summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--package/firewall/files/firewall.config22
-rw-r--r--package/firewall/files/lib/core_interface.sh50
2 files changed, 61 insertions, 11 deletions
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
index 7904cedb8..bee162549 100644
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@@ -75,6 +75,28 @@ config include
# option dest_port 80
# option proto tcp
+# port redirect of remapped ssh port (22001) on wan
+#config redirect
+# option src wan
+# option src_dport 22001
+# option dest lan
+# option dest_port 22
+# option proto tcp
+
+# allow IPsec/ESP and ISAKMP passthrough
+#config rule
+# option src wan
+# option dest lan
+# option protocol esp
+# option target ACCEPT
+
+#config rule
+# option src wan
+# option dest lan
+# option src_port 500
+# option dest_port 500
+# option proto udp
+# option target ACCEPT
### FULL CONFIG SECTIONS
#config rule
diff --git a/package/firewall/files/lib/core_interface.sh b/package/firewall/files/lib/core_interface.sh
index bc9eb96dd..5386292a4 100644
--- a/package/firewall/files/lib/core_interface.sh
+++ b/package/firewall/files/lib/core_interface.sh
@@ -1,27 +1,55 @@
-# Copyright (C) 2009-2010 OpenWrt.org
+# Copyright (C) 2009-2011 OpenWrt.org
fw__uci_state_add() {
local var="$1"
local item="$2"
- local val=" $(uci_get_state firewall core $var) "
- val="${val// $item / }"
- val="${val# }"
- val="${val% }"
+ local list="$(uci_get_state firewall core $var)"
+ list=" ${list:+$list }"
+
+ for item in $item; do
+ case "$list" in
+ "* $item *") continue;;
+ *) list="$list$item ";;
+ esac
+ done
+
+ list="${list% }"
+ list="${list# }"
+
uci_revert_state firewall core $var
- uci_set_state firewall core $var "${val:+$val }$item"
+ uci_set_state firewall core $var "$list"
}
fw__uci_state_del() {
local var="$1"
local item="$2"
- local val=" $(uci_get_state firewall core $var) "
- val="${val// $item / }"
- val="${val# }"
- val="${val% }"
+ echo "del[$item]"
+
+ local list val
+ for val in $(uci_get_state firewall core "$var" | sort -u); do
+ list="${list:+$list }$val"
+ done
+
+ echo "list[$list]"
+
uci_revert_state firewall core $var
- uci_set_state firewall core $var "$val"
+
+ [ -n "$list" ] && {
+ list=" $list "
+
+ for item in $item; do
+ list="${list// $item / }"
+ done
+
+ list="${list# }"
+ list="${list% }"
+
+ echo "list2[$list]"
+
+ uci_set_state firewall core $var "$list"
+ }
}
fw_configure_interface() {