# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# shellcheck disable=SC1091 # somewhat dynamic
set -e; . /usr/local/lib/bash-bear; set +e
ssid=${rssid[$h]}
fi
-: ${ssid:=librecmc}
+: "${ssid:=librecmc}"
if $secrets; then
esac
{
+ # shellcheck source=/p/c/cmc-firewall-data
. /root/cmc-firewall-data
+ # sets $http_ip
+ # shellcheck source=/p/c/cmc-firewall-data-http
+ . /root/cmc-firewall-data-http
cat <<EOF
+config redirect
+ option name http
+ option src wan
+ option src_dport 80
+ option dest lan
+ option dest_ip $l.$http_ip
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 80
+ option proto tcp
+
+config redirect
+ option name https
+ option src wan
+ option src_dport 443
+ option dest lan
+ option dest_ip $l.$http_ip
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 443
+ option proto tcp
+
+
## begin no external dns for ziva
config rule
option src lan
# option target ACCEPT
# option dest_port 8000
-config redirect
- option name http
- option src wan
- option src_dport 80
- option dest lan
- option dest_ip $l.2
- option proto tcp
-config rule
- option src wan
- option target ACCEPT
- option dest_port 80
- option proto tcp
-
-config redirect
- option name https
- option src wan
- option src_dport 443
- option dest lan
- option dest_ip $l.2
- option proto tcp
-config rule
- option src wan
- option target ACCEPT
- option dest_port 443
- option proto tcp
# config redirect
# option name httpskd8448
qname-minimisation: yes
rrset-roundrobin: yes
use-caps-for-id: yes
-do-ip6: no
+do-ip6: yes
private-domain: b8.nz
local-zone: "10.in-addr.arpa." transparent
access-control-view: 10.2.0.31/32 "youtube"
{
+ # shellcheck source=/p/c/ptr-data
. /root/ptr-data
cat <<EOF
{
# generated with host-info-update
+ # shellcheck source=/p/c/dnsmasq-data
. /root/dnsmasq-data
cat <<EOF
# no dns