packages/net/pbr/files/etc/uci-defaults/90-pbr

#!/bin/sh
# shellcheck disable=SC3043

readonly pbrFunctionsFile='/etc/init.d/pbr'
if [ -s "$pbrFunctionsFile" ]; then
# shellcheck source=../../etc/init.d/pbr
	. "$pbrFunctionsFile"
else
	printf "%b: pbr init.d file (%s) not found! \n" '\033[0;31mERROR\033[0m' "$pbrFunctionsFile"
fi

# Transition from vpn-policy-routing
if [ -s '/etc/config/vpn-policy-routing' ] && [ ! -s '/etc/config/pbr-opkg' ] \
	&& [ "$(uci_get pbr config enabled)" = '0' ]; then
	if [ -x '/etc/init.d/vpn-policy-routing' ]; then
		output "Stopping and disabling vpn-policy-routing."
		if /etc/init.d/vpn-policy-routing stop \
			&& /etc/init.d/vpn-policy-routing disable; then
			output_okn
		else
			output_failn
		fi
	fi
	output "Migrating vpn-policy-routing config file."
	if mv '/etc/config/pbr' '/etc/config/pbr-opkg' \
		&& sed 's/vpn-policy-routing/pbr/g' /etc/config/vpn-policy-routing > /etc/config/pbr \
		&& uci_set vpn-policy-routing config enabled 0 && uci_commit vpn-policy-routing; then
		output_okn
	else
		output_failn
	fi
fi

# Transition from older versions of pbr
sed -i "s/resolver_ipset/resolver_set/g" /etc/config/pbr
sed -i "s/iptables_rule_option/rule_create_option/g" /etc/config/pbr
sed -i "s/'FORWARD'/'forward'/g" /etc/config/pbr
sed -i "s/'INPUT'/'input'/g" /etc/config/pbr
sed -i "s/'OUTPUT'/'output'/g" /etc/config/pbr
sed -i "s/'PREROUTING'/'prerouting'/g" /etc/config/pbr
sed -i "s/'POSTROUTING'/'postrouting'/g" /etc/config/pbr
sed -i "s/option fw_mask '0x\(.*\)'/option fw_mask '\1'/g" /etc/config/pbr
sed -i "s/option wan_mark '0x\(.*\)'/option wan_mark '\1'/g" /etc/config/pbr
sed -i "s|option path '/etc/pbr/|option path '/usr/share/pbr/|g" /etc/config/pbr
sed -i "/procd_lan_interface/d" /etc/config/pbr

# add firewall include file to fw4 config
# shellcheck source=../../usr/share/pbr/firewall.include
if [ -s '/usr/share/pbr/firewall.include' ]; then
uci -q batch <<-EOT
	delete firewall.pbr
	set firewall.pbr='include'
	set firewall.pbr.fw4_compatible='1'
	set firewall.pbr.type='script'
	set firewall.pbr.path='/usr/share/pbr/firewall.include'
	commit firewall
EOT
fi

# Transition from pre-1.1.7 versions
# shellcheck disable=SC2317
_remove_wg_server_client() {
	local path
	config_get path "$1" 'path'
	if [ "$path" = '/usr/share/pbr/pbr.user.wg_server_and_client' ]; then
		uci_remove pbr "$1"
	fi
}
config_load pbr
config_foreach _remove_wg_server_client include
[ -n "$(uci changes pbr)" ] && uci_commit pbr

exit 0