#!/bin/sh /etc/rc.common

START=01
USE_PROCD=1
EXTRA_COMMANDS="setup"

boot()
{
    uci get network.phantap &>/dev/null || setup
    # prevent leaks
    ebtables -t filter -N phantap-drop -P RETURN
    ebtables -t filter -A phantap-drop -j DROP
    ebtables -t filter -A OUTPUT --logical-out br-phantap -j phantap-drop
}

start_service()
{
    procd_open_instance "phantap"
    procd_set_param command /usr/bin/phantap
    procd_set_param stdout 1
    procd_set_param stderr 1
    procd_close_instance
}

setup() {

uci set system.ntp.enabled=0
uci set system.ntp.server=''

np=network.phantap
uci batch <<EOF
set $np=interface
set $np.type='bridge'
set $np.proto='static'
set $np.ipaddr='169.254.66.100'
set $np.netmask='255.255.255.254'
set $np.gateway='169.254.66.101'
set $np.dns=''
set $np.ifname=''
set $np.ipv6='0'
EOF
echo "Get the interface names from the device"
echo "If the interfaces are part of a bridge already, remove them from the bridge"
echo "Add the interfaces to the phantap bridge, for example (assuming eth0 and eth1 are used)"
echo "uci set network.phantap.ifname='eth0 eth1'"
echo "uci commit network"
echo "/etc/init.d/network reload"

fp=firewall.phantapz
uci batch <<EOF
set $fp=zone
set $fp.name='phantap'
set $fp.input='DROP'
set $fp.output='ACCEPT'
set $fp.forward='ACCEPT'
set $fp.network='phantap'
EOF

fp=firewall.phantapi
uci batch <<EOF
set $fp=include
set $fp.path='/tmp/phantap.firewall'
set $fp.reload=1
EOF

dp=dhcp.phantap
uci batch <<EOF
set $dp=dhcp
set $dp.interface='phantap'
set $dp.ignore='1'
EOF

uci commit

}
