projects / openwrt.git / blob
? search:


2178e0505c81267909a879c43f529b9cdd2fe3e7
[openwrt.git] / package / firewall / files / lib / core.sh
1 # Copyright (C) 2009-2010 OpenWrt.org
2
3 FW_LIBDIR=${FW_LIBDIR:-/lib/firewall}
4
5 . $FW_LIBDIR/fw.sh
6 include /lib/network
7
8 fw_start() {
9 fw_init
10
11 FW_DEFAULTS_APPLIED=
12
13 fw_is_loaded && {
14 echo "firewall already loaded" >&2
15 exit 1
16 }
17
18 uci_set_state firewall core "" firewall_state
19
20 fw_clear DROP
21
22 fw_callback pre core
23
24 echo "Loading defaults"
25 fw_config_once fw_load_defaults defaults
26
27 echo "Loading zones"
28 config_foreach fw_load_zone zone
29
30 echo "Loading forwardings"
31 config_foreach fw_load_forwarding forwarding
32
33 echo "Loading redirects"
34 config_foreach fw_load_redirect redirect
35
36 echo "Loading rules"
37 config_foreach fw_load_rule rule
38
39 echo "Loading includes"
40 config_foreach fw_load_include include
41
42 [ -z "$FW_NOTRACK_DISABLED" ] && {
43 echo "Optimizing conntrack"
44 config_foreach fw_load_notrack_zone zone
45 }
46
47 echo "Loading interfaces"
48 config_foreach fw_configure_interface interface add
49
50 fw_callback post core
51
52 uci_set_state firewall core zones "$FW_ZONES"
53 uci_set_state firewall core loaded 1
54 }
55
56 fw_stop() {
57 fw_init
58
59 fw_callback pre stop
60
61 local old_zones z
62 config_get old_zones core zones
63 for z in $old_zones; do
64 local old_networks n i
65 config_get old_networks core "${z}_networks"
66 for n in $old_networks; do
67 config_get i core "${n}_ifname"
68 [ -n "$i" ] && env -i ACTION=remove ZONE="$z" \
69 INTERFACE="$n" DEVICE="$i" \
70 /sbin/hotplug-call firewall
71 done
72 done
73
74 fw_clear ACCEPT
75
76 fw_callback post stop
77
78 uci_revert_state firewall
79 config_clear
80
81 local h
82 for h in $FW_HOOKS; do unset $h; done
83
84 unset FW_HOOKS
85 unset FW_INITIALIZED
86 }
87
88 fw_restart() {
89 fw_stop
90 fw_start
91 }
92
93 fw_reload() {
94 fw_restart
95 }
96
97 fw_is_loaded() {
98 local bool=$(uci_get_state firewall.core.loaded)
99 return $((! ${bool:-0}))
100 }
101
102
103 fw_die() {
104 echo "Error:" "$@" >&2
105 fw_log error "$@"
106 fw_stop
107 exit 1
108 }
109
110 fw_log() {
111 local level="$1"
112 [ -n "$2" ] || {
113 shift
114 level=notice
115 }
116 logger -t firewall -p user.$level "$@"
117 }
118
119
120 fw_init() {
121 [ -z "$FW_INITIALIZED" ] || return 0
122
123 . $FW_LIBDIR/config.sh
124
125 scan_interfaces
126 fw_config_append firewall
127
128 local hooks="core stop defaults zone notrack synflood"
129 local file lib hk pp
130 for file in $FW_LIBDIR/core_*.sh; do
131 . $file
132 hk=$(basename $file .sh)
133 hk=${hk#core_}
134 append hooks $hk
135 done
136 for file in $FW_LIBDIR/*.sh; do
137 lib=$(basename $file .sh)
138 lib=${lib##[0-9][0-9]_}
139 case $lib in
140 core*|fw|config|uci_firewall) continue ;;
141 esac
142 . $file
143 for hk in $hooks; do
144 for pp in pre post; do
145 type ${lib}_${pp}_${hk}_cb >/dev/null && {
146 append FW_CB_${pp}_${hk} ${lib}
147 append FW_HOOKS FW_CB_${pp}_${hk}
148 }
149 done
150 done
151 done
152
153 fw_callback post init
154
155 FW_INITIALIZED=1
156 return 0
157 }
Personal OpenWRT clone
This page took 0.04557 seconds and 3 git commands to generate.