X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/d2f8ac6e8cd3c99fbb81cdf6324edece1b28d5c8..271da7f4e93492f377c0fcf25def4591d60b9fbc:/package/firewall/files/lib/fw.sh diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh index 72aa37c5b..16a39b6a6 100644 --- a/package/firewall/files/lib/fw.sh +++ b/package/firewall/files/lib/fw.sh @@ -36,7 +36,7 @@ fw__exec() { # { } done fw__rc() { - export FW_${fam}_ERROR=$1 + export FW_${fam#G}_ERROR=$1 return $1 } @@ -51,8 +51,8 @@ fw__exec() { #
{ } shift while [ "$1" != '}' ]; do case "$1" in - *.*.*.*) ip4=1 ;; *:*) ip6=1 ;; + *.*.*.*) ip4=1 ;; esac shift done @@ -72,20 +72,20 @@ fw__exec() { #
{ } if [ $tab == '-' ]; then type $app > /dev/null 2> /dev/null fw__rc $(($? & 1)) - return + return fi local mod - eval "mod=\$FW_${fam}_${tab}" + eval "mod=\$FW_${fam#G}_${tab}" if [ "$mod" ]; then fw__rc $mod return fi case "$fam" in - 4) mod=iptable_${tab} ;; - 6) mod=ip6table_${tab} ;; + *4) mod=iptable_${tab} ;; + *6) mod=ip6table_${tab} ;; *) mod=. ;; esac - grep "^${mod} " /proc/modules > /dev/null + grep -q "^${mod} " /proc/modules mod=$? export FW_${fam}_${tab}=$mod fw__rc $mod @@ -100,8 +100,8 @@ fw__exec() { #
{ } local app= local pol= case "$fam" in - 4) app=iptables ;; - 6) app=ip6tables ;; + *4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables || return ;; + *6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;; i) fw__dualip "$@"; return ;; I) fw__autoip "$@"; return ;; e) app=ebtables ;; @@ -148,35 +148,82 @@ fw__exec() { #
{ } return 0 fi + case "$fam" in + G*) shift; while [ $# -gt 0 ] && [ "$1" != "{" ]; do shift; done ;; + esac + if [ $# -gt 0 ]; then shift if [ $cmd == delete ]; then pos= fi fi + + local cmdline="$app --table ${tab} --${cmd} ${chn} ${pol} ${pos} ${tgt:+--jump "$tgt"}" while [ $# -gt 1 ]; do - echo -n "$1" - echo -ne "\0" + case "$app:$1" in + ip6tables:--icmp-type) cmdline="$cmdline --icmpv6-type" ;; + ip6tables:icmp|ip6tables:ICMP) cmdline="$cmdline icmpv6" ;; + iptables:--icmpv6-type) cmdline="$cmdline --icmp-type" ;; + iptables:icmpv6) cmdline="$cmdline icmp" ;; + *) cmdline="$cmdline $1" ;; + esac shift - done | xargs -0 ${FW_TRACE:+-t} \ - $app --table ${tab} --${cmd} ${chn} ${pol} ${pos} ${tgt:+--jump "$tgt"} + done + + [ -n "$FW_TRACE" ] && echo $cmdline >&2 + + $cmdline + fw__rc $? } fw_get_port_range() { - local ports=$1 - local delim=${2:-:} - if [ "$3" ]; then - fw_get_port_range "${ports}-${3}" $delim + local _var=$1 + local _ports=$2 + local _delim=${3:-:} + if [ "$4" ]; then + fw_get_port_range $_var "${_ports}-${4}" $_delim return fi - local first=${ports%-*} - local last=${ports#*-} - if [ "$first" != "$last" ]; then - echo "$first$delim$last" + local _first=${_ports%-*} + local _last=${_ports#*-} + if [ "$_first" != "$_last" ]; then + export -- "$_var=$_first$_delim$_last" else - echo "$first" + export -- "$_var=$_first" fi } +fw_get_family_mode() { + local _var="$1" + local _hint="$2" + local _zone="$3" + local _mode="$4" + + local _ipv4 _ipv6 + [ -n "$FW_ZONES4$FW_ZONES6" ] && { + list_contains FW_ZONES4 $_zone && _ipv4=1 || _ipv4=0 + list_contains FW_ZONES6 $_zone && _ipv6=1 || _ipv6=0 + } || { + _ipv4=$(uci_get_state firewall core ${_zone}_ipv4 0) + _ipv6=$(uci_get_state firewall core ${_zone}_ipv6 0) + } + + case "$_hint:$_ipv4:$_ipv6" in + *4:1:*|*:1:0) export -n -- "$_var=G4" ;; + *6:*:1|*:0:1) export -n -- "$_var=G6" ;; + *) export -n -- "$_var=$_mode" ;; + esac +} + +fw_get_negation() { + local _var="$1" + local _flag="$2" + local _ipaddr="$3" + + [ "${_ipaddr#!}" != "$_ipaddr" ] && \ + export -n -- "$_var=! $_flag ${_ipaddr#!}" || \ + export -n -- "$_var=${_ipaddr:+$_flag $_ipaddr}" +}