local var="$1"
local item="$2"
- local val="$(uci_get_state firewall core $var)"
+ local val=" $(uci_get_state firewall core $var) "
+ val="${val// $item / }"
+ val="${val# }"
+ val="${val% }"
+ uci_revert_state firewall core $var
uci_set_state firewall core $var "${val:+$val }$item"
}
val="${val// $item / }"
val="${val# }"
val="${val% }"
+ uci_revert_state firewall core $var
uci_set_state firewall core $var "$val"
}
# Need v4 while zone is v6
*/*.*) fw_log info "zone $zone does not support IPv4 address family, skipping"; return ;;
+
+ # Strip prefix
+ *) mode="${mode#G}" ;;
esac
+ lock /var/run/firewall-interface.lock
+
fw $action $mode f ${chain}_ACCEPT ACCEPT $ { -o "$ifname" $onet }
fw $action $mode f ${chain}_ACCEPT ACCEPT $ { -i "$ifname" $inet }
fw $action $mode f ${chain}_DROP DROP $ { -o "$ifname" $onet }
fw $action $mode n PREROUTING ${chain}_prerouting $ { -i "$ifname" $inet }
fw $action $mode r PREROUTING ${chain}_notrack $ { -i "$ifname" $inet }
fw $action $mode n POSTROUTING ${chain}_nat $ { -o "$ifname" $onet }
+
+ lock -u /var/run/firewall-interface.lock
}
local old_zones old_ifname old_subnets