# Copyright (c) 2022-2025 Qualcomm Technologies, Inc.
# All Rights Reserved.
# Confidential and Proprietary - Qualcomm Technologies, Inc.

CDT_PINNACLES_M2=4

uci delete network.wan6 2> /dev/null
#Add the option type bridge for br-lan interface as per owrt standard
uci delete network.@device[0] 2> /dev/null
uci set network.lan.type="bridge"

#update br-lan interface address as per FR 79409
uci set network.lan.ipaddr="192.168.224.1"

#update ula_prefix to auto to assign modem prefix to clients
uci set network.globals.ula_prefix="auto"

#Add all tethered interfaces to br-lan
uci set network.lan.ifname="eth0 eth1 rndis0 ecm0 eth2"

#Assign Auto-IP to RNDIS interface
uci set network.rndis="interface"
uci set network.rndis.device="rndis0"
uci set network.rndis.proto="static"
uci set network.rndis.ipv6="1"
uci set network.rndis.ipaddr="169.254.20.1"
uci set network.rndis.ipv6="1"
uci set network.rndis.netmask="255.255.255.0"

#Assign Auto-IP to ECM interface
uci set network.ecm="interface"
uci set network.ecm.device="ecm0"
uci set network.ecm.proto="static"
uci set network.ecm.ipv6="1"
uci set network.ecm.ipaddr="169.254.21.1"
uci set network.ecm.ipv6="1"
uci set network.ecm.netmask="255.255.255.0"

#Assign Auto-IP to ETH interface
uci set network.eth="interface"
uci set network.eth.device="eth0"
uci set network.eth.mtu="1500"
uci set network.eth.proto="static"
uci set network.eth.ipv6="1"
uci set network.eth.ipaddr="169.254.22.1"
uci set network.eth.ipv6="1"
uci set network.eth.netmask="255.255.255.0"

#Assign Auto-IP to ETH-NIC2 interface
uci set network.eth_nic2="interface"
uci set network.eth_nic2.device="eth1"
uci set network.eth_nic2.proto="static"
uci set network.eth_nic2.ipv6="1"
uci set network.eth_nic2.ipaddr="169.254.23.1"
uci set network.eth_nic2.ipv6="1"
uci set network.eth_nic2.netmask="255.255.255.0"

#Assign Auto-IP to ETH-USB NIC interface
uci set network.eth_usb="interface"
uci set network.eth_usb.device="eth2"
uci set network.eth_usb.proto="static"
uci set network.eth_usb.ipv6="1"
uci set network.eth_usb.ipaddr="169.254.24.1"
uci set network.eth_usb.ipv6="1"
uci set network.eth_usb.netmask="255.255.255.0"

#Create default profile for mhi_swip0 interface
uci set network.mhi_swip="interface"
uci set network.mhi_swip.device="mhi_swip0"
uci set network.mhi_swip.proto="static"
uci set network.mhi_swip.ipv6="1"
uci set network.mhi_swip.ipaddr="169.250.25.26"
uci set network.mhi_swip.netmask="255.255.255.252"

#Create default profile for V4 interface
uci set network.wan="interface"
uci set network.wan.proto="rmnet"
uci set network.wan.profile="1"
uci set network.wan.downstream="lan"
uci set network.wan.type="internet"
# Bind is not required for default PDN as need to
# support embedded path in default PDN.
# Hence bind is disabled for default PDN
uci set network.wan.bind="0"
uci set network.wan.ipv6="0"

#Delete device entry from wan
uci del network.wan.device

#Delete device entry from wan6
uci del network.wan_v6.device

#Create default profile for V6 Interface
uci set network.wan_v6="interface"
uci set network.wan_v6.proto="rmnet"
uci set network.wan_v6.profile="1"
uci set network.wan_v6.downstream="lan"
uci set network.wan_v6.type="internet"
uci set network.wan_v6.bind="0"
uci set network.wan_v6.ipv6="1"

# support upto 768 LAN clients
uci set network.lan.netmask="255.255.252.0"
uci set dhcp.lan.limit="768"
uci del dhcp.@dnsmasq[0]

