firewall: emit hotplug events for interface add/remove

[openwrt.git] / package / firewall / files / uci_firewall.sh

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 263a33d..44dd48b 100755 (executable)
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -96,6 +96,7 @@ addif() {
        $IPTABLES -t raw -I PREROUTING 1 -i "$ifname" -j zone_${zone}_notrack
        uci_set_state firewall core "${network}_ifname" "$ifname"
        uci_set_state firewall core "${network}_zone" "$zone"
+       ACTION=add ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall
 }
 
 delif() {
@@ -117,6 +118,7 @@ delif() {
        $IPTABLES -D forward -i "$ifname" -j zone_${zone}_forward
        uci_revert_state firewall core "${network}_ifname"
        uci_revert_state firewall core "${network}_zone"
+       ACTION=remove ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall
 }
 
 load_synflood() {
@@ -243,6 +245,7 @@ fw_rule() {
        local dest_ip
        local dest_port
        local proto
+       local icmp_type
        local target
        local ruleset
 
@@ -254,6 +257,7 @@ fw_rule() {
        config_get dest_ip $1 dest_ip
        config_get dest_port $1 dest_port
        config_get proto $1 proto
+       config_get icmp_type $1 icmp_type
        config_get target $1 target
        config_get ruleset $1 ruleset
 
@@ -276,6 +280,7 @@ fw_rule() {
        add_rule() {
                $IPTABLES -I $ZONE 1 \
                        ${proto:+-p $proto} \
+                       ${icmp_type:+--icmp-type $icmp_type} \
                        ${src_ip:+-s $src_ip} \
                        ${src_port:+--sport $src_port} \
                        ${src_mac:+-m mac --mac-source $src_mac} \