change defaults to check for configure script (avoids defining a null rule otherwise)
[openwrt.git] / package / iptables / files / firewall.awk
1 BEGIN {
2 print "proto=\"$wan_proto\""
3 print "[ -z \"$proto\" -o \"$proto\" = \"none\" ] && exit"
4 print "ifname=\"$wan_ifname\""
5 print "[ -z \"$ifname\" ] && exit"
6 print ""
7 print "iptables -X input_$ifname 2>&- >&-"
8 print "iptables -N input_$ifname"
9 print "iptables -X forward_$ifname 2>&- >&-"
10 print "iptables -N forward_$ifname"
11 print "iptables -t nat -X prerouting_$ifname 2>&- >&-"
12 print "iptables -t nat -N prerouting_$ifname"
13 print ""
14 print "iptables -A input_rule -i \"$ifname\" -j input_$ifname"
15 print "iptables -A forwarding_rule -i \"$ifname\" -j forward_$ifname"
16 print "iptables -t nat -A prerouting_rule -i \"$ifname\" -j prerouting_$ifname"
17 print ""
18 FS=":"
19 }
20
21 ($1 == "accept") || ($1 == "drop") || ($1 == "forward") {
22 delete _opt
23 str2data($2)
24 if ((_l["proto"] == "") && (_l["sport"] _l["dport"] != "")) {
25 _opt[0] = " -p tcp"
26 _opt[1] = " -p udp"
27 } else {
28 _opt[0] = ""
29 }
30 }
31
32 ($1 == "accept") {
33 target = " -j ACCEPT"
34 for (o in _opt) {
35 print "iptables -t nat -A prerouting_$ifname" _opt[o] str2ipt($2) target
36 print "iptables -A input_$ifname " _opt[o] str2ipt($2) target
37 print ""
38 }
39 }
40
41 ($1 == "drop") {
42 for (o in _opt) {
43 print "iptables -t nat -A prerouting_$ifname" _opt[o] str2ipt($2) " -j DROP"
44 print ""
45 }
46 }
47
48 ($1 == "forward") {
49 target = " -j DNAT --to " $3
50 fwopts = ""
51 if ($4 != "") {
52 if ((_l["proto"] == "tcp") || (_l["proto"] == "udp") || (_l["proto"] == "")) {
53 if (_l["proto"] != "") fwopts = " -p " _l["proto"]
54 fwopts = fwopts " --dport " $4
55 target = target ":" $4
56 }
57 else fwopts = ""
58 }
59 for (o in _opt) {
60 print "iptables -t nat -A prerouting_$ifname" _opt[o] str2ipt($2) target
61 print "iptables -A forward_$ifname " _opt[o] " -d " $3 fwopts " -j ACCEPT"
62 print ""
63 }
64 }
This page took 0.056372 seconds and 5 git commands to generate.