#add default dnsmasq section for lan
uci set dhcp.lan_dns=dnsmasq
uci set dhcp.lan_dns.domainneeded='1'
uci set dhcp.lan_dns.boguspriv='1'
uci set dhcp.lan_dns.filterwin2k='0'
uci set dhcp.lan_dns.localise_queries='1'
uci set dhcp.lan_dns.rebind_protection='1'
uci set dhcp.lan_dns.rebind_localhost='1'
uci set dhcp.lan_dns.local='/lan/'
uci set dhcp.lan_dns.domain='lan'
uci set dhcp.lan_dns.expandhosts='1'
uci set dhcp.lan_dns.nonegcache='0'
uci set dhcp.lan_dns.authoritative='1'
uci set dhcp.lan_dns.readethers='1'
uci set dhcp.lan_dns.leasefile='/tmp/data/dhcp.leases.lan'
uci set dhcp.lan_dns.resolvfile='/tmp/resolv.conf.d/resolv.conf.lan.auto'
uci set dhcp.lan_dns.nonwildcard='1'
uci set dhcp.lan_dns.localservice='1'
uci set dhcp.lan_dns.ednspacket_max='1232'
uci add_list dhcp.lan_dns.interface='lan'
uci add_list dhcp.lan_dns.notinterface='loopback'
uci del_list dhcp.lan.ra_flags='managed-config'
uci set dhcp.lan_dns.dhcpscript='/etc/data/dnsmasq_script.sh'

#add mapping for lan_dns
uci set dhcp.lan.instance='lan_dns'

#Add ndp option for lan
uci set dhcp.lan.ndp='relay'

#Create wan_wlan interface
uci set network.wanwlan="interface"
uci set network.wanwlan.proto="dhcp"

#Create default configuration for tinyproxy
uci set tinyproxy.@tinyproxy[0]=tinyproxy
uci set tinyproxy.@tinyproxy[0].User='nobody'
uci set tinyproxy.@tinyproxy[0].Group='inet'
uci set tinyproxy.@tinyproxy[0].Port='8888'
uci set tinyproxy.@tinyproxy[0].Timeout='600'
uci set tinyproxy.@tinyproxy[0].DefaultErrorFile='/usr/share/tinyproxy/default.html'
uci set tinyproxy.@tinyproxy[0].StatFile='/usr/share/tinyproxy/stats.html'
uci set tinyproxy.@tinyproxy[0].LogFile='/var/log/tinyproxy.log'
uci set tinyproxy.@tinyproxy[0].LogLevel='Info'
uci set tinyproxy.@tinyproxy[0].MaxClients='100'
uci set tinyproxy.@tinyproxy[0].MinSpareServers='5'
uci set tinyproxy.@tinyproxy[0].MaxSpareServers='20'
uci set tinyproxy.@tinyproxy[0].StartServers='10'
uci set tinyproxy.@tinyproxy[0].MaxRequestsPerChild='0'
uci set tinyproxy.@tinyproxy[0].Allow='127.0.0.1'
uci add_list tinyproxy.@tinyproxy[0].Allow='0.0.0.0/0'
uci set tinyproxy.@tinyproxy[0].ViaProxyName='tinyproxy'
uci set tinyproxy.@tinyproxy[0].ConnectPort='443' '563'
uci set tinyproxy.@tinyproxy[0].enabled='0'

#creating a lan zone corresponding to default PDN
uci add firewall zone
uci set firewall.@zone[-1].name=lan_wan
uci add_list firewall.@zone[-1].network='lan'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='ACCEPT'

#updating a forward rule corresponding to default PDN
uci set firewall.@forwarding[0].src=lan_wan

#Delete network lan and insert again to give more priority to lan_wan network
lan_index=`uci show firewall | grep -i name | grep -w 'lan' | awk -F'[][]' '{print $2}'`
if [ "$lan_index" ]; then
	uci delete firewall.@zone[$lan_index]
	uci add firewall zone
	uci set firewall.@zone[-1].name='lan'
	uci add_list firewall.@zone[-1].network='lan'
	uci set firewall.@zone[-1].input='ACCEPT'
	uci set firewall.@zone[-1].output='ACCEPT'
	uci set firewall.@zone[-1].forward='ACCEPT'
fi

#Adding a generic wan zone which will contains all wan interfaces listed
uci add firewall zone
uci set firewall.@zone[-1].name=wan_all
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='0'

