From 3e5723fffa47d38ee242ff03ac731f42842c9ac4 Mon Sep 17 00:00:00 2001
From: Handa Wang <handaw@google.com>
Date: Mon, 4 Sep 2023 16:15:01 +0800
Subject: [PATCH] save

---
 etc/docker/Dockerfile |  2 ++
 script/_firewall      | 10 ++++++++++
 script/_otbr          | 10 ++++++++++
 script/bootstrap      |  2 ++
 4 files changed, 24 insertions(+)

diff --git a/etc/docker/Dockerfile b/etc/docker/Dockerfile
index f5bb9c65d7a..eef7a948d8e 100644
--- a/etc/docker/Dockerfile
+++ b/etc/docker/Dockerfile
@@ -42,6 +42,7 @@ ARG RELEASE
 ARG REST_API
 ARG WEB_GUI
 ARG MDNS
+ARG FIREWALL
 
 ENV INFRA_IF_NAME=${INFRA_IF_NAME:-eth0}
 ENV BORDER_ROUTING=${BORDER_ROUTING:-1}
@@ -59,6 +60,7 @@ ENV NAT64_DYNAMIC_POOL=${NAT64_DYNAMIC_POOL:-192.168.255.0/24}
 ENV DNS64=${DNS64:-0}
 ENV WEB_GUI=${WEB_GUI:-1}
 ENV REST_API=${REST_API:-1}
+ENV FIREWALL=${FIREWALL:-1}
 ENV DOCKER 1
 
 RUN env
diff --git a/script/_firewall b/script/_firewall
index 0a29c3699cc..28344d24101 100755
--- a/script/_firewall
+++ b/script/_firewall
@@ -31,8 +31,12 @@ FIREWALL_SERVICE=/etc/init.d/otbr-firewall
 
 sudo modprobe ip6table_filter || true
 
+FIREWALL="${FIREWALL:-1}"
+
 firewall_uninstall()
 {
+    with FIREWALL || return 0
+
     firewall_stop
     if have systemctl; then
         sudo systemctl disable otbr-firewall || true
@@ -46,6 +50,8 @@ firewall_uninstall()
 
 firewall_install()
 {
+    with FIREWALL || return 0
+
     sudo cp script/otbr-firewall $FIREWALL_SERVICE
     sudo chmod a+x $FIREWALL_SERVICE
     if have systemctl; then
@@ -56,6 +62,8 @@ firewall_install()
 
 firewall_start()
 {
+    with FIREWALL || return 0
+
     if with DOCKER; then
         service otbr-firewall start || die 'Failed to start firewall service'
     elif have systemctl; then
@@ -65,6 +73,8 @@ firewall_start()
 
 firewall_stop()
 {
+    with FIREWALL || return 0
+
     if with DOCKER; then
         service otbr-firewall stop || true
     elif have systemctl; then
diff --git a/script/_otbr b/script/_otbr
index 790ab10ae9e..dbccc73c88c 100644
--- a/script/_otbr
+++ b/script/_otbr
@@ -128,6 +128,16 @@ otbr_install()
         )
     fi
 
+    if with FIREWALL; then
+        otbr_options+=(
+            "-DOT_FIREWALL=ON"
+        )
+    else
+        otbr_options+=(
+            "-DOT_FIREWALL=OFF"
+        )
+    fi
+
     (./script/cmake-build "${otbr_options[@]}" \
         && cd "${OTBR_TOP_BUILDDIR}" \
         && ninja \
diff --git a/script/bootstrap b/script/bootstrap
index 2ad1d0800b8..67d194b1ca7 100755
--- a/script/bootstrap
+++ b/script/bootstrap
@@ -35,6 +35,8 @@
 
 NAT64_SERVICE="${NAT64_SERVICE:-openthread}"
 
+FIREWALL="${FIREWALL:-1}"
+
 install_packages_apt()
 {
     sudo apt-get update