mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2025-04-21 12:27:27 +03:00
[backfire] backport r23062
git-svn-id: svn://svn.openwrt.org/openwrt/branches/backfire@23063 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
jow
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||||||
PKG_NAME:=firewall
|
PKG_NAME:=firewall
|
||||||
|
|
||||||
PKG_VERSION:=1
|
PKG_VERSION:=1
|
||||||
PKG_RELEASE:=16
|
PKG_RELEASE:=17
|
||||||
|
|
||||||
include $(INCLUDE_DIR)/package.mk
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ config_load firewall
|
|||||||
|
|
||||||
config fw_zones
|
config fw_zones
|
||||||
ZONE_LIST=$CONFIG_SECTION
|
ZONE_LIST=$CONFIG_SECTION
|
||||||
|
ZONE_NAMES=
|
||||||
|
|
||||||
CUSTOM_CHAINS=1
|
CUSTOM_CHAINS=1
|
||||||
DEF_INPUT=DROP
|
DEF_INPUT=DROP
|
||||||
@@ -23,6 +24,25 @@ DEF_FORWARD=DROP
|
|||||||
CONNTRACK_ZONES=
|
CONNTRACK_ZONES=
|
||||||
NOTRACK_DISABLED=
|
NOTRACK_DISABLED=
|
||||||
|
|
||||||
|
add_state() {
|
||||||
|
local var="$1"
|
||||||
|
local item="$2"
|
||||||
|
|
||||||
|
local val="$(uci_get_state firewall core $var)"
|
||||||
|
uci_set_state firewall core $var "${val:+$val }$item"
|
||||||
|
}
|
||||||
|
|
||||||
|
del_state() {
|
||||||
|
local var="$1"
|
||||||
|
local item="$2"
|
||||||
|
|
||||||
|
local val=" $(uci_get_state firewall core $var) "
|
||||||
|
val="${val// $item / }"
|
||||||
|
val="${val# }"
|
||||||
|
val="${val% }"
|
||||||
|
uci_set_state firewall core $var "$val"
|
||||||
|
}
|
||||||
|
|
||||||
find_item() {
|
find_item() {
|
||||||
local item="$1"; shift
|
local item="$1"; shift
|
||||||
for i in "$@"; do
|
for i in "$@"; do
|
||||||
@@ -95,6 +115,8 @@ create_zone() {
|
|||||||
done
|
done
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
append ZONE_NAMES "$name"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -132,6 +154,8 @@ addif() {
|
|||||||
uci_set_state firewall core "${network}_ifname" "$ifname"
|
uci_set_state firewall core "${network}_ifname" "$ifname"
|
||||||
uci_set_state firewall core "${network}_zone" "$zone"
|
uci_set_state firewall core "${network}_zone" "$zone"
|
||||||
|
|
||||||
|
add_state "${zone}_networks" "$network"
|
||||||
|
|
||||||
ACTION=add ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall
|
ACTION=add ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -158,6 +182,8 @@ delif() {
|
|||||||
uci_revert_state firewall core "${network}_ifname"
|
uci_revert_state firewall core "${network}_ifname"
|
||||||
uci_revert_state firewall core "${network}_zone"
|
uci_revert_state firewall core "${network}_zone"
|
||||||
|
|
||||||
|
del_state "${zone}_networks" "$network"
|
||||||
|
|
||||||
ACTION=remove ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall
|
ACTION=remove ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -605,9 +631,22 @@ fw_init() {
|
|||||||
for interface in $INTERFACES; do
|
for interface in $INTERFACES; do
|
||||||
fw_event ifup "$interface"
|
fw_event ifup "$interface"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
uci_set_state firewall core zones "$ZONE_NAMES"
|
||||||
}
|
}
|
||||||
|
|
||||||
fw_stop() {
|
fw_stop() {
|
||||||
|
local z n i
|
||||||
|
config_get z core zones
|
||||||
|
for z in $z; do
|
||||||
|
config_get n core "${z}_networks"
|
||||||
|
for n in $n; do
|
||||||
|
config_get i core "${n}_ifname"
|
||||||
|
[ -n "$i" ] && env -i ACTION=remove ZONE="$z" INTERFACE="$n" DEVICE="$i" \
|
||||||
|
/sbin/hotplug-call firewall
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
fw_clear
|
fw_clear
|
||||||
$IPTABLES -P INPUT ACCEPT
|
$IPTABLES -P INPUT ACCEPT
|
||||||
$IPTABLES -P OUTPUT ACCEPT
|
$IPTABLES -P OUTPUT ACCEPT
|
||||||
|
|||||||
Reference in New Issue
Block a user