#Delete network wan and insert again to give more priority to wan_all network
wan_index=`uci show firewall | grep -i name | grep -w 'wan' | awk -F'[][]' '{print $2}'`
rbms_status=`uci get qcmap_lan.@no_of_configs[0].rbms_enabled`
if [ "$wan_index" ]; then
	uci delete firewall.@zone[$wan_index]
	uci add firewall zone
	uci set firewall.@zone[-1].name='wan'
	uci add_list firewall.@zone[-1].network='wan'
	uci add_list firewall.@zone[-1].network='wan_v6'
	uci add_list firewall.@zone[-1].network='waneth'
	uci add_list firewall.@zone[-1].network='waneth_v6'
	uci add_list firewall.@zone[-1].network='wanwlan'
	uci add_list firewall.@zone[-1].network='wanwlan_v6'
	uci set firewall.@zone[-1].input='REJECT'
	uci set firewall.@zone[-1].output='ACCEPT'
	uci set firewall.@zone[-1].forward='REJECT'
	if [ $rbms_status -eq 1 ]; then
		uci set firewall.@zone[-1].masq='0'
		uci set firewall.@zone[-1].masq_random='0'
	else
		uci set firewall.@zone[-1].masq='1'
		uci set firewall.@zone[-1].masq_random='1'
	fi
fi

#Adding a generic swip zone which will contains mhi_swip0 interface
uci add firewall zone
uci set firewall.@zone[-1].name=swip
uci add_list firewall.@zone[-1].network='mhi_swip'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='ACCEPT'
uci set firewall.@zone[-1].masq='0'

#Deleting default firewall rules configured by OWRT opensource
count1=`uci show firewall | grep -i "Allow-DHCP-Renew" | awk -F'[][]' '{print $2}'`
if [ "$count1" ]; then
  uci delete firewall.@rule[$count1]
  uci commit firewall
fi

count2=`uci show firewall | grep -i "Allow-Ping" | awk -F'[][]' '{print $2}'`
if [ "$count2" ]; then
  uci delete firewall.@rule[$count2]
  uci commit firewall
fi

count3=`uci show firewall | grep -i "Allow-IGMP" | awk -F'[][]' '{print $2}'`
if [ "$count3" ]; then
  uci delete firewall.@rule[$count3]
  uci commit firewall
fi

count4=`uci show firewall | grep -i "Allow-DHCPv6" | awk -F'[][]' '{print $2}'`
if [ "$count4" ]; then
  uci delete firewall.@rule[$count4]
  uci commit firewall
fi

count5=`uci show firewall | grep -i "Allow-MLD" | awk -F'[][]' '{print $2}'`
if [ "$count5" ]; then
  uci delete firewall.@rule[$count5]
  uci commit firewall
fi

count6=`uci show firewall | grep -i "Allow-ICMPv6-Input" | awk -F'[][]' '{print $2}'`
if [ "$count6" ]; then
  uci delete firewall.@rule[$count6]
  uci commit firewall
fi

count7=`uci show firewall | grep -i "Allow-ICMPv6-Forward" | awk -F'[][]' '{print $2}'`
if [ "$count7" ]; then
  uci delete firewall.@rule[$count7]
  uci commit firewall
fi

count8=`uci show firewall | grep -i "Allow-IPSec-ESP" | awk -F'[][]' '{print $2}'`
if [ "$count8" ]; then
  uci delete firewall.@rule[$count8]
  uci commit firewall
fi

count9=`uci show firewall | grep -i "Allow-ISAKMP" | awk -F'[][]' '{print $2}'`
if [ "$count9" ]; then
  uci delete firewall.@rule[$count9]
  uci commit firewall
fi

count10=`uci show firewall | grep -i "Support-UDP-Traceroute" | awk -F'[][]' '{print $2}'`
if [ "$count10" ]; then
  uci delete firewall.@rule[$count10]
  uci commit firewall
fi

# Adding Default firewall rules for TCP, UDP, ICMP

#ICMP-V4
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-ICMP-Input'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].proto='icmp'
uci set firewall.@rule[-1].family='ipv4'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

uci add firewall rule
uci set firewall.@rule[-1].name='Allow-ICMP-Forward'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].dest='*'
uci set firewall.@rule[-1].proto='icmp'
uci set firewall.@rule[-1].family='ipv4'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

