From 9c8997d54dc9df184bfcedeabf0b3c85cf5e6753 Mon Sep 17 00:00:00 2001
From: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Wed, 10 Oct 2012 12:32:29 +0000
Subject: packages: sort network related packages into package/network/

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33688 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/firewall/files/lib/core_init.sh | 338 --------------------------------
 1 file changed, 338 deletions(-)
 delete mode 100644 package/firewall/files/lib/core_init.sh

(limited to 'package/firewall/files/lib/core_init.sh')

diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh
deleted file mode 100644
index 035647998..000000000
--- a/package/firewall/files/lib/core_init.sh
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright (C) 2009-2011 OpenWrt.org
-# Copyright (C) 2008 John Crispin <blogic@openwrt.org>
-
-FW_INITIALIZED=
-
-FW_ZONES=
-FW_ZONES4=
-FW_ZONES6=
-FW_CONNTRACK_ZONES=
-FW_NOTRACK_DISABLED=
-
-FW_DEFAULTS_APPLIED=
-FW_ADD_CUSTOM_CHAINS=
-FW_ACCEPT_REDIRECTS=
-FW_ACCEPT_SRC_ROUTE=
-
-FW_DEFAULT_INPUT_POLICY=REJECT
-FW_DEFAULT_OUTPUT_POLICY=REJECT
-FW_DEFAULT_FORWARD_POLICY=REJECT
-
-FW_DISABLE_IPV4=0
-FW_DISABLE_IPV6=0
-
-
-fw_load_defaults() {
-	fw_config_get_section "$1" defaults { \
-		string input $FW_DEFAULT_INPUT_POLICY \
-		string output $FW_DEFAULT_OUTPUT_POLICY \
-		string forward $FW_DEFAULT_FORWARD_POLICY \
-		boolean drop_invalid 0 \
-		boolean syn_flood 0 \
-		boolean synflood_protect 0 \
-		string synflood_rate 25 \
-		string synflood_burst 50 \
-		boolean tcp_syncookies 1 \
-		boolean tcp_ecn 0 \
-		boolean tcp_westwood 0 \
-		boolean tcp_window_scaling 1 \
-		boolean accept_redirects 0 \
-		boolean accept_source_route 0 \
-		boolean custom_chains 1 \
-		boolean disable_ipv6 0 \
-	} || return
-	[ -n "$FW_DEFAULTS_APPLIED" ] && {
-		fw_log error "duplicate defaults section detected, skipping"
-		return 1
-	}
-	FW_DEFAULTS_APPLIED=1
-
-	FW_DEFAULT_INPUT_POLICY=$defaults_input
-	FW_DEFAULT_OUTPUT_POLICY=$defaults_output
-	FW_DEFAULT_FORWARD_POLICY=$defaults_forward
-
-	FW_ADD_CUSTOM_CHAINS=$defaults_custom_chains
-
-	FW_ACCEPT_REDIRECTS=$defaults_accept_redirects
-	FW_ACCEPT_SRC_ROUTE=$defaults_accept_source_route
-
-	FW_DISABLE_IPV6=$defaults_disable_ipv6
-
-	fw_callback pre defaults
-
-	# Seems like there are only one sysctl for both IP versions.
