inteno-netmodes: common package for brcm and mtk

inteno-netmodes/files/etc/hotplug.d/iface/01-repeater-mode-firewall-handler

@@ -0,0 +1,39 @@
+[ "$INTERFACE" != "wan" ] && exit
+ip="$(ip a show $DEVICE | awk '/inet / {print $2; exit}')"
+ip="${ip%%/*}"
+
+[ -z "$ip" ] && exit
+
+handle_rule() {
+	local name enabled
+	enabled=$2
+	config_get name $1 name
+	if [ "$name" == "Repeater-Management" ]; then
+		uci set firewall.$1.enabled="$enabled"
+		uci commit firewall
+	fi
+}
+
+set_enabled() {
+	local enabled=$1
+	config_load firewall
+	config_foreach handle_rule rule $enabled
+}
+
+test_ip() {
+	if [ -n "$(echo $ip | grep -E '^(192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)')" ]; then
+		set_enabled 1
+	else
+		set_enabled 0
+	fi
+}
+	
+
+case "$(uci -q get netmode.setup.curmode)" in
+                repeater*)
+			test_ip
+                ;;
+                *)
+			exit
+                ;;
+esac

inteno-netmodes/files/etc/hotplug.d/net/80-repeater

@@ -3,24 +3,38 @@
 . /lib/functions.sh
 include /lib/network
 
-[ "$INTERFACE" != "$(uci get layer2_interface_ethernet.Wan.ifname)" ] && exit
+ps | grep hotplug | grep button && exit
+
+MTK=0
+[ "$(db -q get hw.board.hardware)" == "EX400" ] && MTK=1
+
+WANDEV="$(uci get layer2_interface_ethernet.Wan.ifname)"
+[ $MTK -eq 1 ] && WANDEV="eth0.2"
+
+[ "$INTERFACE" != "$WANDEV" ] && exit
+
+defroute=$(ip route | grep default | awk '{print$3}')
 
 case "$(uci get netmode.setup.curmode)" in
-		repeater|repeater_dualdown) echo "Preparing to switch mode" ;;
-		*) exit ;;
+		repeater*)
+			echo "Preparing to switch mode"
+		;;
+		*)
+			ping -c 1 -w 5 $defroute >/dev/null 2>&1 || killall -USR1 udhcpc
+			exit
+		;;
 esac
 
 get_wifi_wet_interface() {
-#	handle_interface() {
-#		config_get mode "$1" mode
-#		if [ "$mode" == "wet" ] ; then
-#			config_get ifname "$1" ifname
-#			echo "$ifname"
-#		fi
-#	}
-#	config_load wireless
-#	config_foreach handle_interface wifi-iface "$device"
-	echo "wl1"
+	handle_interface() {
+		config_get mode "$1" mode
+		if [ "$mode" == "sta" -o "$mode" == "wet" ] ; then
+			config_get ifname "$1" ifname
+			echo "$ifname"
+		fi
+	}
+	config_load wireless
+	config_foreach handle_interface wifi-iface "$device"
 }
 
 get_wifi_iface_cfgstr() {
@@ -32,39 +46,44 @@ get_wifi_iface_cfgstr() {
 	config_foreach get_cfgno wifi-iface $1 $2
 }
 
+link=$(cat /sys/class/net/${WANDEV:0:4}/operstate)
+[ $MTK -eq 1 ] && link=$(swconfig dev switch0 port 0 get link | awk '{print$2}' | cut -d':' -f2)
+
 case "$ACTION" in
 	add|register)
+		[ "$link" == "down" ] && return
 		echo "Autoswitch to Extender mode" > /dev/console
 		sleep 2
+		wetif="$(get_wifi_wet_interface)"
 		# remove wifi client interface
 		case "$(uci get netmode.setup.curmode)" in
-			repeater_dualdown)
-				uci -q set $(get_wifi_iface_cfgstr $(get_wifi_wet_interface)).disabled=1
-			;;
-			repeater)
-				uci -q set $(get_wifi_iface_cfgstr $(get_wifi_wet_interface)).mode=ap
+			repeater*)
+				uci -q set $(get_wifi_iface_cfgstr $wetif).disabled=1
 			;;
 		esac
 		uci commit wireless
 		#add wan ethernet port
-		uci set network.wan.ifname="$(echo $(uci get layer2_interface_ethernet.Wan.ifname) $(uci get network.wan.ifname) | tr ' ' '\n' | sort -u | tr '\n' ' ')"
-		ubus call uci commit '{"config":"network"}'
+		uci set network.wan.ifname="$(echo $WANDEV $(uci get network.wan.ifname) | sed 's/$/ /' | sed -r "s/$wetif //g" | tr ' ' '\n' | sort -u | tr '\n' ' ')"
+		uci commit network
+		ubus call network reload
+		ping -c 1 -w 10 $defroute >/dev/null 2>&1 || killall -USR1 udhcpc
 	;;
 	remove|unregister)
+		[ "$link" == "up" ] && return
 		echo "Autoswitch to Repeater mode" > /dev/console
 		sleep 2
+		wetif="$(get_wifi_wet_interface)"
 		# add wifi client interface
 		case "$(uci get netmode.setup.curmode)" in
-			repeater_dualdown)
-				uci -q set $(get_wifi_iface_cfgstr $(get_wifi_wet_interface)).disabled=0
-			;;
-			repeater)
-				uci -q set $(get_wifi_iface_cfgstr $(get_wifi_wet_interface)).mode=wet
+			repeater*)
+				uci -q set $(get_wifi_iface_cfgstr $wetif).disabled=0
 			;;
 		esac
 		uci commit wireless
 		#remove wan ethernet port
-		uci set network.wan.ifname="$(uci get network.wan.ifname | sed 's/$/ /' | sed -r "s/`uci get layer2_interface_ethernet.Wan.ifname` //g")"
-		ubus call uci commit '{"config":"network"}'
+		uci set network.wan.ifname="$(echo $wetif $(uci get network.wan.ifname) | sed 's/$/ /' | sed -r "s/$WANDEV //g" | tr ' ' '\n' | sort -u | tr '\n' ' ')"
+		uci commit network
+		ubus call network reload
+		ping -c 1 -w 10 $defroute >/dev/null 2>&1 || killall -USR1 udhcpc
 	;;
 esac

