projects / openwrt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add _GNU_SOURCE to CPPFLAGS required to include <bits/socket.h> on recent eglibc...
[openwrt.git] / package / firewall / files / uci_firewall.sh
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 263a33d..3c13631 100755 (executable)
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -56,9 +56,9 @@ create_zone() {
        $IPTABLES -N zone_$1_DROP
        $IPTABLES -N zone_$1_REJECT
        $IPTABLES -N zone_$1_forward
        $IPTABLES -N zone_$1_DROP
        $IPTABLES -N zone_$1_REJECT
        $IPTABLES -N zone_$1_forward
-       $IPTABLES -A zone_$1_forward -j zone_$1_$5
-       $IPTABLES -A zone_$1 -j zone_$1_$3
-       $IPTABLES -A output -j zone_$1_$4
+       [ "$5" ] && $IPTABLES -A zone_$1_forward -j zone_$1_$5
+       [ "$3" ] && $IPTABLES -A zone_$1 -j zone_$1_$3
+       [ "$4" ] && $IPTABLES -A output -j zone_$1_$4
        $IPTABLES -N zone_$1_nat -t nat
        $IPTABLES -N zone_$1_prerouting -t nat
        $IPTABLES -t raw -N zone_$1_notrack
        $IPTABLES -N zone_$1_nat -t nat
        $IPTABLES -N zone_$1_prerouting -t nat
        $IPTABLES -t raw -N zone_$1_notrack
@@ -96,6 +96,7 @@ addif() {
        $IPTABLES -t raw -I PREROUTING 1 -i "$ifname" -j zone_${zone}_notrack
        uci_set_state firewall core "${network}_ifname" "$ifname"
        uci_set_state firewall core "${network}_zone" "$zone"
        $IPTABLES -t raw -I PREROUTING 1 -i "$ifname" -j zone_${zone}_notrack
        uci_set_state firewall core "${network}_ifname" "$ifname"
        uci_set_state firewall core "${network}_zone" "$zone"
+       ACTION=add ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall
 }
 
 delif() {
 }
 
 delif() {
@@ -117,6 +118,7 @@ delif() {
        $IPTABLES -D forward -i "$ifname" -j zone_${zone}_forward
        uci_revert_state firewall core "${network}_ifname"
        uci_revert_state firewall core "${network}_zone"
        $IPTABLES -D forward -i "$ifname" -j zone_${zone}_forward
        uci_revert_state firewall core "${network}_ifname"
        uci_revert_state firewall core "${network}_zone"
+       ACTION=remove ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall
 }
 
 load_synflood() {
 }
 
 load_synflood() {
@@ -243,6 +245,7 @@ fw_rule() {
        local dest_ip
        local dest_port
        local proto
        local dest_ip
        local dest_port
        local proto
+       local icmp_type
        local target
        local ruleset
 
        local target
        local ruleset
 
@@ -254,6 +257,7 @@ fw_rule() {
        config_get dest_ip $1 dest_ip
        config_get dest_port $1 dest_port
        config_get proto $1 proto
        config_get dest_ip $1 dest_ip
        config_get dest_port $1 dest_port
        config_get proto $1 proto
+       config_get icmp_type $1 icmp_type
        config_get target $1 target
        config_get ruleset $1 ruleset
 
        config_get target $1 target
        config_get ruleset $1 ruleset
 
@@ -276,6 +280,7 @@ fw_rule() {
        add_rule() {
                $IPTABLES -I $ZONE 1 \
                        ${proto:+-p $proto} \
        add_rule() {
                $IPTABLES -I $ZONE 1 \
                        ${proto:+-p $proto} \
+                       ${icmp_type:+--icmp-type $icmp_type} \
                        ${src_ip:+-s $src_ip} \
                        ${src_port:+--sport $src_port} \
                        ${src_mac:+-m mac --mac-source $src_mac} \
                        ${src_ip:+-s $src_ip} \
                        ${src_port:+--sport $src_port} \
                        ${src_mac:+-m mac --mac-source $src_mac} \
Personal OpenWRT clone
This page took 0.02097 seconds and 4 git commands to generate.