echo "firewall already loaded" >&2
exit 1
}
+
uci_set_state firewall core "" firewall_state
fw_clear DROP
echo "Loading includes"
config_foreach fw_load_include include
- [ -n "$FW_NOTRACK_DISABLED" ] && {
+ [ -z "$FW_NOTRACK_DISABLED" ] && {
echo "Optimizing conntrack"
config_foreach fw_load_notrack_zone zone
}
fw_callback post core
+ uci_set_state firewall core zones "$FW_ZONES"
uci_set_state firewall core loaded 1
}
fw_callback pre stop
+ local z n i
+ config_get z core zones
+ for z in $z; do
+ config_get n core "${z}_networks"
+ for n in $n; do
+ config_get i core "${n}_ifname"
+ [ -n "$i" ] && env -i ACTION=remove ZONE="$z" \
+ INTERFACE="$n" DEVICE="$i" /sbin/hotplug-call firewall
+ done
+
+ config_get i core "${z}_tcpmss"
+ [ "$i" == 1 ] && {
+ fw del i m FORWARD zone_${z}_MSSFIX
+ fw del i m zone_${z}_MSSFIX
+ }
+ done
+
fw_clear ACCEPT
fw_callback post stop
uci_revert_state firewall
config_clear
+
+ local h
+ for h in $FW_HOOKS; do unset $h; done
+
+ unset FW_HOOKS
unset FW_INITIALIZED
}
}
fw_is_loaded() {
- local bool
- config_get_bool bool core loaded 0
- return $((! $bool))
+ local bool=$(uci_get_state firewall.core.loaded)
+ return $((! ${bool:-0}))
}
fw_log() {
local level="$1"
- [ -n "$2" ] || {
- shift
- level=notice
- }
+ [ -n "$2" ] && shift || level=notice
+ [ "$level" != error ] || echo "Error: $@" >&2
logger -t firewall -p user.$level "$@"
}
. $file
for hk in $hooks; do
for pp in pre post; do
- type ${lib}_${pp}_${hk}_cb >/dev/null &&
+ type ${lib}_${pp}_${hk}_cb >/dev/null && {
append FW_CB_${pp}_${hk} ${lib}
+ append FW_HOOKS FW_CB_${pp}_${hk}
+ }
done
done
done
projects / openwrt.git / blobdiff