summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--package/firewall/files/20-firewall33
-rwxr-xr-xpackage/firewall/files/uci_firewall.sh50
2 files changed, 46 insertions, 37 deletions
diff --git a/package/firewall/files/20-firewall b/package/firewall/files/20-firewall
index 1cfc1b9..4b89326 100644
--- a/package/firewall/files/20-firewall
+++ b/package/firewall/files/20-firewall
@@ -2,35 +2,4 @@
unset ZONE
config_get ifname $INTERFACE ifname
[ "$ifname" == "lo" ] && exit 0
-
-load_zones() {
- local name
- local network
- config_get name $1 name
- config_get network $1 network
- [ -z "$network" ] && network=$name
- for n in $network; do
- [ "$n" = "$INTERFACE" ] && ZONE="$ZONE $name"
- done
-}
-
-config_foreach load_zones zone
-
-[ -z "$ZONE" ] && exit 0
-
-[ ifup = "$ACTION" ] && {
- for z in $ZONE; do
- local loaded
- config_get loaded core loaded
- [ -n "$loaded" ] && addif "$INTERFACE" "$ifname" "$z"
- done
-}
-
-[ ifdown = "$ACTION" ] && {
- local up
- config_get up "$INTERFACE" up
-
- for z in $ZONE; do
- [ "$up" == "1" ] && delif "$INTERFACE" "$ifname" "$z"
- done
-}
+fw_event "$ACTION" "$INTERFACE"
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 478b95c..21485cb 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -402,13 +402,52 @@ fw_include() {
[ -e $path ] && . $path
}
+get_interface_zones() {
+ local interface="$2"
+ local name
+ local network
+ config_get name $1 name
+ config_get network $1 network
+ [ -z "$network" ] && network=$name
+ for n in $network; do
+ [ "$n" = "$interface" ] && append add_zone "$name"
+ done
+}
+
+fw_event() {
+ local action="$1"
+ local interface="$2"
+ local ifname="$(sh -c ". /etc/functions.sh; config_load network; config_get "$interface" ifname")"
+ local up
+
+ [ -z "$ifname" ] && return 0
+ config_foreach get_interface_zones zone "$interface"
+ [ -z "$add_zone" ] && return 0
+
+ case "$action" in
+ ifup)
+ for z in $add_zone; do
+ local loaded
+ config_get loaded core loaded
+ [ -n "$loaded" ] && addif "$interface" "$ifname" "$z"
+ done
+ ;;
+ ifdown)
+ config_get up "$interface" up
+
+ for z in $ZONE; do
+ [ "$up" == "1" ] && delif "$interface" "$ifname" "$z"
+ done
+ ;;
+ esac
+}
+
fw_addif() {
local up
local ifname
config_get up $1 up
- config_get ifname $1 ifname
[ -n "$up" ] || return 0
- (ACTION="ifup" INTERFACE="$1" . /etc/hotplug.d/iface/20-firewall)
+ fw_event ifup "$1"
}
fw_custom_chains() {
@@ -465,9 +504,10 @@ fw_init() {
config_foreach fw_zone_defaults zone
uci_set_state firewall core loaded 1
config_foreach fw_check_notrack zone
- unset CONFIG_APPEND
- config_load network
- config_foreach fw_addif interface
+ INTERFACES="$(sh -c '. /etc/functions.sh; config_load network; config_foreach echo interface')"
+ for interface in $INTERFACES; do
+ fw_addif "$interface"
+ done
}
fw_stop() {