci set firewall.@rule[-1].target='ACCEPT' uci set firewall.@rule[-1].proto='udp' uci set firewall.@rule[-1].dest_port='51820' uci set firewall.@rule[-1].name='Allow-Wireguard-Hetzner' uci set firewall.@rule[-1].src='wan' uci add firewall rule uci set firewall.@rule[-1].target='ACCEPT' uci set firewall.@rule[-1].proto='udp' uci set firewall.@rule[-1].dest_port='26261' uci set firewall.@rule[-1].name='Allow-Wireguard-VPS' uci set firewall.@rule[-1].src='wan' uci add firewall rule uci set firewall.@rule[-1].target='ACCEPT' uci set firewall.@rule[-1].proto='udp' uci set firewall.@rule[-1].dest_port='23560' uci set firewall.@rule[-1].name='Allow-Elmash-Pivko-Inbound' uci set firewall.@rule[-1].src='wan' uci add firewall rule uci set firewall.@rule[-1].target='ACCEPT' uci set firewall.@rule[-1].proto='udp' uci set firewall.@rule[-1].dest_port='27027' uci set firewall.@rule[-1].src='wan' uci set firewall.@rule[-1].name='Allow-Remote-Jurists-Inbound' #ADD IPSET uci add firewall ipset uci set firewall.@ipset[-1].name='vpn_domains' uci set firewall.@ipset[-1].match='dst_net' #ADD MARK uci add firewall rule uci set firewall.@rule[-1]=rule uci set firewall.@rule[-1].name='mark_domains' uci set firewall.@rule[-1].src='lan' uci set firewall.@rule[-1].dest='*' uci set firewall.@rule[-1].proto='all' uci set firewall.@rule[-1].ipset='vpn_domains' uci set firewall.@rule[-1].set_mark='0x1' uci set firewall.@rule[-1].target='MARK' uci set firewall.@rule[-1].family='ipv4' # ADD REDIRECT uci add firewall redirect uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].proto='tcp' uci set firewall.@redirect[-1].src_dport='5222' uci set firewall.@redirect[-1].dest_port='5222' uci set firewall.@redirect[-1].name='jabber1' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci add firewall redirect uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].proto='tcp' uci set firewall.@redirect[-1].src_dport='5223' uci set firewall.@redirect[-1].dest_port='5223' uci set firewall.@redirect[-1].name='jabber2' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci add firewall redirect uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].proto='tcp' uci set firewall.@redirect[-1].src_dport='5269' uci set firewall.@redirect[-1].dest_port='5269' uci set firewall.@redirect[-1].name='jabber3' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci add firewall redirect uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].proto='tcp' uci set firewall.@redirect[-1].src_dport='5280' uci set firewall.@redirect[-1].dest_port='5280' uci set firewall.@redirect[-1].name='jabber4' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci add firewall redirect uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].proto='tcp' uci set firewall.@redirect[-1].src_dport='5443' uci set firewall.@redirect[-1].dest_port='5443' uci set firewall.@redirect[-1].name='jabber5' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci add firewall redirect uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].proto='udp' uci set firewall.@redirect[-1].dest_ip='192.168.77.3' uci set firewall.@redirect[-1].name='rtp' uci set firewall.@redirect[-1].src_dport='10000-20000' uci set firewall.@redirect[-1].dest_port='10000-20000' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].name='stunt' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='3478' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].name='stunts' uci set firewall.@redirect[-1].proto='tcp' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='5349' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].name='turn' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='3478' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].name='turns' uci set firewall.@redirect[-1].proto='tcp' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='5349' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].name='ejabb-stunt' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='49152-65535' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='80' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci set firewall.@redirect[-1].dest_port='5280' uci set firewall.@redirect[-1].name='acme_ejabberd_http' uci set firewall.@redirect[-1].enabled='0' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].proto='udp' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='49152-65535' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci set firewall.@redirect[-1].dest_port='49152-65535' uci set firewall.@redirect[-1].name='stun_udp_RANGE' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].name='stun_tcp_RANGE' uci set firewall.@redirect[-1].proto='tcp' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='49152-65535' uci set firewall.@redirect[-1].dest_ip='192.168.77.2' uci set firewall.@redirect[-1].dest_port='49152-65535' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].name='NPM-80' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='80' uci set firewall.@redirect[-1].dest_ip='192.168.77.191' uci set firewall.@redirect[-1].dest_port='80' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].name='NPM-443' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='443' uci set firewall.@redirect[-1].dest_ip='192.168.77.191' uci set firewall.@redirect[-1].dest_port='443' uci add firewall redirect uci set firewall.@redirect[-1].dest='lan' uci set firewall.@redirect[-1].target='DNAT' uci set firewall.@redirect[-1].name='gitea_SSH' uci set firewall.@redirect[-1].src='wan' uci set firewall.@redirect[-1].src_dport='2222' uci set firewall.@redirect[-1].dest_ip='192.168.77.193' uci set firewall.@redirect[-1].dest_port='22' # ADD FORWARD ZONES uci add firewall forwarding uci set firewall.@forwarding[-1].dest='lan' uci set firewall.@forwarding[-1].src='vpn0' uci add firewall forwarding uci set firewall.@forwarding[-1].dest='vpn0' uci set firewall.@forwarding[-1].src='lan' uci add firewall forwarding uci set firewall.@forwarding[-1].dest='lan' uci set firewall.@forwarding[-1].src='vpn1' uci add firewall forwarding uci set firewall.@forwarding[-1].dest='vpn1' uci set firewall.@forwarding[-1].src='lan' uci add firewall forwarding uci set firewall.@forwarding[-1].src='vpn2' uci set firewall.@forwarding[-1].dest='lan' uci add firewall forwarding uci set firewall.@forwarding[-1].src='lan' uci set firewall.@forwarding[-1].dest='vpn2' uci add firewall forwarding uci set firewall.@forwarding[-1].dest='lan' uci set firewall.@forwarding[-1].src='vpn3' uci add firewall forwarding uci set firewall.@forwarding[-1].dest='vpn3' uci set firewall.@forwarding[-1].src='lan' uci add firewall forwarding uci set firewall.@forwarding[-1].src='wg777' uci set firewall.@forwarding[-1].dest='wan' uci add firewall forwarding uci set firewall.@forwarding[-1].src='wan' uci set firewall.@forwarding[-1].dest='wg777' uci add firewall forwarding uci set firewall.@forwarding[-1].dest='lan' uci set firewall.@forwarding[-1].src='wg777' uci add firewall forwarding uci set firewall.@forwarding[-1].dest='wg777' uci set firewall.@forwarding[-1].src='lan' uci add firewall forwarding uci set firewall.@forwarding[-1].family='ipv4' uci set firewall.@forwarding[-1].src='lan' uci set firewall.@forwarding[-1].dest='wg' uci commit firewall /etc/init.d/firewall restart echo "All done"