LoxiLB: enable firewall SNAT for green network

when loxilb is enabled and started, enable the
firewall SNAT for green network so green network
could have initiate outgoing traffic like internet
access.

we can achieve this by restoring firewall SNAT setting
from default /var/ipfire/loxilb/FWconfig.txt when loxilb
start up with --config-path=/var/ipfire/loxilb thanks
to the enhancement addressed in issue:

https://github.com/loxilb-io/loxilb/issues/706

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>

config/cfgroot/loxilb-FWconfig.txt

@@ -0,0 +1 @@
+{"fwAttr":[{"opts":{"counter":"0:0","doSnat":true,"toIP":"REDIP"},"ruleArguments":{"destinationIP":"0.0.0.0/0","portName":"green0","sourceIP":"0.0.0.0/0"}}]}

lfs/configroot

@@ -104,6 +104,7 @@ $(TARGET) :
 	cp $(DIR_SRC)/config/cfgroot/udp_ports			$(CONFIG_ROOT)/ddos/udp_ports
 	cp $(DIR_SRC)/config/cfgroot/dns-ddos-settings		$(CONFIG_ROOT)/ddos/dns-ddos-settings
 	cp $(DIR_SRC)/config/cfgroot/loxilb-settings		$(CONFIG_ROOT)/loxilb/settings
+	cp $(DIR_SRC)/config/cfgroot/loxilb-FWconfig.txt	$(CONFIG_ROOT)/loxilb/FWconfig.txt
 	cp $(DIR_SRC)/config/cfgroot/time-settings		$(CONFIG_ROOT)/time/settings
 	cp $(DIR_SRC)/config/cfgroot/logging-settings		$(CONFIG_ROOT)/logging/settings
 	cp $(DIR_SRC)/config/cfgroot/ethernet-vlans		$(CONFIG_ROOT)/ethernet/vlans

src/initscripts/system/loxilb

@@ -37,13 +37,19 @@ case "$1" in
 			mkdir -p /opt/loxilb/dp/
 			mount -t bpf bpf /opt/loxilb/dp/
 
-			loadproc -b loxilb --blacklist="eth[0-9]"
+			#enable egress firewall SNAT for green network
+			redip=$(< /var/ipfire/red/local-ipaddress)
+			sed -i "s/\"REDIP\"/\"$redip\"/" /var/ipfire/loxilb/FWconfig.txt
+
+			loadproc -b loxilb --config-path="/var/ipfire/loxilb/" --blacklist="eth[0-9]"
 		fi
 		;;
 
 	stop)
 		boot_mesg "Stopping loxilb..."
 		if [ "$ENABLE_LOXILB" == "off" ]; then
+			#remove egress firewall SNAT for green network
+			loxicmd delete firewall --firewallRule="portName:green0"
 			killproc loxilb
 		fi
 		;;