done
fw__rc() {
- export FW_${fam}_ERROR=$1
+ export FW_${fam#G}_ERROR=$1
return $1
}
return
fi
local mod
- eval "mod=\$FW_${fam}_${tab}"
+ eval "mod=\$FW_${fam#G}_${tab}"
if [ "$mod" ]; then
fw__rc $mod
return
fi
case "$fam" in
- 4) mod=iptable_${tab} ;;
- 6) mod=ip6table_${tab} ;;
+ *4) mod=iptable_${tab} ;;
+ *6) mod=ip6table_${tab} ;;
*) mod=. ;;
esac
grep -q "^${mod} " /proc/modules
local app=
local pol=
case "$fam" in
- 4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables || return ;;
- 6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
+ *4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables || return ;;
+ *6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
i) fw__dualip "$@"; return ;;
I) fw__autoip "$@"; return ;;
e) app=ebtables ;;
return 0
fi
+ case "$fam" in
+ G*) shift; while [ $# -gt 0 ] && [ "$1" != "{" ]; do shift; done ;;
+ esac
+
if [ $# -gt 0 ]; then
shift
if [ $cmd == delete ]; then
pos=
fi
fi
+
+ local cmdline="$app --table ${tab} --${cmd} ${chn} ${pol} ${pos} ${tgt:+--jump "$tgt"}"
while [ $# -gt 1 ]; do
case "$app:$1" in
- ip6tables:--icmp-type) echo -n "--icmpv6-type" ;;
- ip6tables:icmp|ip6tables:ICMP) echo -n "icmpv6" ;;
- iptables:--icmpv6-type) echo -n "--icmp-type" ;;
- iptables:icmpv6) echo -n "icmp" ;;
- *:}|*:{) shift; continue ;;
- *) echo -n "$1" ;;
+ ip6tables:--icmp-type) cmdline="$cmdline --icmpv6-type" ;;
+ ip6tables:icmp|ip6tables:ICMP) cmdline="$cmdline icmpv6" ;;
+ iptables:--icmpv6-type) cmdline="$cmdline --icmp-type" ;;
+ iptables:icmpv6) cmdline="$cmdline icmp" ;;
+ *) cmdline="$cmdline $1" ;;
esac
- echo -ne "\0"
shift
- done | xargs -0 ${FW_TRACE:+-t} \
- $app --table ${tab} --${cmd} ${chn} ${pol} ${pos} ${tgt:+--jump "$tgt"}
+ done
+
+ [ -n "$FW_TRACE" ] && echo $cmdline >&2
+
+ $cmdline
+
fw__rc $?
}
fw_get_port_range() {
- local ports=$1
- local delim=${2:-:}
- if [ "$3" ]; then
- fw_get_port_range "${ports}-${3}" $delim
+ local _var=$1
+ local _ports=$2
+ local _delim=${3:-:}
+ if [ "$4" ]; then
+ fw_get_port_range $_var "${_ports}-${4}" $_delim
return
fi
- local first=${ports%-*}
- local last=${ports#*-}
- if [ "$first" != "$last" ]; then
- echo "$first$delim$last"
+ local _first=${_ports%-*}
+ local _last=${_ports#*-}
+ if [ "$_first" != "$_last" ]; then
+ export -- "$_var=$_first$_delim$_last"
else
- echo "$first"
+ export -- "$_var=$_first"
fi
}
fw_get_family_mode() {
- local hint="$1"
- local zone="$2"
- local mode="$3"
+ local _var="$1"
+ local _hint="$2"
+ local _zone="$3"
+ local _mode="$4"
- local ipv4 ipv6
+ local _ipv4 _ipv6
[ -n "$FW_ZONES4$FW_ZONES6" ] && {
- list_contains FW_ZONES4 $zone && ipv4=1 || ipv4=0
- list_contains FW_ZONES6 $zone && ipv6=1 || ipv6=0
+ list_contains FW_ZONES4 $_zone && _ipv4=1 || _ipv4=0
+ list_contains FW_ZONES6 $_zone && _ipv6=1 || _ipv6=0
} || {
- ipv4=$(uci_get_state firewall core ${zone}_ipv4 0)
- ipv6=$(uci_get_state firewall core ${zone}_ipv6 0)
+ _ipv4=$(uci_get_state firewall core ${_zone}_ipv4 0)
+ _ipv6=$(uci_get_state firewall core ${_zone}_ipv6 0)
}
- case "$hint:$ipv4:$ipv6" in
- *4:1:*|*:1:0) echo 4 ;;
- *6:*:1|*:0:1) echo 6 ;;
- *) echo $mode ;;
+ case "$_hint:$_ipv4:$_ipv6" in
+ *4:1:*|*:1:0) export -n -- "$_var=G4" ;;
+ *6:*:1|*:0:1) export -n -- "$_var=G6" ;;
+ *) export -n -- "$_var=$_mode" ;;
esac
}
+fw_get_negation() {
+ local _var="$1"
+ local _flag="$2"
+ local _ipaddr="$3"
+
+ [ "${_ipaddr#!}" != "$_ipaddr" ] && \
+ export -n -- "$_var=! $_flag ${_ipaddr#!}" || \
+ export -n -- "$_var=${_ipaddr:+$_flag $_ipaddr}"
+}
projects / openwrt.git / blobdiff