qi-hardware/openwrt-xburst
1
0
Fork 0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2025-04-21 12:27:27 +03:00
Code Activity

[package] firewall:

Browse Source 
- fix processing of rules with an ip family option
	- append interface rules at the end of internal zone chains, simplifies injecting user or addon rules
	- support simple file logging (option log + option log_limit per zone)


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22847 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
jow
2010-08-31 01:54:08 +00:00
parent 366f063a6d
commit 94c817eadb
4 changed files with 63 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
package/firewall/files/lib/fw.sh
View File

@@ -36,7 +36,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
done
fw__rc() {
export FW_${fam}_ERROR=$1
export FW_${fam#G}_ERROR=$1
return $1
}
@@ -75,14 +75,14 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
return
fi
local mod
eval "mod=\$FW_${fam}_${tab}"
eval "mod=\$FW_${fam#G}_${tab}"
if [ "$mod" ]; then
fw__rc $mod
return
fi
case "$fam" in
4) mod=iptable_${tab} ;;
6) mod=ip6table_${tab} ;;
*4) mod=iptable_${tab} ;;
*6) mod=ip6table_${tab} ;;
*) mod=. ;;
esac
grep -q "^${mod} " /proc/modules
@@ -100,8 +100,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
local app=
local pol=
case "$fam" in
4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables || return ;;
6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
*4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables || return ;;
*6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
i) fw__dualip "$@"; return ;;
I) fw__autoip "$@"; return ;;
e) app=ebtables ;;
@@ -148,19 +148,23 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
return 0
fi
case "$fam" in
G*) shift; while [ "$1" != "{" ]; do shift; done ;;
esac
if [ $# -gt 0 ]; then
shift
if [ $cmd == delete ]; then
pos=
fi
fi
while [ $# -gt 1 ]; do
case "$app:$1" in
ip6tables:--icmp-type) echo -n "--icmpv6-type" ;;
ip6tables:icmp|ip6tables:ICMP) echo -n "icmpv6" ;;
iptables:--icmpv6-type) echo -n "--icmp-type" ;;
iptables:icmpv6) echo -n "icmp" ;;
*:}|*:{) shift; continue ;;
*) echo -n "$1" ;;
esac
echo -ne "\0"
@@ -202,8 +206,8 @@ fw_get_family_mode() {
}
case "$hint:$ipv4:$ipv6" in
*4:1:*|*:1:0) echo 4 ;;
*6:*:1|*:0:1) echo 6 ;;
*4:1:*|*:1:0) echo G4 ;;
*6:*:1|*:0:1) echo G6 ;;
*) echo $mode ;;
esac
}