X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/e56f132e78b9cc02c54cf71d5240055af3f53d7e..21adeeda4da4c10a70f44e2cf1832e221483f1bf:/package/firewall/files/uci_firewall.sh?ds=inline diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh index 263a33d15..3c13631a3 100755 --- a/package/firewall/files/uci_firewall.sh +++ b/package/firewall/files/uci_firewall.sh @@ -56,9 +56,9 @@ create_zone() { $IPTABLES -N zone_$1_DROP $IPTABLES -N zone_$1_REJECT $IPTABLES -N zone_$1_forward - $IPTABLES -A zone_$1_forward -j zone_$1_$5 - $IPTABLES -A zone_$1 -j zone_$1_$3 - $IPTABLES -A output -j zone_$1_$4 + [ "$5" ] && $IPTABLES -A zone_$1_forward -j zone_$1_$5 + [ "$3" ] && $IPTABLES -A zone_$1 -j zone_$1_$3 + [ "$4" ] && $IPTABLES -A output -j zone_$1_$4 $IPTABLES -N zone_$1_nat -t nat $IPTABLES -N zone_$1_prerouting -t nat $IPTABLES -t raw -N zone_$1_notrack @@ -96,6 +96,7 @@ addif() { $IPTABLES -t raw -I PREROUTING 1 -i "$ifname" -j zone_${zone}_notrack uci_set_state firewall core "${network}_ifname" "$ifname" uci_set_state firewall core "${network}_zone" "$zone" + ACTION=add ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall } delif() { @@ -117,6 +118,7 @@ delif() { $IPTABLES -D forward -i "$ifname" -j zone_${zone}_forward uci_revert_state firewall core "${network}_ifname" uci_revert_state firewall core "${network}_zone" + ACTION=remove ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall } load_synflood() { @@ -243,6 +245,7 @@ fw_rule() { local dest_ip local dest_port local proto + local icmp_type local target local ruleset @@ -254,6 +257,7 @@ fw_rule() { config_get dest_ip $1 dest_ip config_get dest_port $1 dest_port config_get proto $1 proto + config_get icmp_type $1 icmp_type config_get target $1 target config_get ruleset $1 ruleset @@ -276,6 +280,7 @@ fw_rule() { add_rule() { $IPTABLES -I $ZONE 1 \ ${proto:+-p $proto} \ + ${icmp_type:+--icmp-type $icmp_type} \ ${src_ip:+-s $src_ip} \ ${src_port:+--sport $src_port} \ ${src_mac:+-m mac --mac-source $src_mac} \