#!/bin/sh
echo "Setting up firewall..."

apk add -u awall # important -u flag!
apk add ip6tables iptables
modprobe -v ip_tables
modprobe -v ip6_tables
#modprobe -v iptable_nat #if NAT is used

# Register services
rc-update add iptables
rc-update add ip6tables
rc-service iptables start
rc-service ip6tables start

# In the global policy, LAN rules are omitted, as we are behind a NAT router.
# If not, add this to global.policy.json:
#         "LAN": { "iface": "eth1" },
# ...
#   { "in": "LAN", "action": "accept" },
#   { "out": "LAN", "action": "accept" },