#ICMP-V6
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-ICMPv6-Input'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].proto='icmp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

uci add firewall rule
uci set firewall.@rule[-1].name='Allow-ICMPv6-Forward'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].dest='*'
uci set firewall.@rule[-1].proto='icmp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='0'

#TCP-V4
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-TCP-Input'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].family='ipv4'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

uci add firewall rule
uci set firewall.@rule[-1].name='Allow-TCP-Forward'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].dest='*'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].family='ipv4'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

#TCP-V6
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-TCP-v6-Input'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

uci add firewall rule
uci set firewall.@rule[-1].name='Allow-TCP-v6-Forward'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].dest='*'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='0'


#UDP-V4
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-UDP-Input'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].proto='udp'
uci set firewall.@rule[-1].family='ipv4'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

uci add firewall rule
uci set firewall.@rule[-1].name='Allow-UDP-Forward'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].dest='*'
uci set firewall.@rule[-1].proto='udp'
uci set firewall.@rule[-1].family='ipv4'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

#UDP-V6
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-UDP-V6-Input'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].proto='udp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

uci add firewall rule
uci set firewall.@rule[-1].name='Allow-UDP-V6-Forward'
uci set firewall.@rule[-1].src='wan_all'
uci set firewall.@rule[-1].dest='*'
uci set firewall.@rule[-1].proto='udp'
uci set firewall.@rule[-1].family='ipv6'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='0'


# Set ipsecpt_enable/ipsecptv6_enable/pptppt_enable/pptpptv6_enable in qcmap_lan db for default PDN to 1
uci set qcmap_lan.@profile[0].ipsecpt_enable='1'
uci set qcmap_lan.@profile[0].ipsecptv6_enable='1'
uci set qcmap_lan.@profile[0].pptppt_enable='1'
uci set qcmap_lan.@profile[0].pptpptv6_enable='1'

uci set qcmap_lan.@no_of_configs[0].no_of_default_firewall_rules=$(uci show firewall | grep -i "rule" | awk -F'[][]' '{print $2}' | tail -1)
uci commit

uci set qcmap_lan.@no_of_configs[0].no_of_rules=$(uci get qcmap_lan.@no_of_configs[0].no_of_default_firewall_rules)

# store lan ipaddr and netmask, required this for IPPT clean up
uci add qcmap_lan lan
uci set qcmap_lan.@lan[0].ip="192.168.224.1"
uci set qcmap_lan.@lan[0].netmask="255.255.252.0"

#Setting DHCP ignore option as 0 by-default for default bridge
uci set dhcp.lan.ignore='0'

uci delete network.lan.ip6assign

#mwan settings
uci delete mwan3.wan6   2> /dev/null
uci delete mwan3.wanb6  2> /dev/null
uci delete mwan3.wanb   2> /dev/null

uci delete mwan3.backhaul_pref  2> /dev/null
uci delete mwan3.backhaul_pref6 2> /dev/null

uci set mwan3.backhaul_pref=policy
uci set mwan3.backhaul_pref6=policy

##Read mwan3track cfg from qcmap_lan for memory optimization
wanbt_status=$(uci get qcmap_lan.@mwan3track[0].wanbt)
wanwlan_status=$(uci get qcmap_lan.@mwan3track[0].wanwlan)
waneth_status=$(uci get qcmap_lan.@mwan3track[0].waneth)
wanusb_status=$(uci get qcmap_lan.@mwan3track[0].wanusb)

i=1
for wan_type in "wanbt" "waneth" "wanusb" "wanwlan" "wan"
  do

    uci delete mwan3.$wan_type  2> /dev/null

    uci set mwan3.$wan_type=interface
    uci set mwan3.$wan_type.enabled='0'
    uci set mwan3.$wan_type.family='ipv4'
    uci set mwan3.$wan_type.reliability='0'
    uci set network.$wan_type.defaultroute='0'
    uci set network.$wan_type.lockmtu='1'
    uci add_list mwan3.$wan_type.track_ip='8.8.4.4'
    uci add_list mwan3.$wan_type.track_ip='8.8.8.8'
    uci add_list mwan3.$wan_type.track_ip='208.67.222.222'
    uci add_list mwan3.$wan_type.track_ip='208.67.220.220'

    if [ $wan_type != "wan" ]; then
      uci set network.$wan_type="interface"
      uci set network.$wan_type.proto='dhcp'
      #network.device need be set by QCMAP when enable backhaul switch
    fi

