projects / openwrt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[package] firewall: don't filter IPv4 ICMP types (#10928)
[openwrt.git] / package / firewall / files / lib / fw.sh
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index 647bcd6..76e294f 100644 (file)
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -74,21 +74,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
                        fw__rc $(($? & 1))
                        return
                fi
-               local mod
-               eval "mod=\$FW_${fam#G}_${tab}"
-               if [ "$mod" ]; then
-                       fw__rc $mod
-                       return
-               fi
-               case "$fam" in
-                       *4) mod=iptable_${tab} ;;
-                       *6) mod=ip6table_${tab} ;;
-                       *) mod=. ;;
-               esac
-               grep -q "^${mod} " /proc/modules
-               mod=$?
-               export FW_${fam}_${tab}=$mod
-               fw__rc $mod
+               [ "$app" != ip6tables ] || [ "$tab" != nat ]
+               fw__rc $?
        }
 
        fw__err() {
@@ -166,7 +153,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
        while [ $# -gt 1 ]; do
                # special parameter handling
                case "$1:$2" in
-                       -p:icmp*|--protocol:icmp*)
+                       -p:icmp*|-p:1|-p:58|--protocol:icmp*|--protocol:1|--protocol:58)
                                [ "$app" = ip6tables ] && \
                                        cmdline="$cmdline -p icmpv6" || \
                                        cmdline="$cmdline -p icmp"
@@ -225,12 +212,17 @@ fw_get_family_mode() {
        local _mode="$4"
 
        local _ipv4 _ipv6
-       [ -n "$FW_ZONES4$FW_ZONES6" ] && {
-               list_contains FW_ZONES4 $_zone && _ipv4=1 || _ipv4=0
-               list_contains FW_ZONES6 $_zone && _ipv6=1 || _ipv6=0
+       [ "$_zone" != "*" ] && {
+               [ -n "$FW_ZONES4$FW_ZONES6" ] && {
+                       list_contains FW_ZONES4 "$_zone" && _ipv4=1 || _ipv4=0
+                       list_contains FW_ZONES6 "$_zone" && _ipv6=1 || _ipv6=0
+               } || {
+                       _ipv4=$(uci_get_state firewall core "${_zone}_ipv4" 0)
+                       _ipv6=$(uci_get_state firewall core "${_zone}_ipv6" 0)
+               }
        } || {
-               _ipv4=$(uci_get_state firewall core ${_zone}_ipv4 0)
-               _ipv6=$(uci_get_state firewall core ${_zone}_ipv6 0)
+               _ipv4=1
+               _ipv6=1
        }
 
        case "$_hint:$_ipv4:$_ipv6" in
@@ -263,9 +255,12 @@ fw_get_subnet4() {
                        [ "${_name#!}" != "$_name" ] && \
                                export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \
                                export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}"
+                       return 0
                ;;
-               *) export -n -- "$_var=" ;;
        esac
+
+       export -n -- "$_var="
+       return 1
 }
 
 fw_check_icmptype4() {
@@ -280,10 +275,7 @@ fw_check_icmptype4() {
                export FW_ICMP4_TYPES=$(
                        iptables -p icmp -h 2>/dev/null | \
                        sed -n -e '/^Valid ICMP Types:/ {
-                               n; :r;
-                               /router-advertisement/d;
-                               /router-solicitation/d;
-                               s/[()]/ /g; s/[[:space:]]\+/\n/g; p; n; b r
+                               n; :r; s/[()]/ /g; s/[[:space:]]\+/\n/g; p; n; b r
                        }' | sort -u
                )
 
Personal OpenWRT clone
This page took 0.030286 seconds and 4 git commands to generate.