inteno-netmodes/files/etc/init.d/netmode

@@ -72,7 +72,7 @@ populate_netmodes() {
 
 			case "$mode" in
 				repeater*)
-					wlctl -i wl1 ap >/dev/null 2>&1 || continue
+					wlctl -i wl1 ap >/dev/null 2>&1 || ifconfig rai0 2>/dev/null | grep -q rai0 || continue
 				;;
 			esac
 
@@ -137,6 +137,8 @@ populate_netmodes() {
 
 			json_get_var cred credentials
 			uci -q set netmode.$mode.askcred="$cred"
+			json_get_var ulb uplink_band
+			uci -q set netmode.$mode.uplink_band="$ulb"
 			json_get_var reboot reboot
 			uci -q set netmode.$mode.reboot="$reboot"
 	done
@@ -154,8 +156,17 @@ switch_netmode() {
 	rm -f /etc/config/DETAILS
 	sync
 	local reboot=$(uci -q get netmode.$curmode.reboot)
+	local askcred=$(uci -q get netmode.$curmode.askcred)
 	if [ "$reboot" == "0" ]; then
 		/etc/init.d/enviroment reload
+		if [ "$askcred" == "1" -a -f /tmp/wifi_imported_credentials ]; then
+			wifi import "$(cat /tmp/wifi_imported_credentials)"
+			rm -f /tmp/wifi_imported_credentials
+			ubus call network reload
+			wifi reload nodat
+			sleep 5
+			ubus call router.network reload
+		fi
 	else
 		reboot &
 	fi
@@ -167,6 +178,10 @@ start_service() {
 
 reload_service() {
         switch_netmode
+
+	# set default JUCI page to overview
+	uci -q set juci.juci.homepage="overview"
+	uci commit juci
 }
 
 service_triggers()

inteno-netmodes/files/etc/netmodes/bridged/layer2_interface_adsl

@@ -1,23 +0,0 @@
-
-config atm_bridge
-        option link_type 'EoA'
-        option encapseoa 'llcsnap_eth'
-        option unit '0'
-        option ifname 'atm0.1'
-        option baseifname 'atm0'
-        option atmtype 'ubr'
-        option name 'atm_inet'
-        option vpi '8'
-        option vci '35'
-
-config atm_bridge
-        option link_type 'EoA'
-        option encapseoa 'llcsnap_eth'
-        option unit '1'
-        option ifname 'atm1.1'
-        option baseifname 'atm1'
-        option atmtype 'ubr'
-        option name 'atm_tv'
-        option vpi '8'
-        option vci '45'
-

inteno-netmodes/files/etc/netmodes/bridged/layer2_interface_vlan

@@ -1,18 +0,0 @@
-
-
-config 'vlan_interface'
-	option name 'eth_tv'
-	option ifname '$WAN.100'
-	option baseifname '$WAN'
-	option vlan8021q '100'
-	option vlan8021p '0'
-	option bridge '1'
-
-config 'vlan_interface'
-	option name 'vdsl_tv'
-	option ifname 'ptm0.100'
-	option baseifname 'ptm0'
-	option vlan8021q '100'
-	option vlan8021p '0'
-	option bridge '1'
-

