#!/bin/sh /etc/rc.common

START=99

log() {
	logger -t "Domain Filter " "$@"
}

start()
{
	ff=$(uci -q get firewall.filter)
	if [ -z $ff ]; then
		uci set firewall.filter="ipset"
		uci set firewall.filter.name="filter"
		uci set firewall.filter.family="ipv4"
		uci set firewall.filter.storage="hash"
		uci set firewall.filter.match="ip"
		uci set firewall.filter6="ipset"
		uci set firewall.filter6.name="filter6"
		uci set firewall.filter6.family="ipv6"
		uci set firewall.filter6.storage="hash"
		uci set firewall.filter6.match="ip"

		# Filter LAN client traffic with IP sets
		uci set firewall.filter_fwd="rule"
		uci set firewall.filter_fwd.name="Filter-IPset-DNS-Forward"
		uci set firewall.filter_fwd.src="lan"
		uci set firewall.filter_fwd.dest="wan"
		uci set firewall.filter_fwd.ipset="filter dest"
		uci set firewall.filter_fwd.family="ipv4"
		uci set firewall.filter_fwd.proto="all"
		uci set firewall.filter_fwd.target="REJECT"
		uci set firewall.filter6_fwd="rule"
		uci set firewall.filter6_fwd.name="Filter6-IPset-DNS-Forward"
		uci set firewall.filter6_fwd.src="lan"
		uci set firewall.filter6_fwd.dest="wan"
		uci set firewall.filter6_fwd.ipset="filter6 dest"
		uci set firewall.filter6_fwd.family="ipv6"
		uci set firewall.filter6_fwd.proto="all"
		uci set firewall.filter6_fwd.target="REJECT"

		uci commit firewall
		/etc/init.d/firewall restart
	fi
	/usr/lib/domain/filter.sh
}