From 1013dcb148154f775e8f5ef9f6a24192d0af87ec Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Thu, 16 Dec 2021 20:01:57 +0100
Subject: [PATCH] gluon-ebtables-filter-ra-dhcp: disable DHCPv4 filter when
 gw_mode == 'server' (#2324)

In meshes without VPN or supernodes, it may be desirable to connect a
router providing IPv4 addresses directly to a regular Gluon node. For
this to work, it was necessary to remove the gluon-ebtables-filter-ra-dhcp
package from the node, so the autoupdater also needed to be disabled.

To avoid this, make gluon-ebtables-filter-ra-dhcp disable the DHCPv4
filter rules when gw_mode is set to 'server'.

No solution is provided for RA/DHCPv6, but this seems less pressing for
local meshes, as nodes can already provide working IPv6 connectivity
by themselves through gluon-radvd.
---
 .../luasrc/lib/gluon/ebtables/200-dir-dhcpv4       | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/package/gluon-ebtables-filter-ra-dhcp/luasrc/lib/gluon/ebtables/200-dir-dhcpv4 b/package/gluon-ebtables-filter-ra-dhcp/luasrc/lib/gluon/ebtables/200-dir-dhcpv4
index ec56ff1d7..87b4bd7f9 100644
--- a/package/gluon-ebtables-filter-ra-dhcp/luasrc/lib/gluon/ebtables/200-dir-dhcpv4
+++ b/package/gluon-ebtables-filter-ra-dhcp/luasrc/lib/gluon/ebtables/200-dir-dhcpv4
@@ -1,5 +1,11 @@
-rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY'
-rule 'OUTPUT -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY'
+local uci = require('simple-uci').cursor()
 
-rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY'
-rule 'INPUT -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY'
+local gw_mode = uci:get('network', 'gluon_bat0', 'gw_mode')
+
+if gw_mode ~= 'server' then
+	rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY'
+	rule 'OUTPUT -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY'
+
+	rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY'
+	rule 'INPUT -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY'
+end
-- 
GitLab