-	for s in syncookies ecn westwood window_scaling; do
-		eval "sysctl -e -w net.ipv4.tcp_${s}=\$defaults_tcp_${s}" >/dev/null
-	done
-	fw_sysctl_interface all
-
-	fw add i f INPUT   ACCEPT { -m conntrack --ctstate RELATED,ESTABLISHED }
-	fw add i f OUTPUT  ACCEPT { -m conntrack --ctstate RELATED,ESTABLISHED }
-	fw add i f FORWARD ACCEPT { -m conntrack --ctstate RELATED,ESTABLISHED }
-
-	[ $defaults_drop_invalid == 1 ] && {
-		fw add i f INPUT   DROP { -m conntrack --ctstate INVALID }
-		fw add i f OUTPUT  DROP { -m conntrack --ctstate INVALID }
-		fw add i f FORWARD DROP { -m conntrack --ctstate INVALID }
-		FW_NOTRACK_DISABLED=1
-	}
-
-	fw add i f INPUT  ACCEPT { -i lo }
-	fw add i f OUTPUT ACCEPT { -o lo }
-
-	# Compatibility to old 'syn_flood' parameter
-	[ $defaults_syn_flood == 1 ] && \
-		defaults_synflood_protect=1
-
-	[ "${defaults_synflood_rate%/*}" == "$defaults_synflood_rate" ] && \
-		defaults_synflood_rate="$defaults_synflood_rate/second"
-
-	[ $defaults_synflood_protect == 1 ] && {
-		echo "Loading synflood protection"
-		fw_callback pre synflood
-		fw add i f syn_flood
-		fw add i f syn_flood RETURN { \
-			-p tcp --syn \
-			-m limit --limit "${defaults_synflood_rate}" --limit-burst "${defaults_synflood_burst}" \
-		}
-		fw add i f syn_flood DROP
-		fw add i f INPUT syn_flood { -p tcp --syn }
-		fw_callback post synflood
-	}
-
-	[ $defaults_custom_chains == 1 ] && {
-		echo "Adding custom chains"
-		fw add i f input_rule
-		fw add i f output_rule
-		fw add i f forwarding_rule
-		fw add i n prerouting_rule
-		fw add i n postrouting_rule
-
-		fw add i f INPUT       input_rule
-		fw add i f OUTPUT      output_rule
-		fw add i f FORWARD     forwarding_rule
-		fw add i n PREROUTING  prerouting_rule
-		fw add i n POSTROUTING postrouting_rule
-	}
-
-	fw add i f input
-	fw add i f output
-	fw add i f forward
-
-	fw add i f INPUT   input
-	fw add i f OUTPUT  output
-	fw add i f FORWARD forward
-
-	fw add i f reject
-	fw add i f reject REJECT { --reject-with tcp-reset -p tcp }
-	fw add i f reject REJECT { --reject-with port-unreach }
-
-	fw_set_filter_policy
-
-	fw_callback post defaults
-}
-
-
-fw_config_get_zone() {
-	[ "${zone_NAME}" != "$1" ] || return
-	fw_config_get_section "$1" zone { \
-		string name "$1" \
-		string network "" \
-		string input "$FW_DEFAULT_INPUT_POLICY" \
-		string output "$FW_DEFAULT_OUTPUT_POLICY" \
-		string forward "$FW_DEFAULT_FORWARD_POLICY" \
-		boolean masq 0 \
-		string masq_src "" \
-		string masq_dest "" \
-		boolean conntrack 0 \
-		boolean mtu_fix 0 \
-		boolean custom_chains "$FW_ADD_CUSTOM_CHAINS" \
-		boolean log 0 \
-		string log_limit 10 \
-		string family "" \
-	} || return
-	[ -n "$zone_name" ] || zone_name=$zone_NAME
-	[ -n "$zone_network" ] || zone_network=$zone_name
-}
-
-fw_load_zone() {
-	fw_config_get_zone "$1"
-
-	list_contains FW_ZONES $zone_name && {
-		fw_log error "zone ${zone_name}: duplicated zone, skipping"
-		return 0
-	}
-	append FW_ZONES $zone_name
-
-	fw_callback pre zone
-
-	[ $zone_conntrack = 1 -o $zone_masq = 1 ] && \
-		append FW_CONNTRACK_ZONES "$zone_name"
-
-	local mode
-	case "$zone_family" in
-		*4)
-			mode=4
-			append FW_ZONES4 $zone_name
-			uci_set_state firewall core ${zone_name}_ipv4 1
-		;;
-		*6)
-			mode=6
-			append FW_ZONES6 $zone_name
-			uci_set_state firewall core ${zone_name}_ipv6 1
-		;;
-		*)
-			mode=i
-			append FW_ZONES4 $zone_name
-			append FW_ZONES6 $zone_name