inteno-netmodes/files/etc/netmodes/internet_iptv_voip/layer2_interface_adsl

@@ -1,34 +0,0 @@
-
-config atm_bridge
-        option link_type 'EoA'
-        option encapseoa 'llcsnap_eth'
-        option unit '0'
-        option ifname 'atm0.1'
-        option baseifname 'atm0'
-        option atmtype 'ubr'
-        option name 'atm_inet'
-        option vpi '8'
-        option vci '35'
-
-config atm_bridge
-        option link_type 'EoA'
-        option encapseoa 'llcsnap_eth'
-        option unit '1'
-        option ifname 'atm1.1'
-        option baseifname 'atm1'
-        option atmtype 'ubr'
-        option name 'atm_tv'
-        option vpi '8'
-        option vci '45'
-
-config atm_bridge
-        option link_type 'EoA'
-        option encapseoa 'llcsnap_eth'
-        option unit '1'
-        option ifname 'atm2.1'
-        option baseifname 'atm2'
-        option atmtype 'ubr'
-        option name 'atm_voip'
-        option vpi '8'
-        option vci '55'
-

inteno-netmodes/files/etc/netmodes/internet_iptv_voip/layer2_interface_ethernet

@@ -1,5 +0,0 @@
-config ethernet_interface 'Wan'
-        option baseifname '$WAN'
-        option ifname '$WAN.1'
-        option name 'WAN'
-

inteno-netmodes/files/etc/netmodes/internet_iptv_voip/layer2_interface_vdsl

@@ -1,9 +0,0 @@
-config vdsl_interface
-	option unit '0'
-	option ifname 'ptm0.1'
-	option baseifname 'ptm0'
-	option name 'VDSL2'
-	option dslat '1'
-	option ptmprio '1'
-	option ipqos '1'
-

inteno-netmodes/files/etc/netmodes/internet_iptv_voip/layer2_interface_vlan

@@ -1,32 +0,0 @@
-
-
-config 'vlan_interface'
-	option name 'eth_tv'
-	option ifname '$WAN.100'
-	option baseifname '$WAN'
-	option vlan8021q '100'
-	option vlan8021p '0'
-	option bridge '1'
-
-config 'vlan_interface'
-	option name 'eth_voip'
-	option ifname '$WAN.200'
-	option baseifname '$WAN'
-	option vlan8021q '200'
-	option vlan8021p '0'
-
-config 'vlan_interface'
-	option name 'vdsl_tv'
-	option ifname 'ptm0.100'
-	option baseifname 'ptm0'
-	option vlan8021q '100'
-	option vlan8021p '0'
-	option bridge '1'
-
-config 'vlan_interface'
-	option name 'vdsl_voip'
-	option ifname 'ptm0.200'
-	option baseifname 'ptm0'
-	option vlan8021q '200'
-	option vlan8021p '0'
-

inteno-netmodes/files/etc/netmodes/repeater_brcm_2g_up_5g_down/DETAILS

@@ -10,7 +10,8 @@
 	"excluded_boards" : [
 		"DG15*",
 		"DG40*",
-		"EG40*"
+		"EG40*",
+		"EX40*"
 	],
 	"acl" : [
 		"admin"

inteno-netmodes/files/etc/netmodes/repeater_brcm_2g_up_5g_down/network

@@ -9,8 +9,7 @@ config interface 'loopback'
 config interface 'wan'
 	option type 'bridge'
 	option proto 'dhcp'
-	option vendorid 'Inteno_Repeater_$MAC4'
-	option hostname 'Inteno_Repeater_$MAC4'
+	option hostname 'Inteno-$BSSID4'
 	option ifname '$WAN.1 $LAN1 $LAN2 $LAN3 $LAN4'
 	option reqopts '43'
 

inteno-netmodes/files/etc/netmodes/repeater_brcm_2g_up_dual_down/DETAILS

@@ -10,7 +10,8 @@
 	"excluded_boards" : [
 		"DG15*",
 		"DG40*",
-		"EG40*"
+		"EG40*",
+		"EX40*"
 	],
 	"acl" : [
 		"admin"

inteno-netmodes/files/etc/netmodes/repeater_brcm_2g_up_dual_down/network

@@ -9,8 +9,7 @@ config interface 'loopback'
 config interface 'wan'
 	option type 'bridge'
 	option proto 'dhcp'
-	option vendorid 'Inteno_Repeater_$MAC4'
-	option hostname 'Inteno_Repeater_$MAC4'
+	option hostname 'Inteno-$BSSID4'
 	option ifname '$WAN.1 $LAN1 $LAN2 $LAN3 $LAN4'
 	option reqopts '43'
 

