#!/bin/sh
. /etc/functions.sh

WAN=$(nvram get wan_ifname)
WIFI=$(nvram get wifi_ifname)
LAN=$(nvram get lan_ifname)

IPT=/usr/sbin/iptables

for T in filter nat mangle ; do
  $IPT -t $T -F
  $IPT -t $T -X
done

echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "1" > /proc/sys/net/ipv4/ip_forward

$IPT -P INPUT ACCEPT
$IPT -F INPUT 

$IPT -P OUTPUT ACCEPT
$IPT -F OUTPUT 

$IPT -P FORWARD DROP
$IPT -F FORWARD 

$IPT -t nat -F

$IPT -A FORWARD -i $WAN -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $WAN -o $WIFI -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $WIFI -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $LAN -o $WAN -j ACCEPT
$IPT -A FORWARD -i $WIFI -o $WAN -j ACCEPT
$IPT -A FORWARD -i $LAN -o $WIFI -j ACCEPT
#$IPT -A FORWARD -i $WIFI -o $WIFI -j ACCEPT
#$IPT -A FORWARD -j LOG

$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE
$IPT -t nat -A POSTROUTING -o $WIFI -j MASQUERADE