#Create member for wan.
    uci delete mwan3.m_$wan_type 2> /dev/null
    uci set mwan3.m_$wan_type=member
    uci set mwan3.m_$wan_type.interface=$wan_type
    uci set mwan3.m_$wan_type.metric="$i"
    uci set mwan3.m_$wan_type.weight="$((i+1))"

    uci add_list mwan3.backhaul_pref.use_member="m_$wan_type"

    wan6_type=$wan_type"_v6"

    uci delete mwan3.$wan6_type  2> /dev/null

    if [ $wan_type != "wan" ]; then

      uci set network.$wan6_type="interface"
      uci set network.$wan6_type.proto='dhcpv6'
      uci set network.$wan6_type.ipv6='1'
      uci set network.$wan6_type.type='internet'
      uci set network.$wan6_type.downstream='lan'
      uci set network.$wan6_type.defaultroute='0'
      uci set network.$wan6_type.lockmtu='1'
      #network.device need be set by QCMAP when enable backhaul switch

      uci set dhcp.$wan6_type=dhcp
      uci set dhcp.$wan6_type.interface="$wan6_type"
      #dhcp.master need be set by QCMAP when for highest priority(need up)
    fi

    uci set mwan3.$wan6_type=interface
    uci set mwan3.$wan6_type.enabled='0'
    uci set mwan3.$wan6_type.family='ipv6'
    uci set mwan3.$wan6_type.reliability='0'
    uci set network.$wan6_type.defaultroute='0'
    uci set network.$wan6_type.lockmtu='1'
    uci add_list mwan3.$wan6_type.track_ip='2001:4860:4860::8844'
    uci add_list mwan3.$wan6_type.track_ip='2001:4860:4860::8888'
    uci add_list mwan3.$wan6_type.track_ip='2620:0:ccd::2'
    uci add_list mwan3.$wan6_type.track_ip='2620:0:ccc::2'

    #Create member for wan v6.
    uci delete mwan3.m_$wan6_type 2> /dev/null
    uci set mwan3.m_$wan6_type=member
    uci set mwan3.m_$wan6_type.interface=$wan6_type
    uci set mwan3.m_$wan6_type.metric="$i"
    uci set mwan3.m_$wan6_type.weight="$((i+1))"

    uci add_list mwan3.backhaul_pref6.use_member="m_$wan6_type"

#Configure mwan3track accoding to qcmap_lan cfg
    if [ $wanbt_status -eq 1 ] && [ $wan_type == "wanbt" ]; then
      uci set mwan3.$wan_type.enabled='1'
      uci set mwan3.$wan6_type.enabled='1'
    elif [ $wanusb_status -eq 1 ] && [ $wan_type == "wanusb" ]; then
      uci set mwan3.$wan_type.enabled='1'
      uci set mwan3.$wan6_type.enabled='1'
    elif [ $wanwlan_status -eq 1 ] && [ $wan_type == "wanwlan" ]; then
      uci set mwan3.$wan_type.enabled='1'
      uci set mwan3.$wan6_type.enabled='1'
    elif [ $waneth_status -eq 1 ] && [ $wan_type == "waneth" ]; then
      uci set mwan3.$wan_type.enabled='1'
      uci set mwan3.$wan6_type.enabled='1'
##Always enable mwan3track for WWAN BH
    elif [ $wan_type == "wan" ]; then
      uci set mwan3.$wan_type.enabled='1'
      uci set mwan3.$wan6_type.enabled='1'
    fi

    i=$((i+1))

  done


#Add policy.

uci set mwan3.default_rule_v4=rule
uci set mwan3.default_rule_v4.dest_ip='0.0.0.0/0'
uci set mwan3.default_rule_v4.use_policy='backhaul_pref'
uci set mwan3.default_rule_v4.family='ipv4'

uci set mwan3.default_rule_v6=rule
uci set mwan3.default_rule_v6.dest_ip='::'
uci set mwan3.default_rule_v6.use_policy='backhaul_pref6'
uci set mwan3.default_rule_v6.family='ipv6'