inteno-netmodes/files/etc/netmodes/repeater_mtk_2g_up_dual_down/DETAILS

@@ -0,0 +1,16 @@
+{
+	"description": [
+		{ "en" : "Repeater 2.4▴▾2.4&5" },
+		{ "sv" : "Repeater 2.4▴▾2.4&5" }
+	],
+	"explanation": [
+		{ "en" : "Your router is going to act as a wired extender or wireless repeater to the selected Wireless Access Point. Uplink 2.4G & Downlink 2.4G + 5G" },
+		{ "sv" : "Routern kommer att fungera som en trådbunden extender eller trådlös repeater till den valda trådlösa åtkomstpunkten. Uplink 2.4G & Downlink 2.4G + 5G" }
+	],
+	"excluded_boards" : [
+		"*G*"
+	],
+	"uplink_band": 'b',
+	"credentials" : 1,
+	"reboot" : 0
+}

inteno-netmodes/files/etc/netmodes/repeater_mtk_2g_up_dual_down/firewall

@@ -0,0 +1,113 @@
+config settings 'settings'
+        option disabled '0'
+
+config defaults
+	option syn_flood	1
+	option input		ACCEPT
+	option output		ACCEPT
+	option forward		REJECT
+# Uncomment this line to disable ipv6 rules
+#	option disable_ipv6	1
+
+config zone
+	option name		wan
+	list   network		'wan'
+	option input		REJECT
+	option output		ACCEPT
+	option forward		REJECT
+	option masq		1
+	option mtu_fix		1
+
+# We need to accept udp packets on port 68,
+# see https://dev.openwrt.org/ticket/4108
+config rule
+	option name		Allow-DHCP-Renew
+	option src		wan
+	option proto		udp
+	option dest_port	68
+	option target		ACCEPT
+	option family		ipv4
+	option hidden		1
+
+config rule
+	option name		Repeater-Management
+	option src		wan
+	option proto		tcp
+	option dest_port	'22 80 8080 8181 9876'
+	option target		ACCEPT
+	option family		ipv4
+	option hidden		1
+
+# Allow IPv4 ping
+config rule
+	option name		Allow-Ping
+	option src		wan
+	option proto		icmp
+	option icmp_type	echo-request
+	option family		ipv4
+	option target		ACCEPT
+	option hidden		1
+
+# Allow DHCPv6 replies
+# see https://dev.openwrt.org/ticket/10381
+config rule
+	option name		Allow-DHCPv6
+	option src		wan
+	option proto		udp
+	option src_ip		fe80::/10
+	option src_port		547
+	option dest_ip		fe80::/10
+	option dest_port	546
+	option family		ipv6
+	option target		ACCEPT
+	option hidden		1
+
+# Allow essential incoming IPv6 ICMP traffic
+config rule
+	option name		Allow-ICMPv6-Input
+	option src		wan
+	option proto		icmp
+	list icmp_type		echo-request
+	list icmp_type		echo-reply
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	list icmp_type		router-solicitation
+	list icmp_type		neighbour-solicitation
+	list icmp_type		router-advertisement
+	list icmp_type		neighbour-advertisement
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
+	option hidden		1
+
+# Allow essential forwarded IPv6 ICMP traffic
+config rule
+	option name		Allow-ICMPv6-Forward
+	option src		wan
+	option dest		*
+	option proto		icmp
+	list icmp_type		echo-request
+	list icmp_type		echo-reply
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
+	option hidden		1
+
+# include a file with users custom iptables rules
+config include
+	option path /etc/firewall.user
+	option reload 1
+
+# include a file with rules for SIP and RTP traffic
+config include
+	option path /etc/firewall.sip
+	option reload 1
+

inteno-netmodes/files/etc/netmodes/repeater_mtk_2g_up_dual_down/network

@@ -0,0 +1,41 @@
+config interface 'loopback'
+	option ifname 'lo'
+	option proto 'static'
+	option ipaddr '127.0.0.1'
+	option netmask '255.0.0.0'
+
+config device 'lan_dev'
+	option name 'eth0.1'
+	option macaddr '$MACLAN'
+
+config interface 'wan'
+	option type 'bridge'
+	option ifname 'eth0.2 eth0.1'
+	option proto 'dhcp'
+	option hostname 'Inteno-$BSSID4'
+	option reqopts '66 67 128 224'
+	option igmp_snooping '0'
+
+config device 'wan_dev'
+	option name 'eth0.2'
+	option macaddr '$MACWAN'
+
+config interface 'wan6'
+	option ifname '@wan'
+	option proto 'dhcpv6'
+
+config switch
+	option name 'switch0'
+	option reset '1'
+	option enable_vlan '1'
+
+config switch_vlan
+	option device 'switch0'
+	option vlan '1'
+	option ports '1 6t'
+
+config switch_vlan
+	option device 'switch0'
+	option vlan '2'
+	option ports '0 5t'
+

