X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/4a88a4e3b37c46552b6146de7c51724bd315b7e1..ac32f8a93b20dbb922568f7d8f3fc9195de708a6:/package/firewall/files/lib/core.sh?ds=sidebyside

diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
index d0b87a770..2178e0505 100644
--- a/package/firewall/files/lib/core.sh
+++ b/package/firewall/files/lib/core.sh
@@ -8,14 +8,13 @@ include /lib/network
 fw_start() {
 	fw_init
 
-	lock /var/lock/firewall.start
-
 	FW_DEFAULTS_APPLIED=
 
 	fw_is_loaded && {
 		echo "firewall already loaded" >&2
 		exit 1
 	}
+
 	uci_set_state firewall core "" firewall_state
 
 	fw_clear DROP
@@ -40,7 +39,7 @@ fw_start() {
 	echo "Loading includes"
 	config_foreach fw_load_include include
 
-	[ -n "$FW_NOTRACK_DISABLED" ] && {
+	[ -z "$FW_NOTRACK_DISABLED" ] && {
 		echo "Optimizing conntrack"
 		config_foreach fw_load_notrack_zone zone
 	}
@@ -50,9 +49,8 @@ fw_start() {
 
 	fw_callback post core
 
+	uci_set_state firewall core zones "$FW_ZONES"
 	uci_set_state firewall core loaded 1
-
-	lock -u /var/lock/firewall.start
 }
 
 fw_stop() {
@@ -60,6 +58,19 @@ fw_stop() {
 
 	fw_callback pre stop
 
+	local old_zones z
+	config_get old_zones core zones
+	for z in $old_zones; do
+		local old_networks n i
+		config_get old_networks core "${z}_networks"
+		for n in $old_networks; do
+			config_get i core "${n}_ifname"
+			[ -n "$i" ] && env -i ACTION=remove ZONE="$z" \
+				INTERFACE="$n" DEVICE="$i" \
+				/sbin/hotplug-call firewall
+		done
+	done
+
 	fw_clear ACCEPT
 
 	fw_callback post stop