#setting mwan3 mark to 0x35
uci set mwan3.globals.mmx_mask='0x35'

#remove unused mwan3 policy/member

uci -q delete mwan3.balanced
uci -q delete mwan3.https

uci -q delete mwan3.wanb_m1_w2
uci -q delete mwan3.wanb_m1_w3
uci -q delete mwan3.wanb_m2_w2
uci -q delete mwan3.wanb6_m1_w2
uci -q delete mwan3.wanb6_m1_w3
uci -q delete mwan3.wanb6_m2_w2
uci -q delete mwan3.wan_m1_w2
uci -q delete mwan3.wan_m1_w3
uci -q delete mwan3.wan_m2_w2
uci -q delete mwan3.wan_m2_w3
uci -q delete mwan3.wan6_m1_w2
uci -q delete mwan3.wan6_m1_w3
uci -q delete mwan3.wan6_m2_w2
uci -q delete mwan3.wan6_m2_w3

uci -q delete mwan3.wanb_only
uci -q delete mwan3.wan_only
uci -q delete mwan3.wan_wanb
uci -q delete mwan3.wanb_wan

#clean up unneeded setting for variant that don't have no WiFi/BT
CDT_TYPE=$(cat /sys/devices/soc0/platform_subtype_id)
if [ $CDT_TYPE -eq $CDT_PINNACLES_M2 ]; then
  uci del network.wanbt
  uci del network.wanbt_v6
  uci del network.wanwlan
  uci del network.wanwlan_v6
  uci commit network

  uci del_list mwan3.backhaul_pref.use_member='m_wanbt'
  uci del_list mwan3.backhaul_pref.use_member='m_wanwlan'
  uci del_list mwan3.backhaul_pref6.use_member='m_wanbt_v6'
  uci del_list mwan3.backhaul_pref6.use_member='m_wanwlan_v6'
  uci del mwan3.m_wanbt
  uci del mwan3.m_wanwlan
  uci del mwan3.m_wanbt_v6
  uci del mwan3.m_wanwlan_v6
  uci del mwan3.wanbt
  uci del mwan3.wanwlan
  uci del mwan3.wanbt_v6
  uci del mwan3.wanwlan_v6
  uci commit mwan3
fi

uci commit


#Create default profile for upnpd config
uci add upnpd config
uci set upnpd.config.enable_natpmp='1'
uci set upnpd.config.secure_mode='1'
uci set upnpd.config.log_output='0'
uci set upnpd.config.download='1024'
uci set upnpd.config.upload='512'
uci set upnpd.config.external_iface='wan'
uci set upnpd.config.internal_iface='lan'
uci set upnpd.config.notify_interval='60'

#Create default profile for perm_rule
uci set upnpd.perm_rule.action='deny'
uci set upnpd.perm_rule.ext_ports='0-65535'
uci set upnpd.perm_rule.int_addr='0.0.0.0/0'
uci set upnpd.perm_rule.int_ports='0:65535'

lan_wan_idx=`uci show firewall | grep -i name | grep -w 'lan_wan' | awk -F'[][]' '{print $2}'`
uci set firewall.@zone[$lan_wan_idx].masq='0'
uci commit firewall

#deleting uci config of miniupnpd for fw3
uci delete firewall.miniupnpd
uci commit firewall

#adding config include for /etc/firewall.user.qcmap
uci set firewall.qcmap_include="include"
uci set firewall.qcmap_include.path="/etc/firewall.user.qcmap"
uci set firewall.qcmap_include.enabled='1'
uci set firewall.qcmap_include.type='script'
uci set firewall.qcmap_include.fw4_compatible='1'

#adding config include for /etc/firewall.user.qcmap
uci set firewall.qcmap_include_ebtable="include"
uci set firewall.qcmap_include_ebtable.path="/etc/data/qcmap_ebtables.sh"
uci set firewall.qcmap_include_ebtable.enabled='1'
uci set firewall.qcmap_include_ebtable.type='script'
uci set firewall.qcmap_include_ebtable.fw4_compatible='1'