inteno-netmodes/files/etc/netmodes/repeater_mtk_2g_up_dual_down/owsd

@@ -0,0 +1,39 @@
+config owsd 'global'
+	option sock '/var/run/ubus.sock'
+	option www '/www'
+	option redirect '/cgi-bin/luci:/cacheflush.html'
+
+config owsd-listen 'loopback'
+	option port '80'
+	option interface 'loopback'
+	option ipv6 'on'
+	list origin '*'
+
+config owsd-listen 'lan'
+	option port '80'
+	option interface 'lan'
+	option ipv6 'on'
+	option whitelist_interface_as_origin '1'
+	option whitelist_dhcp_domains '1'
+
+config owsd-listen 'wan'
+	option port '80'
+	option interface 'wan'
+	option ipv6 'on'
+	option whitelist_interface_as_origin '1'
+	list origin '*'
+
+config owsd-listen 'wan_8080'
+	option port '8080'
+	option interface 'wan'
+	option ipv6 'on'
+	option whitelist_interface_as_origin '1'
+	list origin '*'
+
+config owsd-listen 'wan_8181'
+	option port '8181'
+	option interface 'wan'
+	option ipv6 'on'
+	option whitelist_interface_as_origin '1'
+	list origin '*'
+

inteno-netmodes/files/etc/netmodes/repeater_mtk_2g_up_dual_down/wireless

@@ -0,0 +1,51 @@
+config wifi-status 'status'
+	option wlan '1'
+	option wps '1'
+	option sched_status '0'
+	option schedule '0'
+
+config wifi-device  ra0
+	option band b
+	option channel  1
+	option bandwidth '20'
+	option hwmode   11n
+	option htmode   HT20
+	option country 'DE'
+	option beamforming 0
+
+config wifi-iface
+	option device   ra0
+	option network  wan
+	option mode     ap
+	option ssid     Inteno-$BSSID4
+	option encryption psk2
+	option key      $WPAKEY
+	option ifname	ra0
+
+config wifi-device  rai0
+	option band a
+	option channel  36
+	option bandwidth '80'
+	option hwmode   11ac
+	option htmode   VHT80
+	option country 'DE'
+	option beamforming 0
+
+config wifi-iface
+	option device   rai0
+	option network  wan
+	option mode     ap
+	option ssid     Inteno-$BSSID4
+	option encryption psk2
+	option key      $WPAKEY
+	option ifname	rai0
+
+config wifi-iface
+	option device   ra0
+	option network  wan
+	option mode     wet
+	option ssid     Inteno-$BSSID4
+	option encryption psk2
+	option key      $WPAKEY
+	option ifname	apcli0
+

inteno-netmodes/files/etc/netmodes/repeater_mtk_5g_up_dual_down/DETAILS

@@ -0,0 +1,16 @@
+{
+	"description": [
+		{ "en" : "Repeater 5▴▾2.4&5" },
+		{ "sv" : "Repeater 5▴▾2.4&5" }
+	],
+	"explanation": [
+		{ "en" : "Your router is going to act as a wired extender or wireless repeater to the selected Wireless Access Point. Uplink 5G & Downlink 2.4G + 5G" },
+		{ "sv" : "Routern kommer att fungera som en trådbunden extender eller trådlös repeater till den valda trådlösa åtkomstpunkten. Uplink 5G & Downlink 2.4G + 5G" }
+	],
+	"excluded_boards" : [
+		"*G*"
+	],
+	"uplink_band": 'a',
+	"credentials" : 1,
+	"reboot" : 0
+}

inteno-netmodes/files/etc/netmodes/repeater_mtk_5g_up_dual_down/firewall

@@ -0,0 +1,113 @@
+config settings 'settings'
+        option disabled '0'
+
+config defaults
+	option syn_flood	1
+	option input		ACCEPT
+	option output		ACCEPT
+	option forward		REJECT
+# Uncomment this line to disable ipv6 rules
+#	option disable_ipv6	1
+
+config zone
+	option name		wan
+	list   network		'wan'
+	option input		REJECT
+	option output		ACCEPT
+	option forward		REJECT
+	option masq		1
+	option mtu_fix		1
+
+# We need to accept udp packets on port 68,
+# see https://dev.openwrt.org/ticket/4108
+config rule
+	option name		Allow-DHCP-Renew
+	option src		wan
+	option proto		udp
+	option dest_port	68
+	option target		ACCEPT
+	option family		ipv4
+	option hidden		1
+
+config rule
+	option name		Repeater-Management
+	option src		wan
+	option proto		tcp
+	option dest_port	'22 80 8080 8181 9876'
+	option target		ACCEPT
+	option family		ipv4
+	option hidden		1
+
+# Allow IPv4 ping
+config rule
+	option name		Allow-Ping
+	option src		wan
+	option proto		icmp
+	option icmp_type	echo-request
+	option family		ipv4
+	option target		ACCEPT
+	option hidden		1
+
+# Allow DHCPv6 replies
+# see https://dev.openwrt.org/ticket/10381
+config rule
+	option name		Allow-DHCPv6
+	option src		wan
+	option proto		udp
+	option src_ip		fe80::/10
+	option src_port		547
+	option dest_ip		fe80::/10
+	option dest_port	546
+	option family		ipv6
+	option target		ACCEPT
+	option hidden		1
+
+# Allow essential incoming IPv6 ICMP traffic
+config rule
+	option name		Allow-ICMPv6-Input
+	option src		wan
+	option proto		icmp
+	list icmp_type		echo-request
+	list icmp_type		echo-reply
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	list icmp_type		router-solicitation
+	list icmp_type		neighbour-solicitation
+	list icmp_type		router-advertisement
+	list icmp_type		neighbour-advertisement
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
+	option hidden		1
+
+# Allow essential forwarded IPv6 ICMP traffic
+config rule
+	option name		Allow-ICMPv6-Forward
+	option src		wan
+	option dest		*
+	option proto		icmp
+	list icmp_type		echo-request
+	list icmp_type		echo-reply
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
+	option hidden		1
+
+# include a file with users custom iptables rules
+config include
+	option path /etc/firewall.user
+	option reload 1
+
+# include a file with rules for SIP and RTP traffic
+config include
+	option path /etc/firewall.sip
+	option reload 1
+

