improvements

[automated-distro-installer] / wrt-setup-local

diff --git a/wrt-setup-local b/wrt-setup-local
index 527e4a8e72dab75f1252662f93a2087ea5bab763..11c932708bc98e0f5a30f5a6dd83573ae1a3117e 100755 (executable)
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -15,6 +15,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
+# shellcheck disable=SC1091 # somewhat dynamic
 
 set -e; . /usr/local/lib/bash-bear; set +e
 
@@ -234,7 +235,7 @@ elif $secrets; then
   ssid=${rssid[$h]}
 fi
 
-: ${ssid:=librecmc}
+: "${ssid:=librecmc}"
 
 
 if $secrets; then
@@ -617,8 +618,39 @@ EOF
 esac
 
 {
-  /root/cmc-firewall-data
+  # shellcheck source=/p/c/cmc-firewall-data
+  . /root/cmc-firewall-data
+  # sets $http_ip
+  # shellcheck source=/p/c/cmc-firewall-data-http
+  . /root/cmc-firewall-data-http
   cat <<EOF
+config redirect
+ option name http
+ option src              wan
+ option src_dport        80
+ option dest             lan
+ option dest_ip          $l.$http_ip
+ option proto            tcp
+config rule
+ option src              wan
+ option target           ACCEPT
+ option dest_port        80
+ option proto            tcp
+
+config redirect
+ option name https
+ option src              wan
+ option src_dport        443
+ option dest             lan
+ option dest_ip          $l.$http_ip
+ option proto            tcp
+config rule
+ option src              wan
+ option target           ACCEPT
+ option dest_port        443
+ option proto            tcp
+
+
 ## begin no external dns for ziva
 config rule
  option src  lan
@@ -786,31 +818,6 @@ config rule
 #  option target           ACCEPT
 #  option dest_port        8000
 
-config redirect
- option name http
- option src              wan
- option src_dport        80
- option dest             lan
- option dest_ip          $l.7
- option proto            tcp
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        80
- option proto            tcp
-
-config redirect
- option name https
- option src              wan
- option src_dport        443
- option dest             lan
- option dest_ip          $l.7
- option proto            tcp
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        443
- option proto            tcp
 
 # config redirect
 # option name httpskd8448
@@ -1002,7 +1009,7 @@ prefetch: yes
 qname-minimisation: yes
 rrset-roundrobin: yes
 use-caps-for-id: yes
-do-ip6: no
+do-ip6: yes
 private-domain: b8.nz
 local-zone: "10.in-addr.arpa." transparent
 access-control-view: 10.2.0.31/32 "youtube"
@@ -1032,7 +1039,8 @@ EOF
 
 
   {
-    /root/ptr-data
+    # shellcheck source=/p/c/ptr-data
+    . /root/ptr-data
     cat  <<EOF
 
 local-data-ptr: "10.2.0.1 cmc.b8.nz"
@@ -1110,7 +1118,8 @@ mkdir -p /mnt/usb/tftpboot
 
 {
   # generated with host-info-update
-  /root/dnsmasq-data
+  # shellcheck source=/p/c/dnsmasq-data
+  . /root/dnsmasq-data
   cat <<EOF
 # no dns
 port=0