#/bin/sh

set -e

main() {
    # Update default firewall ruleset
    uci add firewall rule
    uci set firewall.@rule[-1].name='Allow SSH on WAN'
    uci set firewall.@rule[-1].src='wan'
    uci set firewall.@rule[-1].proto='tcp'
    uci set firewall.@rule[-1].dest_port='22'
    uci set firewall.@rule[-1].target='ACCEPT'

    uci add firewall rule
    uci set firewall.@rule[-1].name='Allow HTTP on WAN'
    uci set firewall.@rule[-1].src='wan'
    uci set firewall.@rule[-1].proto='tcp'
    uci set firewall.@rule[-1].dest_port='80'
    uci set firewall.@rule[-1].target='ACCEPT'

    uci add firewall rule
    uci set firewall.@rule[-1].name='Allow HTTPS on WAN'
    uci set firewall.@rule[-1].src='wan'
    uci set firewall.@rule[-1].proto='tcp'
    uci set firewall.@rule[-1].dest_port='443'
    uci set firewall.@rule[-1].target='ACCEPT'

    uci commit firewall
    
    # Disable DNS-rebind protection
    uci set dhcp.@dnsmasq[0].rebind_protection='0'
    uci commit dhcp

    reload_config
}

main