X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/0b44419f282bff17b9504da361910edc9c6f7758..271da7f4e93492f377c0fcf25def4591d60b9fbc:/package/firewall/files/lib/core.sh diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh index 5f06ffe3f..c38359781 100644 --- a/package/firewall/files/lib/core.sh +++ b/package/firewall/files/lib/core.sh @@ -15,8 +15,6 @@ fw_start() { exit 1 } - lock /var/lock/firewall.start - uci_set_state firewall core "" firewall_state fw_clear DROP @@ -41,7 +39,7 @@ fw_start() { echo "Loading includes" config_foreach fw_load_include include - [ -n "$FW_NOTRACK_DISABLED" ] && { + [ -z "$FW_NOTRACK_DISABLED" ] && { echo "Optimizing conntrack" config_foreach fw_load_notrack_zone zone } @@ -51,9 +49,8 @@ fw_start() { fw_callback post core + uci_set_state firewall core zones "$FW_ZONES" uci_set_state firewall core loaded 1 - - lock -u /var/lock/firewall.start } fw_stop() { @@ -61,6 +58,17 @@ fw_stop() { fw_callback pre stop + local z n i + config_get z core zones + for z in $z; do + config_get n core "${z}_networks" + for n in $n; do + config_get i core "${n}_ifname" + [ -n "$i" ] && env -i ACTION=remove ZONE="$z" \ + INTERFACE="$n" DEVICE="$i" /sbin/hotplug-call firewall + done + done + fw_clear ACCEPT fw_callback post stop @@ -94,16 +102,13 @@ fw_die() { echo "Error:" "$@" >&2 fw_log error "$@" fw_stop - lock -u /var/lock/firewall.start exit 1 } fw_log() { local level="$1" - [ -n "$2" ] || { - shift - level=notice - } + [ -n "$2" ] && shift || level=notice + [ "$level" != error ] || echo "Error: $@" >&2 logger -t firewall -p user.$level "$@" }