diff options
-rw-r--r-- | package/firewall/files/20-firewall | 33 | ||||
-rwxr-xr-x | package/firewall/files/uci_firewall.sh | 50 |
2 files changed, 46 insertions, 37 deletions
diff --git a/package/firewall/files/20-firewall b/package/firewall/files/20-firewall index 1cfc1b9c0..4b89326b5 100644 --- a/package/firewall/files/20-firewall +++ b/package/firewall/files/20-firewall @@ -2,35 +2,4 @@ unset ZONE config_get ifname $INTERFACE ifname [ "$ifname" == "lo" ] && exit 0 - -load_zones() { - local name - local network - config_get name $1 name - config_get network $1 network - [ -z "$network" ] && network=$name - for n in $network; do - [ "$n" = "$INTERFACE" ] && ZONE="$ZONE $name" - done -} - -config_foreach load_zones zone - -[ -z "$ZONE" ] && exit 0 - -[ ifup = "$ACTION" ] && { - for z in $ZONE; do - local loaded - config_get loaded core loaded - [ -n "$loaded" ] && addif "$INTERFACE" "$ifname" "$z" - done -} - -[ ifdown = "$ACTION" ] && { - local up - config_get up "$INTERFACE" up - - for z in $ZONE; do - [ "$up" == "1" ] && delif "$INTERFACE" "$ifname" "$z" - done -} +fw_event "$ACTION" "$INTERFACE" diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh index 478b95c93..21485cb5d 100755 --- a/package/firewall/files/uci_firewall.sh +++ b/package/firewall/files/uci_firewall.sh @@ -402,13 +402,52 @@ fw_include() { [ -e $path ] && . $path } +get_interface_zones() { + local interface="$2" + local name + local network + config_get name $1 name + config_get network $1 network + [ -z "$network" ] && network=$name + for n in $network; do + [ "$n" = "$interface" ] && append add_zone "$name" + done +} + +fw_event() { + local action="$1" + local interface="$2" + local ifname="$(sh -c ". /etc/functions.sh; config_load network; config_get "$interface" ifname")" + local up + + [ -z "$ifname" ] && return 0 + config_foreach get_interface_zones zone "$interface" + [ -z "$add_zone" ] && return 0 + + case "$action" in + ifup) + for z in $add_zone; do + local loaded + config_get loaded core loaded + [ -n "$loaded" ] && addif "$interface" "$ifname" "$z" + done + ;; + ifdown) + config_get up "$interface" up + + for z in $ZONE; do + [ "$up" == "1" ] && delif "$interface" "$ifname" "$z" + done + ;; + esac +} + fw_addif() { local up local ifname config_get up $1 up - config_get ifname $1 ifname [ -n "$up" ] || return 0 - (ACTION="ifup" INTERFACE="$1" . /etc/hotplug.d/iface/20-firewall) + fw_event ifup "$1" } fw_custom_chains() { @@ -465,9 +504,10 @@ fw_init() { config_foreach fw_zone_defaults zone uci_set_state firewall core loaded 1 config_foreach fw_check_notrack zone - unset CONFIG_APPEND - config_load network - config_foreach fw_addif interface + INTERFACES="$(sh -c '. /etc/functions.sh; config_load network; config_foreach echo interface')" + for interface in $INTERFACES; do + fw_addif "$interface" + done } fw_stop() { |