diff options
| -rw-r--r-- | package/firewall/files/lib/core_init.sh | 8 | ||||
| -rw-r--r-- | package/firewall/files/lib/fw.sh | 8 | 
2 files changed, 11 insertions, 5 deletions
| diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh index 82939b941..2dd989e49 100644 --- a/package/firewall/files/lib/core_init.sh +++ b/package/firewall/files/lib/core_init.sh @@ -16,6 +16,9 @@ FW_DEFAULT_INPUT_POLICY=REJECT  FW_DEFAULT_OUTPUT_POLICY=REJECT  FW_DEFAULT_FORWARD_POLICY=REJECT +FW_DISABLE_IPV4=0 +FW_DISABLE_IPV6=0 +  fw_load_defaults() {  	fw_config_get_section "$1" defaults { \ @@ -34,6 +37,7 @@ fw_load_defaults() {  		boolean accept_redirects 0 \  		boolean accept_source_route 0 \  		boolean custom_chains 1 \ +		boolean disable_ipv6 0 \  	} || return  	[ -n "$FW_DEFAULTS_APPLIED" ] && {  		echo "Error: multiple defaults sections detected" @@ -50,6 +54,8 @@ fw_load_defaults() {  	FW_ACCEPT_REDIRECTS=$defaults_accept_redirects  	FW_ACCEPT_SRC_ROUTE=$defaults_accept_source_route +	FW_DISABLE_IPV6=$defaults_disable_ipv6 +  	fw_callback pre defaults  	# Seems like there are only one sysctl for both IP versions. @@ -96,7 +102,7 @@ fw_load_defaults() {  		fw add i f forwarding_rule  		fw add i n prerouting_rule  		fw add i n postrouting_rule -			 +  		fw add i f INPUT       input_rule  		fw add i f OUTPUT      output_rule  		fw add i f FORWARD     forwarding_rule diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh index 72aa37c5b..1dd5227c1 100644 --- a/package/firewall/files/lib/fw.sh +++ b/package/firewall/files/lib/fw.sh @@ -72,7 +72,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }  		if [ $tab == '-' ]; then  			type $app > /dev/null 2> /dev/null  			fw__rc $(($? & 1)) -			return  +			return  		fi  		local mod  		eval "mod=\$FW_${fam}_${tab}" @@ -85,7 +85,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }  			6) mod=ip6table_${tab} ;;  			*) mod=. ;;  		esac -		grep "^${mod} " /proc/modules > /dev/null +		grep -q "^${mod} " /proc/modules  		mod=$?  		export FW_${fam}_${tab}=$mod  		fw__rc $mod @@ -100,8 +100,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }  	local app=  	local pol=  	case "$fam" in -		4) app=iptables ;; -		6) app=ip6tables ;; +		4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables  || return ;; +		6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;  		i) fw__dualip "$@"; return ;;  		I) fw__autoip "$@"; return ;;  		e) app=ebtables ;; | 
