[package] firewall:

	- replace uci firewall with a modular dual stack implementation	developed by Malte S. Stretz
	- bump version to 2


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21286 3c298f89-4303-0410-b956-a3cf2f4a3e73

1 files changed, 40 insertions, 0 deletions

diff --git a/package/firewall/files/lib/core_forwarding.sh b/package/firewall/files/lib/core_forwarding.sh
new file mode 100644
index 000000000..766e48e38
--- /dev/null
+++ b/package/firewall/files/lib/core_forwarding.sh
@@ -0,0 +1,40 @@
+# Copyright (C) 2009-2010 OpenWrt.org
+
+fw_config_get_forwarding() {
+	[ "${forwarding_NAME}" != "$1" ] || return
+	fw_config_get_section "$1" forwarding { \
+		string _name "$1" \
+		string name "" \
+		string src "" \
+		string dest "" \
+	} || return
+	[ -n "$forwarding_name" ] || forwarding_name=$forwarding__name
+}
+
+fw_load_forwarding() {
+	fw_config_get_forwarding "$1"
+
+	fw_callback pre forwarding
+
+	local chain=forward
+	[ -n "$forwarding_src" ] && {
+		chain=zone_${forwarding_src}_forward 
+	}
+
+	local target=ACCEPT
+	[ -n "$forwarding_dest" ] && {
+		target=zone_${forwarding_dest}_ACCEPT
+	}
+
+	fw add i f $chain $target ^
+
+	# propagate masq zone flag
+	[ -n "$forwarding_src" ] && list_contains CONNTRACK_ZONES $forwarding_src && {
+		append CONNTRACK_ZONES $forwarding_dest
+	}
+	[ -n "$forwarding_dest" ] && list_contains CONNTRACK_ZONES $forwarding_dest && {
+		append CONNTRACK_ZONES $forwarding_src
+	}
+
+	fw_callback post forwarding
+}