KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

firewall (#7355) - partially revert r21486, start firewall on init again - skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision

Browse source 
SVN-Revision: 21502
This commit is contained in:
Jo-Philipp Wich 2010-05-19 00:50:14 +00:00
parent 91519d51e9
commit c6fdffd932
5 changed files with 12 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
package/firewall/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall PKG_NAME:=firewall
PKG_VERSION:=2 PKG_VERSION:=2
PKG_RELEASE:=2 PKG_RELEASE:=3
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk

16
package/firewall/files/firewall.hotplug
View file

@ -3,26 +3,20 @@
# HOTPLUG_TYPE=iface, triggered by various scripts when an interface # HOTPLUG_TYPE=iface, triggered by various scripts when an interface
# is configured (ACTION=ifup) or deconfigured (ACTION=ifdown). The # is configured (ACTION=ifup) or deconfigured (ACTION=ifdown). The
# interface is available as INTERFACE, the real device as DEVICE. # interface is available as INTERFACE, the real device as DEVICE.
. /etc/functions.sh
[ "$DEVICE" == "lo" ] && exit 0 [ "$DEVICE" == "lo" ] && exit 0
. /etc/functions.sh
. /lib/firewall/core.sh . /lib/firewall/core.sh
fw_init
# Wait for firewall if startup is in progress fw_init
lock -w /var/lock/firewall.start fw_is_loaded || exit 0
case "$ACTION" in case "$ACTION" in
ifup) ifup)
fw_is_loaded && { fw_configure_interface "$INTERFACE" add "$DEVICE" &
fw_configure_interface "$INTERFACE" add "$DEVICE" &
} || {
/etc/init.d/firewall enabled && fw_start &
}
;; ;;
ifdown) ifdown)
fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" & fw_configure_interface "$INTERFACE" del "$DEVICE" &
;; ;;
esac esac

4
package/firewall/files/firewall.init
View file

@ -1,5 +1,5 @@
#!/bin/sh /etc/rc.common #!/bin/sh /etc/rc.common
# Copyright (C) 2008 OpenWrt.org # Copyright (C) 2008-2010 OpenWrt.org
START=45 START=45
@ -10,8 +10,6 @@ fw() {
fw_$1 fw_$1
} }
boot() { :; }
start() { start() {
fw start fw start
} }

5
package/firewall/files/lib/core.sh
View file

@ -15,8 +15,6 @@ fw_start() {
exit 1 exit 1
} }
lock /var/lock/firewall.start
uci_set_state firewall core "" firewall_state uci_set_state firewall core "" firewall_state
fw_clear DROP fw_clear DROP
@ -52,8 +50,6 @@ fw_start() {
fw_callback post core fw_callback post core
uci_set_state firewall core loaded 1 uci_set_state firewall core loaded 1
lock -u /var/lock/firewall.start
} }
fw_stop() { fw_stop() {
@ -94,7 +90,6 @@ fw_die() {
echo "Error:" "$@" >&2 echo "Error:" "$@" >&2
fw_log error "$@" fw_log error "$@"
fw_stop fw_stop
lock -u /var/lock/firewall.start
exit 1 exit 1
} }

12
package/firewall/files/lib/core_interface.sh
View file

@ -5,14 +5,12 @@ fw_configure_interface() {
local action=$2 local action=$2
local ifname=$3 local ifname=$3
local status; [ "$action" == "add" ] && {
config_get_bool status "$iface" up "0" local status=$(uci_get_state network "$iface" up 0)
[ "$status" == 1 ] || return 0 [ "$status" == 1 ] || return 0
[ -n "$ifname" ] || {
config_get ifname "$iface" ifname
ifname=${ifname:-$iface}
} }
[ -n "$ifname" ] || ifname=$(uci_get_state network "$iface" ifname "$iface")
[ "$ifname" == "lo" ] && return 0 [ "$ifname" == "lo" ] && return 0
fw_callback pre interface fw_callback pre interface