X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/e8be3016c98c2e7d81755c4eae34ea3c60f4b3f9..957731ef89fc1876a0ab8c56d50001011b20abb0:/package/firewall/files/lib/core.sh?ds=sidebyside diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh index 3fd98d160..93d4d2e29 100644 --- a/package/firewall/files/lib/core.sh +++ b/package/firewall/files/lib/core.sh @@ -14,6 +14,7 @@ fw_start() { echo "firewall already loaded" >&2 exit 1 } + uci_set_state firewall core "" firewall_state fw_clear DROP @@ -29,16 +30,16 @@ fw_start() { echo "Loading forwardings" config_foreach fw_load_forwarding forwarding - echo "Loading redirects" - config_foreach fw_load_redirect redirect - echo "Loading rules" config_foreach fw_load_rule rule + echo "Loading redirects" + config_foreach fw_load_redirect redirect + echo "Loading includes" config_foreach fw_load_include include - [ -n "$FW_NOTRACK_DISABLED" ] && { + [ -z "$FW_NOTRACK_DISABLED" ] && { echo "Optimizing conntrack" config_foreach fw_load_notrack_zone zone } @@ -48,6 +49,7 @@ fw_start() { fw_callback post core + uci_set_state firewall core zones "$FW_ZONES" uci_set_state firewall core loaded 1 } @@ -56,12 +58,34 @@ fw_stop() { fw_callback pre stop + local z n i + config_get z core zones + for z in $z; do + config_get n core "${z}_networks" + for n in $n; do + config_get i core "${n}_ifname" + [ -n "$i" ] && env -i ACTION=remove ZONE="$z" \ + INTERFACE="$n" DEVICE="$i" /sbin/hotplug-call firewall + done + + config_get i core "${z}_tcpmss" + [ "$i" == 1 ] && { + fw del i m FORWARD zone_${z}_MSSFIX + fw del i m zone_${z}_MSSFIX + } + done + fw_clear ACCEPT fw_callback post stop uci_revert_state firewall config_clear + + local h + for h in $FW_HOOKS; do unset $h; done + + unset FW_HOOKS unset FW_INITIALIZED } @@ -75,9 +99,8 @@ fw_reload() { } fw_is_loaded() { - local bool - config_get_bool bool core loaded 0 - return $((! $bool)) + local bool=$(uci_get_state firewall.core.loaded) + return $((! ${bool:-0})) } @@ -90,10 +113,8 @@ fw_die() { fw_log() { local level="$1" - [ -n "$2" ] || { - shift - level=notice - } + [ -n "$2" ] && shift || level=notice + [ "$level" != error ] || echo "Error: $@" >&2 logger -t firewall -p user.$level "$@" } @@ -123,8 +144,10 @@ fw_init() { . $file for hk in $hooks; do for pp in pre post; do - type ${lib}_${pp}_${hk}_cb >/dev/null && + type ${lib}_${pp}_${hk}_cb >/dev/null && { append FW_CB_${pp}_${hk} ${lib} + append FW_HOOKS FW_CB_${pp}_${hk} + } done done done