inteno-netmodes/files/etc/netmodes/repeater_mtk_5g_up_dual_down/network

@@ -0,0 +1,41 @@
+config interface 'loopback'
+	option ifname 'lo'
+	option proto 'static'
+	option ipaddr '127.0.0.1'
+	option netmask '255.0.0.0'
+
+config device 'lan_dev'
+	option name 'eth0.1'
+	option macaddr '$MACLAN'
+
+config interface 'wan'
+	option type 'bridge'
+	option ifname 'eth0.2 eth0.1'
+	option proto 'dhcp'
+	option hostname 'Inteno-$BSSID4'
+	option reqopts '66 67 128 224'
+	option igmp_snooping '0'
+
+config device 'wan_dev'
+	option name 'eth0.2'
+	option macaddr '$MACWAN'
+
+config interface 'wan6'
+	option ifname '@wan'
+	option proto 'dhcpv6'
+
+config switch
+	option name 'switch0'
+	option reset '1'
+	option enable_vlan '1'
+
+config switch_vlan
+	option device 'switch0'
+	option vlan '1'
+	option ports '1 6t'
+
+config switch_vlan
+	option device 'switch0'
+	option vlan '2'
+	option ports '0 5t'
+

inteno-netmodes/files/etc/netmodes/repeater_mtk_5g_up_dual_down/owsd

@@ -0,0 +1,39 @@
+config owsd 'global'
+	option sock '/var/run/ubus.sock'
+	option www '/www'
+	option redirect '/cgi-bin/luci:/cacheflush.html'
+
+config owsd-listen 'loopback'
+	option port '80'
+	option interface 'loopback'
+	option ipv6 'on'
+	list origin '*'
+
+config owsd-listen 'lan'
+	option port '80'
+	option interface 'lan'
+	option ipv6 'on'
+	option whitelist_interface_as_origin '1'
+	option whitelist_dhcp_domains '1'
+
+config owsd-listen 'wan'
+	option port '80'
+	option interface 'wan'
+	option ipv6 'on'
+	option whitelist_interface_as_origin '1'
+	list origin '*'
+
+config owsd-listen 'wan_8080'
+	option port '8080'
+	option interface 'wan'
+	option ipv6 'on'
+	option whitelist_interface_as_origin '1'
+	list origin '*'
+
+config owsd-listen 'wan_8181'
+	option port '8181'
+	option interface 'wan'
+	option ipv6 'on'
+	option whitelist_interface_as_origin '1'
+	list origin '*'
+

inteno-netmodes/files/etc/netmodes/repeater_mtk_5g_up_dual_down/wireless

@@ -0,0 +1,51 @@
+config wifi-status 'status'
+	option wlan '1'
+	option wps '1'
+	option sched_status '0'
+	option schedule '0'
+
+config wifi-device  ra0
+	option band b
+	option channel  1
+	option bandwidth '20'
+	option hwmode   11n
+	option htmode   HT20
+	option country 'DE'
+	option beamforming 0
+
+config wifi-iface
+	option device   ra0
+	option network  wan
+	option mode     ap
+	option ssid     Inteno-$BSSID4
+	option encryption psk2
+	option key      $WPAKEY
+	option ifname	ra0
+
+config wifi-device  rai0
+	option band a
+	option channel  36
+	option bandwidth '80'
+	option hwmode   11ac
+	option htmode   VHT80
+	option country 'DE'
+	option beamforming 0
+
+config wifi-iface
+	option device   rai0
+	option network  wan
+	option mode     ap
+	option ssid     Inteno-$BSSID4
+	option encryption psk2
+	option key      $WPAKEY
+	option ifname	rai0
+
+config wifi-iface
+	option device   rai0
+	option network  wan
+	option mode     wet
+	option ssid     Inteno-$BSSID4
+	option encryption psk2
+	option key      $WPAKEY
+	option ifname	apclii0
+

