qi-hardware/openwrt-xburst
1
0
Fork 0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-24 07:51:55 +02:00
Code

firewall: fix zone defaults

Browse Source 
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18028 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
nbd 2009-10-11 02:42:22 +00:00
parent a06c93a428
commit adbb0c8af6
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
package/firewall/files/uci_firewall.sh
View File

@ -56,8 +56,6 @@ create_zone() {
$IPTABLES -N zone_$1_DROP $IPTABLES -N zone_$1_DROP
$IPTABLES -N zone_$1_REJECT $IPTABLES -N zone_$1_REJECT
$IPTABLES -N zone_$1_forward $IPTABLES -N zone_$1_forward
[ "$5" ] && $IPTABLES -A zone_$1_forward -j zone_$1_$5
[ "$3" ] && $IPTABLES -A zone_$1 -j zone_$1_$3
[ "$4" ] && $IPTABLES -A output -j zone_$1_$4 [ "$4" ] && $IPTABLES -A output -j zone_$1_$4
$IPTABLES -N zone_$1_nat -t nat $IPTABLES -N zone_$1_nat -t nat
$IPTABLES -N zone_$1_prerouting -t nat $IPTABLES -N zone_$1_prerouting -t nat
@ -66,6 +64,7 @@ create_zone() {
[ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX [ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX
} }
addif() { addif() {
local network="$1" local network="$1"
local ifname="$2" local ifname="$2"
@ -219,6 +218,22 @@ fw_defaults() {
fw_set_chain_policy FORWARD "$DEF_FORWARD" fw_set_chain_policy FORWARD "$DEF_FORWARD"
} }
fw_zone_defaults() {
local name
local network
local masq
config_get name $1 name
config_get network $1 network
config_get_bool masq $1 masq "0"
config_get_bool conntrack $1 conntrack "0"
config_get_bool mtu_fix $1 mtu_fix 0
load_policy $1
[ "$forward" ] && $IPTABLES -A zone_${name}_forward -j zone_${name}_${forward}
[ "$input" ] && $IPTABLES -A zone_${name} -j zone_${name}_${input}
}
fw_zone() { fw_zone() {
local name local name
local network local network
@ -446,6 +461,8 @@ fw_init() {
config_foreach fw_rule rule config_foreach fw_rule rule
echo "Loading includes" echo "Loading includes"
config_foreach fw_include include config_foreach fw_include include
echo "Loading zone defaults"
config_foreach fw_zone_defaults zone
uci_set_state firewall core loaded 1 uci_set_state firewall core loaded 1
config_foreach fw_check_notrack zone config_foreach fw_check_notrack zone
unset CONFIG_APPEND unset CONFIG_APPEND