KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

firewall: get rid of recursive shell script inclusion to improve hush compatibility

Browse source 
SVN-Revision: 18716
This commit is contained in:
Felix Fietkau 2009-12-09 14:04:37 +00:00
parent f1649982e2
commit 74cbcc9ee5
2 changed files with 46 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
package/firewall/files/20-firewall
View file

@ -2,35 +2,4 @@
unset ZONE unset ZONE
config_get ifname $INTERFACE ifname config_get ifname $INTERFACE ifname
[ "$ifname" == "lo" ] && exit 0 [ "$ifname" == "lo" ] && exit 0
fw_event "$ACTION" "$INTERFACE"
load_zones() {
local name
local network
config_get name $1 name
config_get network $1 network
[ -z "$network" ] && network=$name
for n in $network; do
[ "$n" = "$INTERFACE" ] && ZONE="$ZONE $name"
done
}
config_foreach load_zones zone
[ -z "$ZONE" ] && exit 0
[ ifup = "$ACTION" ] && {
for z in $ZONE; do
local loaded
config_get loaded core loaded
[ -n "$loaded" ] && addif "$INTERFACE" "$ifname" "$z"
done
}
[ ifdown = "$ACTION" ] && {
local up
config_get up "$INTERFACE" up
for z in $ZONE; do
[ "$up" == "1" ] && delif "$INTERFACE" "$ifname" "$z"
done
}

50
package/firewall/files/uci_firewall.sh
View file

@ -402,13 +402,52 @@ fw_include() {
[ -e $path ] && . $path [ -e $path ] && . $path
} }
get_interface_zones() {
local interface="$2"
local name
local network
config_get name $1 name
config_get network $1 network
[ -z "$network" ] && network=$name
for n in $network; do
[ "$n" = "$interface" ] && append add_zone "$name"
done
}
fw_event() {
local action="$1"
local interface="$2"
local ifname="$(sh -c ". /etc/functions.sh; config_load network; config_get "$interface" ifname")"
local up
[ -z "$ifname" ] && return 0
config_foreach get_interface_zones zone "$interface"
[ -z "$add_zone" ] && return 0
case "$action" in
ifup)
for z in $add_zone; do
local loaded
config_get loaded core loaded
[ -n "$loaded" ] && addif "$interface" "$ifname" "$z"
done
;;
ifdown)
config_get up "$interface" up
for z in $ZONE; do
[ "$up" == "1" ] && delif "$interface" "$ifname" "$z"
done
;;
esac
}
fw_addif() { fw_addif() {
local up local up
local ifname local ifname
config_get up $1 up config_get up $1 up
config_get ifname $1 ifname
[ -n "$up" ] || return 0 [ -n "$up" ] || return 0
(ACTION="ifup" INTERFACE="$1" . /etc/hotplug.d/iface/20-firewall) fw_event ifup "$1"
} }
fw_custom_chains() { fw_custom_chains() {
@ -465,9 +504,10 @@ fw_init() {
config_foreach fw_zone_defaults zone config_foreach fw_zone_defaults zone
uci_set_state firewall core loaded 1 uci_set_state firewall core loaded 1
config_foreach fw_check_notrack zone config_foreach fw_check_notrack zone
unset CONFIG_APPEND INTERFACES="$(sh -c '. /etc/functions.sh; config_load network; config_foreach echo interface')"
config_load network for interface in $INTERFACES; do
config_foreach fw_addif interface fw_addif "$interface"
done
} }
fw_stop() { fw_stop() {