fiveg/contrib/openwrt/firewall.user

#!/bin/sh

lookup() {
    # on resolution failure, this will attempt to index nil value
    # and lua will exit nonzero
    lua -l nixio -e "print(nixio.getaddrinfo('$1')[1].address)" 2>/dev/null
}

ip_captive=$(lookup maszt.5g)
ip_login=$(lookup pis.org.pl)

if test -n "$ip_login"
then
    iptables -t nat -A prerouting_rule -i br-5g -d "$ip_login" \
        -j ACCEPT
    iptables -t filter -A forwarding_rule -p tcp --dport 80 -d "$ip_login" \
        -j ACCEPT
fi

iptables -t nat -A prerouting_rule -i br-5g -p tcp --dport 80 \
    -j DNAT --to-destination "$ip_captive"
iptables -t filter -A forwarding_rule -p tcp --dport 80 -d "$ip_captive" \
    -j ACCEPT

# vim: ts=4 sts=4 sw=4 et