-			uci_set_state firewall core ${zone_name}_ipv4 1
-			uci_set_state firewall core ${zone_name}_ipv6 1
-		;;
-	esac
-
-	local chain=zone_${zone_name}
-
-	fw add $mode f ${chain}_ACCEPT
-	fw add $mode f ${chain}_DROP
-	fw add $mode f ${chain}_REJECT
-
-	# TODO: Rename to ${chain}_input
-	fw add $mode f ${chain}
-	fw add $mode f ${chain} ${chain}_${zone_input} $
-
-	fw add $mode f ${chain}_forward
-	fw add $mode f ${chain}_forward ${chain}_${zone_forward} $
-
-	# TODO: add ${chain}_output
-	fw add $mode f output ${chain}_${zone_output} $
-
-	# TODO: Rename to ${chain}_MASQUERADE
-	fw add $mode n ${chain}_nat
-	fw add $mode n ${chain}_prerouting
-
-	fw add $mode r ${chain}_notrack
-
-	[ $zone_mtu_fix == 1 ] && {
-		fw add $mode m ${chain}_MSSFIX
-		fw add $mode m FORWARD ${chain}_MSSFIX ^
-		uci_set_state firewall core ${zone_name}_tcpmss 1
-	}
-
-	[ $zone_custom_chains == 1 ] && {
-		[ $FW_ADD_CUSTOM_CHAINS == 1 ] || \
-			fw_die "zone ${zone_name}: custom_chains globally disabled"
-
-		fw add $mode f input_${zone_name}
-		fw add $mode f ${chain} input_${zone_name} ^
-
-		fw add $mode f forwarding_${zone_name}
-		fw add $mode f ${chain}_forward forwarding_${zone_name} ^
-
-		fw add $mode n prerouting_${zone_name}
-		fw add $mode n ${chain}_prerouting prerouting_${zone_name} ^
-	}
-
-	[ "$zone_log" == 1 ] && {
-		[ "${zone_log_limit%/*}" == "$zone_log_limit" ] && \
-			zone_log_limit="$zone_log_limit/minute"
-
-		local t
-		for t in REJECT DROP; do
-			fw add $mode f ${chain}_${t} LOG ^ \
-				{ -m limit --limit $zone_log_limit --log-prefix "$t($zone_name): " }
-		done
-
-		[ $zone_mtu_fix == 1 ] && \
-			fw add $mode m ${chain}_MSSFIX LOG ^ \
-				{ -m limit --limit $zone_log_limit --log-prefix "MSSFIX($zone_name): " }
-	}
-
-	# NB: if MASQUERADING for IPv6 becomes available we'll need a family check here
-	if [ "$zone_masq" == 1 ]; then
-		local msrc mdst
-		for msrc in ${zone_masq_src:-0.0.0.0/0}; do
-			case "$msrc" in
-				*.*) fw_get_negation msrc '-s' "$msrc" ;;
-				*)   fw_get_subnet4 msrc '-s' "$msrc" || break ;;
-			esac
-
-			for mdst in ${zone_masq_dest:-0.0.0.0/0}; do
-				case "$mdst" in
-					*.*) fw_get_negation mdst '-d' "$mdst" ;;
-					*)   fw_get_subnet4 mdst '-d' "$mdst" || break ;;
-				esac
-
-				fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst }
-			done
-		done
-	fi
-
-	fw_callback post zone
-}
-
-fw_load_notrack_zone() {
-	fw_config_get_zone "$1"
-	list_contains FW_CONNTRACK_ZONES "${zone_name}" && return
-
-	fw_callback pre notrack
-
-	fw add i r zone_${zone_name}_notrack NOTRACK $
-
-	fw_callback post notrack
-}
-
-
-fw_load_include() {
-	local name="$1"
-
-	local path
-	config_get path ${name} path
-
-	[ -e $path ] && (
-		config() {
-			fw_log error "You cannot use UCI in firewall includes!" >&2
-			exit 1
-		}
-		. $path 
-	)
-}
-
-
-fw_clear() {
-	local policy=$1
-
-	fw_set_filter_policy $policy
-
-	local tab
-	for tab in f n r; do
-		fw del i $tab
-	done
-}
-
-fw_set_filter_policy() {
-	local policy=$1
-
-	local chn tgt
-	for chn in INPUT OUTPUT FORWARD; do
-		eval "tgt=\${policy:-\${FW_DEFAULT_${chn}_POLICY}}"
-		[ $tgt == "REJECT" ] && tgt=reject
-		[ $tgt == "ACCEPT" -o $tgt == "DROP" ] || {
-			fw add i f $chn $tgt $
-			tgt=DROP
-		}
-		fw policy i f $chn $tgt
-	done
-}
-
-
-fw_callback() {
-	local pp=$1
-	local hk=$2
-
-	local libs lib
-	eval "libs=\$FW_CB_${pp}_${hk}"
-	[ -n "$libs" ] || return
-	for lib in $libs; do
-		${lib}_${pp}_${hk}_cb
-	done
-}
-- 
cgit v1.2.3