inteno-netmodes/files/etc/netmodes/routed/layer2_interface_ethernet

@@ -1,5 +0,0 @@
-config ethernet_interface 'Wan'
-        option baseifname '$WAN'
-        option ifname '$WAN.1'
-        option name 'WAN'
-

inteno-netmodes/files/etc/netmodes/routed/layer2_interface_vdsl

@@ -1,9 +0,0 @@
-config vdsl_interface
-	option unit '0'
-	option ifname 'ptm0.1'
-	option baseifname 'ptm0'
-	option name 'VDSL2'
-	option dslat '1'
-	option ptmprio '1'
-	option ipqos '1'
-

inteno-netmodes/files/etc/netmodes/routed_brcm/DETAILS

@@ -0,0 +1,15 @@
+{
+	"description": [
+		{ "en" : "Fully Routed (NAT)" },
+		{ "sv" : "Fullt Omdirigerad (NAT)" }
+	],
+	"explanation": [
+		{ "en" : "" },
+		{ "sv" : "" }
+	],
+	"excluded_boards" : [
+		"EX4*"
+	],
+	"credentials" : 0
+}
+

inteno-netmodes/files/etc/netmodes/routed_mtk/DETAILS

@@ -7,6 +7,9 @@
 		{ "en" : "" },
 		{ "sv" : "" }
 	],
+	"excluded_boards" : [
+		"*G*"
+	],
 	"credentials" : 0
 }
 

inteno-netmodes/files/etc/netmodes/routed_mtk/dhcp

@@ -0,0 +1,22 @@
+config dnsmasq
+	option domainneeded	1
+	option boguspriv	1
+	option filterwin2k	0
+	option localise_queries	1
+	option rebind_protection 0
+	option rebind_localhost 1
+	option local	'/lan/'
+	option domain	'lan'
+	option expandhosts	1
+	option nonegcache	0
+	option authoritative	1
+	option readethers	1
+	option leasefile	'/tmp/dhcp.leases'
+	option resolvfile	'/tmp/resolv.conf.auto'
+
+config dhcp lan
+	option interface	lan
+	option start 	100
+	option limit	150
+	option leasetime	12h
+

inteno-netmodes/files/etc/netmodes/routed_mtk/firewall

@@ -0,0 +1,153 @@
+config settings 'settings'
+        option disabled '0'
+
+config defaults
+	option syn_flood	1
+	option input		ACCEPT
+	option output		ACCEPT
+	option forward		REJECT
+# Uncomment this line to disable ipv6 rules
+#	option disable_ipv6	1
+
+config zone
+	option name		lan
+	list   network		'lan'
+	option input		ACCEPT
+	option output		ACCEPT
+	option forward		ACCEPT
+
+config zone
+	option name		wan
+	list   network		'wan'
+	list   network		'wan6'
+	option input		REJECT
+	option output		ACCEPT
+	option forward		REJECT
+	option masq		1
+	option mtu_fix		1
+
+config forwarding
+	option src		lan
+	option dest		wan
+
+# We need to accept udp packets on port 68,
+# see https://dev.openwrt.org/ticket/4108
+config rule
+	option name		Allow-DHCP-Renew
+	option src		wan
+	option proto		udp
+	option dest_port	68
+	option target		ACCEPT
+	option family		ipv4
+
+# Allow IPv4 ping
+config rule
+	option name		Allow-Ping
+	option src		wan
+	option proto		icmp
+	option icmp_type	echo-request
+	option family		ipv4
+	option target		ACCEPT
+
+config rule
+	option name		Allow-IGMP
+	option src		wan
+	option proto		igmp
+	option family		ipv4
+	option target		ACCEPT
+
+# Allow DHCPv6 replies
+# see https://dev.openwrt.org/ticket/10381
+config rule
+	option name		Allow-DHCPv6
+	option src		wan
+	option proto		udp
+	option src_ip		fe80::/10
+	option src_port		547
+	option dest_ip		fe80::/10
+	option dest_port	546
+	option family		ipv6
+	option target		ACCEPT
+
+config rule
+	option name		Allow-MLD
+	option src		wan
+	option proto		icmp
+	option src_ip		fe80::/10
+	list icmp_type		'130/0'
+	list icmp_type		'131/0'
+	list icmp_type		'132/0'
+	list icmp_type		'143/0'
+	option family		ipv6
+	option target		ACCEPT
+
+# Allow essential incoming IPv6 ICMP traffic
+config rule
+	option name		Allow-ICMPv6-Input
+	option src		wan
+	option proto	icmp
+	list icmp_type		echo-request
+	list icmp_type		echo-reply
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	list icmp_type		router-solicitation
+	list icmp_type		neighbour-solicitation
+	list icmp_type		router-advertisement
+	list icmp_type		neighbour-advertisement
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
+
+# Allow essential forwarded IPv6 ICMP traffic
+config rule
+	option name		Allow-ICMPv6-Forward
+	option src		wan
+	option dest		*
+	option proto		icmp
+	list icmp_type		echo-request
+	list icmp_type		echo-reply
+	list icmp_type		destination-unreachable
+	list icmp_type		packet-too-big
+	list icmp_type		time-exceeded
+	list icmp_type		bad-header
+	list icmp_type		unknown-header-type
+	option limit		1000/sec
+	option family		ipv6
+	option target		ACCEPT
+
+# allow IPsec/ESP and ISAKMP passthrough
+config rule
+	option src		wan
+	option dest		lan
+	option proto		esp
+	option target		ACCEPT
+
+config rule
+	option src		wan
+	option dest		lan
+	option dest_port	500
+	option proto		udp
+	option target		ACCEPT
+
+config dmz dmz
+	option enabled '0'
+	option exclude_ports '5060 7547'
+
+# include a file with users custom iptables rules
+config include
+	option path /etc/firewall.user
+	option reload 1
+
+# include a file with rules for prioritizing some specific packets
+config include
+	option path /etc/firewall.qos
+	option reload 1
+
+# include a file with rules for DMZ Host
+config include dmzhost
+	option path /etc/firewall.dmz
+	option reload 1
+

