diff options
Diffstat (limited to 'package/firewall/files/uci_firewall.sh')
-rwxr-xr-x | package/firewall/files/uci_firewall.sh | 50 |
1 files changed, 45 insertions, 5 deletions
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh index 478b95c..21485cb 100755 --- a/package/firewall/files/uci_firewall.sh +++ b/package/firewall/files/uci_firewall.sh @@ -402,13 +402,52 @@ fw_include() { [ -e $path ] && . $path } +get_interface_zones() { + local interface="$2" + local name + local network + config_get name $1 name + config_get network $1 network + [ -z "$network" ] && network=$name + for n in $network; do + [ "$n" = "$interface" ] && append add_zone "$name" + done +} + +fw_event() { + local action="$1" + local interface="$2" + local ifname="$(sh -c ". /etc/functions.sh; config_load network; config_get "$interface" ifname")" + local up + + [ -z "$ifname" ] && return 0 + config_foreach get_interface_zones zone "$interface" + [ -z "$add_zone" ] && return 0 + + case "$action" in + ifup) + for z in $add_zone; do + local loaded + config_get loaded core loaded + [ -n "$loaded" ] && addif "$interface" "$ifname" "$z" + done + ;; + ifdown) + config_get up "$interface" up + + for z in $ZONE; do + [ "$up" == "1" ] && delif "$interface" "$ifname" "$z" + done + ;; + esac +} + fw_addif() { local up local ifname config_get up $1 up - config_get ifname $1 ifname [ -n "$up" ] || return 0 - (ACTION="ifup" INTERFACE="$1" . /etc/hotplug.d/iface/20-firewall) + fw_event ifup "$1" } fw_custom_chains() { @@ -465,9 +504,10 @@ fw_init() { config_foreach fw_zone_defaults zone uci_set_state firewall core loaded 1 config_foreach fw_check_notrack zone - unset CONFIG_APPEND - config_load network - config_foreach fw_addif interface + INTERFACES="$(sh -c '. /etc/functions.sh; config_load network; config_foreach echo interface')" + for interface in $INTERFACES; do + fw_addif "$interface" + done } fw_stop() { |