mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-12-25 23:57:21 +02:00
8e2cf077d0
- iptbales and netfilter packages need to be rewrapped when we switch to this firewall as default - there are some examples in the file /etc/config/firewall - iptables-save/restore are still missing - hotplug takes care of adding/removing netdevs during runtime - misisng features ? wishes ? let me know ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12089 3c298f89-4303-0410-b956-a3cf2f4a3e73
42 lines
842 B
Plaintext
42 lines
842 B
Plaintext
. /lib/firewall/uci_firewall.sh
|
|
unset ZONE
|
|
config_get ifname $INTERFACE ifname
|
|
INTERFACE=$ifname
|
|
[ "$INTERFACE" == "lo" ] && exit 0
|
|
load_zones() {
|
|
local name
|
|
local network
|
|
config_get name $1 name
|
|
config_get network $1 network
|
|
[ -z "$network" ] && return
|
|
for n in $network; do
|
|
local ifname
|
|
config_get ifname $n ifname
|
|
list_contains ifname $INTERFACE && {
|
|
list_contains ZONE $name || ZONE="$ZONE $name"
|
|
}
|
|
done
|
|
}
|
|
|
|
config_foreach load_zones zone
|
|
|
|
IFACE=$(find_config $INTERFACE)
|
|
[ -n "$IFACE" ] &&
|
|
list_contains ZONE $IFACE || ZONE="$ZONE $IFACE"
|
|
|
|
[ ifup = "$ACTION" ] && {
|
|
for z in $ZONE; do
|
|
local loaded
|
|
config_get loaded core loaded
|
|
[ -n "$loaded" ] && addif $INTERFACE $z
|
|
done
|
|
}
|
|
|
|
[ ifdown = "$ACTION" ] && {
|
|
for z in $ZONE; do
|
|
local up
|
|
config_get up $z up
|
|
[ "$up" == "1" ] && delif $INTERFACE $z
|
|
done
|
|
}
|