#!/bin/sh
# -----------------
PACKAGE_DIR=`dirname "$0"`
PACKAGE_NAME=`basename "$0" .postinst`
PACKAGE_VERSION=`cat ${PACKAGE_DIR}/${PACKAGE_NAME}.control | awk -F': ' '/^Version/{print $2}'`
# -----------------

##======= TIME SETUP =======##
TIMEZONE='GMT-3'
uci set system.@system[0].timezone="$TIMEZONE"

##======= PORTS SETUP =======##
#TCP
#22 - SSH
#2222 - VES
#80 - HTTP
#102 - 61850 MMS
#443 - HTTPS
#502 - MODBUS TCP
#1883 - MQTT
#2404 - IEC 104
#2405 - IEC 104
#2406 - IEC 104
#2407 - IEC 104
#2408 - IEC 104
#4001 - VES
#4840 - OPC UA
#8081 - TMIUS WEB
#8083 - MQTT SSL

#UDP
#123 - NTP
#161 - SNMP

TCPPORTS='22 2222 4001 80 102 443 502 1883 2404 2405 2406 2407 2408 4840 8081 8883'
UDPPORTS='123 161'

for port in $TCPPORTS; do
   cfg="$(uci add firewall rule)"
   uci batch << EOF
set firewall.$cfg.name="ACCEPT TCP $port"
set firewall.$cfg.proto="tcp"
set firewall.$cfg.src="wan"
set firewall.$cfg.dest_port="$port"
set firewall.$cfg.target="ACCEPT"
EOF
   uci commit
done

for port in $UDPPORTS; do
    cfg="$(uci add firewall rule)"
    uci batch << EOF
set firewall.$cfg.name="ACCEPT UDP $port"
set firewall.$cfg.proto="udp"
set firewall.$cfg.src="wan"
set firewall.$cfg.dest_port="$port"
set firewall.$cfg.target="ACCEPT"
EOF
    uci commit
done

# net.ipv4.tcp_fin_timeout=30
# net.ipv4.tcp_keepalive_time=30
# net.ipv4.tcp_keepalive_intvl=1
# net.ipv4.tcp_keepalive_probes=5
echo "net.ipv4.tcp_fin_timeout=30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time=30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_intvl=1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_probes=5" >> /etc/sysctl.conf

sysctl -p /etc/sysctl.conf >/dev/null
/etc/init.d/firewall reload &>/dev/null
/etc/init.d/system reload &>/dev/null