inteno-netmodes/files/etc/netmodes/routed_mtk/mcpd

@@ -0,0 +1,14 @@
+config mcpd 'mcpd'
+	option igmp_proxy_interfaces 'wan'
+	option igmp_default_version '2'
+	option igmp_query_interval '125'
+	option igmp_query_response_interval '100'
+	option igmp_last_member_query_interval '10'
+	option igmp_robustness_value '2'
+	option igmp_max_groups '25'
+	option igmp_max_sources '10'
+	option igmp_max_members '25'
+	option igmp_fast_leave '1'
+	option igmp_proxy_enable '1'
+	option igmp_snooping_enable '2'
+	option igmp_snooping_interfaces 'br-lan'

inteno-netmodes/files/etc/netmodes/routed_mtk/network

@@ -0,0 +1,47 @@
+config interface 'loopback'
+	option ifname 'lo'
+	option proto 'static'
+	option ipaddr '127.0.0.1'
+	option netmask '255.0.0.0'
+
+config interface 'lan'
+	option type 'bridge'
+	option proto 'static'
+	option is_lan '1'
+	option ipaddr '192.168.1.1'
+	option netmask '255.255.255.0'
+	option ip6assign '60'
+	option ifname 'eth0.1 ra0 rai0'
+
+config device 'lan_dev'
+	option name 'eth0.1'
+	option macaddr '$MACLAN'
+
+config interface 'wan'
+	option ifname 'eth0.2'
+	option proto 'dhcp'
+	option reqopts '66 67 128 224'
+
+config device 'wan_dev'
+	option name 'eth0.2'
+	option macaddr '$MACWAN'
+
+config interface 'wan6'
+	option ifname '@wan'
+	option proto 'dhcpv6'
+
+config switch
+	option name 'switch0'
+	option reset '1'
+	option enable_vlan '1'
+
+config switch_vlan
+	option device 'switch0'
+	option vlan '1'
+	option ports '1 6t'
+
+config switch_vlan
+	option device 'switch0'
+	option vlan '2'
+	option ports '0 5t'
+

inteno-netmodes/files/etc/netmodes/routed_mtk/wireless

@@ -0,0 +1,40 @@
+config wifi-status 'status'
+	option wlan '1'
+	option wps '1'
+	option sched_status '0'
+	option schedule '0'
+
+config wifi-device  ra0
+	option band b
+	option channel  1
+	option bandwidth '20'
+	option hwmode   11n
+	option htmode   HT20
+	option country 'DE'
+	option beamforming 0
+
+config wifi-iface
+	option device   ra0
+	option network  lan
+	option mode     ap
+	option ssid     Inteno-$BSSID4
+	option encryption psk2
+	option key      $WPAKEY
+
+config wifi-device  rai0
+	option band a
+	option channel  36
+	option bandwidth '80'
+	option hwmode   11ac
+	option htmode   VHT80
+	option country 'DE'
+	option beamforming 0
+
+config wifi-iface
+	option device   rai0
+	option network  lan
+	option mode     ap
+	option ssid     Inteno-$BSSID4
+	option encryption psk2
+	option key      $WPAKEY
+