X-Git-Url: http://git.rohieb.name/openwrt.git/blobdiff_plain/d2f8ac6e8cd3c99fbb81cdf6324edece1b28d5c8..89c5fd59099bdfde01fdd09c1772f67911c0ea8c:/package/firewall/files/lib/fw.sh?ds=inline

diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index 72aa37c5b..86e817182 100644
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -51,8 +51,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
 		shift
 		while [ "$1" != '}' ]; do
 			case "$1" in
-				*.*.*.*) ip4=1 ;;
 				*:*) ip6=1 ;;
+				*.*.*.*) ip4=1 ;;
 			esac
 			shift
 		done
@@ -72,7 +72,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
 		if [ $tab == '-' ]; then
 			type $app > /dev/null 2> /dev/null
 			fw__rc $(($? & 1))
-			return 
+			return
 		fi
 		local mod
 		eval "mod=\$FW_${fam}_${tab}"
@@ -85,7 +85,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
 			6) mod=ip6table_${tab} ;;
 			*) mod=. ;;
 		esac
-		grep "^${mod} " /proc/modules > /dev/null
+		grep -q "^${mod} " /proc/modules
 		mod=$?
 		export FW_${fam}_${tab}=$mod
 		fw__rc $mod
@@ -100,8 +100,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
 	local app=
 	local pol=
 	case "$fam" in
-		4) app=iptables ;;
-		6) app=ip6tables ;;
+		4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables  || return ;;
+		6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
 		i) fw__dualip "$@"; return ;;
 		I) fw__autoip "$@"; return ;;
 		e) app=ebtables ;;
@@ -155,7 +155,14 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
 		fi
 	fi
 	while [ $# -gt 1 ]; do
-		echo -n  "$1"
+		case "$app:$1" in
+			ip6tables:--icmp-type) echo -n "--icmpv6-type" ;;
+			ip6tables:icmp|ip6tables:ICMP) echo -n "icmpv6" ;;
+			iptables:--icmpv6-type) echo -n "--icmp-type" ;;
+			iptables:icmpv6) echo -n "icmp" ;;
+			*:}|*:{) shift; continue ;;
+			*) echo -n "$1" ;;
+		esac
 		echo -ne "\0"
 		shift
 	done | xargs -0 ${FW_TRACE:+-t} \
@@ -180,3 +187,24 @@ fw_get_port_range() {
 	fi
 }
 
+fw_get_family_mode() {
+	local hint="$1"
+	local zone="$2"
+	local mode="$3"
+
+	local ipv4 ipv6
+	[ -n "$FW_ZONES4$FW_ZONES6" ] && {
+		list_contains FW_ZONES4 $zone && ipv4=1 || ipv4=0
+		list_contains FW_ZONES6 $zone && ipv6=1 || ipv6=0
+	} || {
+		ipv4=$(uci_get_state firewall core ${zone}_ipv4 0)
+		ipv6=$(uci_get_state firewall core ${zone}_ipv6 0)
+	}
+
+	case "$hint:$ipv4:$ipv6" in
+		*4:1:*|*:1:0) echo 4 ;;
+		*6:*:1|*:0:1) echo 6 ;;
+		*) echo $mode ;;
+	esac
+}
+