firewall: allow multiple interfaces to be part of one zone, fix the sanity checks...
[openwrt.git] / package / firewall / files / 20-firewall
1 . /lib/firewall/uci_firewall.sh
2 unset ZONE
3 config_get ifname $INTERFACE ifname
4 [ "$ifname" == "lo" ] && exit 0
5
6 load_zones() {
7 local name
8 local network
9 config_get name $1 name
10 config_get network $1 network
11 [ -z "$network" ] && network=$name
12 for n in $network; do
13 [ "$n" = "$INTERFACE" ] && ZONE="$ZONE $name"
14 done
15 }
16
17 config_foreach load_zones zone
18
19 [ -z "$ZONE" ] && exit 0
20
21 [ ifup = "$ACTION" ] && {
22 for z in $ZONE; do
23 local loaded
24 config_get loaded core loaded
25 [ -n "$loaded" ] && addif "$INTERFACE" "$ifname" "$z"
26 done
27 }
28
29 [ ifdown = "$ACTION" ] && {
30 for z in $ZONE; do
31 local up
32 config_get up $z up
33 [ "$up" == "1" ] && delif "$INTERFACE" "$ifname" "$z"
34 done
35 }
This page took 0.045459 seconds and 5 git commands to generate.