From 4905eac3af7551044a074d4d7c3894c34488fd65 Mon Sep 17 00:00:00 2001 From: blogic Date: Mon, 11 Aug 2008 20:46:17 +0000 Subject: [PATCH] uci firewall - remove implicit creation of zones, based on network interfaces git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12281 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/firewall/files/new/20-firewall | 4 +--- package/firewall/files/new/uci_firewall.sh | 6 ------ 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/package/firewall/files/new/20-firewall b/package/firewall/files/new/20-firewall index a8ce17c97..217e3f66b 100644 --- a/package/firewall/files/new/20-firewall +++ b/package/firewall/files/new/20-firewall @@ -20,9 +20,7 @@ load_zones() { config_foreach load_zones zone -IFACE=$(find_config $INTERFACE) -[ -n "$IFACE" ] && - list_contains ZONE $IFACE || ZONE="$ZONE $IFACE" +[ -z "$ZONE" ] && exit 0 [ ifup = "$ACTION" ] && { for z in $ZONE; do diff --git a/package/firewall/files/new/uci_firewall.sh b/package/firewall/files/new/uci_firewall.sh index dcb9c100b..e1683e9cf 100755 --- a/package/firewall/files/new/uci_firewall.sh +++ b/package/firewall/files/new/uci_firewall.sh @@ -91,10 +91,6 @@ load_synflood() { $IPTABLES -A INPUT -p tcp --syn -j SYN_FLOOD } -create_network_zone() { - create_zone "$1" "$1" -} - fw_defaults() { load_policy $1 DEF_INPUT=$input @@ -261,8 +257,6 @@ fw_init() { config_foreach fw_defaults defaults echo "Loading zones" config_foreach fw_zone zone - echo "Loading interfaces" - config_foreach create_network_zone interface echo "Loading rules" config_foreach fw_rule rule echo "Loading forwarding"