done
fw__rc() {
- export FW_${fam}_ERROR=$1
+ export FW_${fam#G}_ERROR=$1
return $1
}
shift
while [ "$1" != '}' ]; do
case "$1" in
- *.*.*.*) ip4=1 ;;
*:*) ip6=1 ;;
+ *.*.*.*) ip4=1 ;;
esac
shift
done
if [ $tab == '-' ]; then
type $app > /dev/null 2> /dev/null
fw__rc $(($? & 1))
- return
+ return
fi
local mod
- eval "mod=\$FW_${fam}_${tab}"
+ eval "mod=\$FW_${fam#G}_${tab}"
if [ "$mod" ]; then
fw__rc $mod
return
fi
case "$fam" in
- 4) mod=iptable_${tab} ;;
- 6) mod=ip6table_${tab} ;;
+ *4) mod=iptable_${tab} ;;
+ *6) mod=ip6table_${tab} ;;
*) mod=. ;;
esac
- grep "^${mod} " /proc/modules > /dev/null
+ grep -q "^${mod} " /proc/modules
mod=$?
export FW_${fam}_${tab}=$mod
fw__rc $mod
local app=
local pol=
case "$fam" in
- 4) app=iptables ;;
- 6) app=ip6tables ;;
+ *4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables || return ;;
+ *6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
i) fw__dualip "$@"; return ;;
I) fw__autoip "$@"; return ;;
e) app=ebtables ;;
return 0
fi
+ case "$fam" in
+ G*) shift; while [ $# -gt 0 ] && [ "$1" != "{" ]; do shift; done ;;
+ esac
+
if [ $# -gt 0 ]; then
shift
if [ $cmd == delete ]; then
pos=
fi
fi
+
+ local cmdline="$app --table ${tab} --${cmd} ${chn} ${pol} ${pos} ${tgt:+--jump "$tgt"}"
while [ $# -gt 1 ]; do
- echo -n "$1"
- echo -ne "\0"
+ case "$app:$1" in
+ ip6tables:--icmp-type) cmdline="$cmdline --icmpv6-type" ;;
+ ip6tables:icmp|ip6tables:ICMP) cmdline="$cmdline icmpv6" ;;
+ iptables:--icmpv6-type) cmdline="$cmdline --icmp-type" ;;
+ iptables:icmpv6) cmdline="$cmdline icmp" ;;
+ *) cmdline="$cmdline $1" ;;
+ esac
shift
- done | xargs -0 ${FW_TRACE:+-t} \
- $app --table ${tab} --${cmd} ${chn} ${pol} ${pos} ${tgt:+--jump "$tgt"}
+ done
+
+ [ -n "$FW_TRACE" ] && echo $cmdline >&2
+
+ $cmdline
+
fw__rc $?
}
fw_get_port_range() {
- local ports=$1
- local delim=${2:-:}
- if [ "$3" ]; then
- fw_get_port_range "${ports}-${3}" $delim
+ local _var=$1
+ local _ports=$2
+ local _delim=${3:-:}
+ if [ "$4" ]; then
+ fw_get_port_range $_var "${_ports}-${4}" $_delim
return
fi
- local first=${ports%-*}
- local last=${ports#*-}
- if [ "$first" != "$last" ]; then
- echo "$first$delim$last"
+ local _first=${_ports%-*}
+ local _last=${_ports#*-}
+ if [ "$_first" != "$_last" ]; then
+ export -- "$_var=$_first$_delim$_last"
else
- echo "$first"
+ export -- "$_var=$_first"
fi
}
+fw_get_family_mode() {
+ local _var="$1"
+ local _hint="$2"
+ local _zone="$3"
+ local _mode="$4"
+
+ local _ipv4 _ipv6
+ [ -n "$FW_ZONES4$FW_ZONES6" ] && {
+ list_contains FW_ZONES4 $_zone && _ipv4=1 || _ipv4=0
+ list_contains FW_ZONES6 $_zone && _ipv6=1 || _ipv6=0
+ } || {
+ _ipv4=$(uci_get_state firewall core ${_zone}_ipv4 0)
+ _ipv6=$(uci_get_state firewall core ${_zone}_ipv6 0)
+ }
+
+ case "$_hint:$_ipv4:$_ipv6" in
+ *4:1:*|*:1:0) export -n -- "$_var=G4" ;;
+ *6:*:1|*:0:1) export -n -- "$_var=G6" ;;
+ *) export -n -- "$_var=$_mode" ;;
+ esac
+}
+
+fw_get_negation() {
+ local _var="$1"
+ local _flag="$2"
+ local _ipaddr="$3"
+
+ [ "${_ipaddr#!}" != "$_ipaddr" ] && \
+ export -n -- "$_var=! $_flag ${_ipaddr#!}" || \
+ export -n -- "$_var=${_ipaddr:+$_flag $_ipaddr}"
+}
projects / openwrt.git / blobdiff