#drop packets in ct state invalid
uci set firewall.@defaults[0].drop_invalid='1'
uci commit firewall

apwwanprofile=$(uci get qcmap_lan.@no_of_configs[0].ap_pdn)
apdnswwanprofile=$(uci get qcmap_lan.@no_of_configs[0].ap_dns_pdn)
default_profile_id=$(uci get qcmap_lan.@no_of_configs[0].default_pdn)

#adding config IPv4 rule for AP WWAN profile
uci set network.aprule_in=rule
uci set network.aprule_in.in='loopback'
uci set network.aprule_in.lookup='301'
uci set network.aprule_out=rule
uci set network.aprule_out.out='loopback'
uci set network.aprule_out.lookup='301'
if [ $default_profile_id == $apwwanprofile ] && [ $default_profile_id == $apdnswwanprofile ]; then
  uci set network.aprule_in.disabled='1'
  uci set network.aprule_out.disabled='1'
else
  uci set network.aprule_in.disabled='0'
  uci set network.aprule_out.disabled='0'
fi

uci set network.apwwanprofile=route
if [ $apwwanprofile -eq 1 ]; then
  uci set network.apwwanprofile.interface='wan'
else
  uci set network.apwwanprofile.interface=wan$apwwanprofile
fi
uci set network.apwwanprofile.target='0.0.0.0/0'
uci set network.apwwanprofile.table='301'

uci set network.apdnswwanprofile_pri=route
if [ $apdnswwanprofile -eq 1 ]; then
  uci set network.apdnswwanprofile_pri.interface='wan'
else
  uci set network.apdnswwanprofile_pri.interface=wan$apdnswwanprofile
fi
uci set network.apdnswwanprofile_pri.table='301'
uci set network.apdnswwanprofile_pri.disabled='1'

uci set network.apdnswwanprofile_sec=route
if [ $apdnswwanprofile -eq 1 ]; then
  uci set network.apdnswwanprofile_sec.interface='wan'
else
  uci set network.apdnswwanprofile_sec.interface=wan$apdnswwanprofile
fi
uci set network.apdnswwanprofile_sec.table='301'
uci set network.apdnswwanprofile_sec.disabled='1'
uci commit network

#adding config IPv6 rule for AP WWAN profile
uci set network.aprule6_in=rule6
uci set network.aprule6_in.in='loopback'
uci set network.aprule6_in.lookup='301'
uci set network.aprule6_out=rule6
uci set network.aprule6_out.out='loopback'
uci set network.aprule6_out.lookup='301'
if [ $default_profile_id == $apwwanprofile ] && [ $default_profile_id == $apdnswwanprofile ]; then
  uci set network.aprule6_in.disabled='1'
  uci set network.aprule6_out.disabled='1'
else
  uci set network.aprule6_in.disabled='0'
  uci set network.aprule6_out.disabled='0'
fi

uci set network.apwwanprofile_v6=route6
if [ $apwwanprofile -eq 1 ]; then
  uci set network.apwwanprofile_v6.interface='wan_v6'
else
  uci set network.apwwanprofile_v6.interface=wan$apwwanprofile_v6
fi
uci set network.apwwanprofile_v6.target='::/0'
uci set network.apwwanprofile_v6.table='301'

uci set network.apdnswwanprofile_pri_v6=route6
if [ $apdnswwanprofile -eq 1 ]; then
  uci set network.apdnswwanprofile_pri_v6.interface='wan_v6'
else
  uci set network.apdnswwanprofile_pri_v6.interface=wan$apdnswwanprofile_v6
fi
uci set network.apdnswwanprofile_pri_v6.table='301'
uci set network.apdnswwanprofile_pri_v6.disabled='1'

uci set network.apdnswwanprofile_sec_v6=route6
if [ $apdnswwanprofile -eq 1 ]; then
  uci set network.apdnswwanprofile_sec_v6.interface='wan_v6'
else
  uci set network.apdnswwanprofile_sec_v6.interface=wan$apdnswwanprofile_v6
fi
uci set network.apdnswwanprofile_sec_v6.table='301'
uci set network.apdnswwanprofile_sec_v6.disabled='1'

uci add network route
uci set network.@route[-1].interface='lan'
uci set network.@route[-1].target=$(uci get qcmap_lan.@lan[0].ip)
uci set network.@route[-1].netmask=$(uci get qcmap_lan.@lan[0].netmask)
uci set network.@route[-1].table='301'

uci commit network
