fw_start() {
fw_init
- lock /var/lock/firewall.start
-
FW_DEFAULTS_APPLIED=
fw_is_loaded && {
echo "firewall already loaded" >&2
exit 1
}
+
uci_set_state firewall core "" firewall_state
fw_clear DROP
echo "Loading forwardings"
config_foreach fw_load_forwarding forwarding
- echo "Loading redirects"
- config_foreach fw_load_redirect redirect
-
echo "Loading rules"
config_foreach fw_load_rule rule
+ echo "Loading redirects"
+ config_foreach fw_load_redirect redirect
+
echo "Loading includes"
config_foreach fw_load_include include
- [ -n "$FW_NOTRACK_DISABLED" ] && {
+ [ -z "$FW_NOTRACK_DISABLED" ] && {
echo "Optimizing conntrack"
config_foreach fw_load_notrack_zone zone
}
fw_callback post core
+ uci_set_state firewall core zones "$FW_ZONES"
uci_set_state firewall core loaded 1
-
- lock -u /var/lock/firewall.start
}
fw_stop() {
fw_callback pre stop
+ local z n i
+ config_get z core zones
+ for z in $z; do
+ config_get n core "${z}_networks"
+ for n in $n; do
+ config_get i core "${n}_ifname"
+ [ -n "$i" ] && env -i ACTION=remove ZONE="$z" \
+ INTERFACE="$n" DEVICE="$i" /sbin/hotplug-call firewall
+ done
+
+ config_get i core "${z}_tcpmss"
+ [ "$i" == 1 ] && {
+ fw del i m FORWARD zone_${z}_MSSFIX
+ fw del i m zone_${z}_MSSFIX
+ }
+ done
+
fw_clear ACCEPT
fw_callback post stop
}
fw_is_loaded() {
- local bool=$(uci -q -P /var/state get firewall.core.loaded)
+ local bool=$(uci_get_state firewall.core.loaded)
return $((! ${bool:-0}))
}
fw_log() {
local level="$1"
- [ -n "$2" ] || {
- shift
- level=notice
- }
+ [ -n "$2" ] && shift || level=notice
+ [ "$level" != error ] || echo "Error: $@" >&2
logger -t firewall -p user.$level "$@"
}