firewall3: update init.d script to make use of procd
add validation data Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 39617
This commit is contained in:
parent
f9f8948c6e
commit
15ebcfc04e
1 changed files with 49 additions and 9 deletions
|
@ -1,25 +1,65 @@
|
|||
#!/bin/sh /etc/rc.common
|
||||
|
||||
START=19
|
||||
USE_PROCD=1
|
||||
QUIET=""
|
||||
|
||||
boot() {
|
||||
# Be silent on boot, firewall might be started by hotplug already,
|
||||
# so don't complain in syslog.
|
||||
fw3 -q start
|
||||
validate_firewall_redirect()
|
||||
{
|
||||
uci_validate_section firewall redirect "${1}" \
|
||||
'proto:or("tcp", "udp", "tcpudp")' \
|
||||
'src:string' \
|
||||
'src_ip:ipaddr' \
|
||||
'src_dport:string' \
|
||||
'dest:string' \
|
||||
'dest_ip:ipaddr' \
|
||||
'dest_port:string' \
|
||||
'target:or("SNAT", "DNAT")'
|
||||
|
||||
return $?
|
||||
}
|
||||
|
||||
start() {
|
||||
fw3 start
|
||||
validate_firewall_rule()
|
||||
{
|
||||
uci_validate_section firewall rule "${1}" \
|
||||
'proto:string' \
|
||||
'src:string' \
|
||||
'dest:string' \
|
||||
'src_port:string' \
|
||||
'dest_port:string' \
|
||||
'target:string'
|
||||
|
||||
return $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
fw3 flush
|
||||
service_triggers() {
|
||||
procd_add_reload_trigger firewall
|
||||
|
||||
procd_open_validate
|
||||
validate_firewall_redirect
|
||||
validate_firewall_rule
|
||||
procd_close_validate
|
||||
}
|
||||
|
||||
restart() {
|
||||
fw3 restart
|
||||
}
|
||||
|
||||
reload() {
|
||||
start_service() {
|
||||
fw3 ${QUIET} start
|
||||
}
|
||||
|
||||
stop_service() {
|
||||
fw3 flush
|
||||
}
|
||||
|
||||
reload_service() {
|
||||
fw3 reload
|
||||
}
|
||||
|
||||
boot() {
|
||||
# Be silent on boot, firewall might be started by hotplug already,
|
||||
# so don't complain in syslog.
|
||||
QUIET=1
|
||||
start
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue