#!/bin/sh

uci set firewall.wg_allow="rule"
uci set firewall.wg_allow.src="*"
uci set firewall.wg_allow.target="ACCEPT"
uci set firewall.wg_allow.proto="udp"
uci set firewall.wg_allow.dest_port="51800"
uci set firewall.wg_allow.name="Allow-Wireguard-Inbound"

# Add the firewall zone
uci add firewall zone
uci set firewall.@zone[-1].name='wg'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].forward='ACCEPT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].masq='1'

# Add the WG interface to it
uci set firewall.@zone[-1].network='wg0'

# Forward WAN and LAN traffic to/from it
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='wg'
uci set firewall.@forwarding[-1].dest='wan'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='wg'
uci set firewall.@forwarding[-1].dest='lan'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='wg'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='wan'
uci set firewall.@forwarding[-1].dest='wg'

uci commit firewall
/etc/init.d/firewall restart