summaryrefslogtreecommitdiff
path: root/package/firewall/files
diff options
context:
space:
mode:
Diffstat (limited to 'package/firewall/files')
-rw-r--r--package/firewall/files/lib/core.sh14
-rw-r--r--package/firewall/files/lib/core_interface.sh29
2 files changed, 41 insertions, 2 deletions
diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
index 03a80c6..2178e05 100644
--- a/package/firewall/files/lib/core.sh
+++ b/package/firewall/files/lib/core.sh
@@ -49,6 +49,7 @@ fw_start() {
fw_callback post core
+ uci_set_state firewall core zones "$FW_ZONES"
uci_set_state firewall core loaded 1
}
@@ -57,6 +58,19 @@ fw_stop() {
fw_callback pre stop
+ local old_zones z
+ config_get old_zones core zones
+ for z in $old_zones; do
+ local old_networks n i
+ config_get old_networks core "${z}_networks"
+ for n in $old_networks; do
+ config_get i core "${n}_ifname"
+ [ -n "$i" ] && env -i ACTION=remove ZONE="$z" \
+ INTERFACE="$n" DEVICE="$i" \
+ /sbin/hotplug-call firewall
+ done
+ done
+
fw_clear ACCEPT
fw_callback post stop
diff --git a/package/firewall/files/lib/core_interface.sh b/package/firewall/files/lib/core_interface.sh
index 889dcc9..1a33cde 100644
--- a/package/firewall/files/lib/core_interface.sh
+++ b/package/firewall/files/lib/core_interface.sh
@@ -1,5 +1,24 @@
# Copyright (C) 2009-2010 OpenWrt.org
+fw__uci_state_add() {
+ local var="$1"
+ local item="$2"
+
+ local val="$(uci_get_state firewall core $var)"
+ uci_set_state firewall core $var "${val:+$val }$item"
+}
+
+fw__uci_state_del() {
+ local var="$1"
+ local item="$2"
+
+ local val=" $(uci_get_state firewall core $var) "
+ val="${val// $item / }"
+ val="${val# }"
+ val="${val% }"
+ uci_set_state firewall core $var "$val"
+}
+
fw_configure_interface() {
local iface=$1
local action=$2
@@ -83,7 +102,10 @@ fw_configure_interface() {
fw__do_rules del $z $old_ifname $n
done
- [ -n "$old_subnets" ] || ACTION=remove ZONE="$z" INTERFACE="$iface" DEVICE="$ifname" /sbin/hotplug-call firewall
+ [ -n "$old_subnets" ] || {
+ fw__uci_state_del "${z}_networks" "$iface"
+ env -i ACTION=remove ZONE="$z" INTERFACE="$iface" DEVICE="$ifname" /sbin/hotplug-call firewall
+ }
done
local old_aliases
@@ -139,7 +161,10 @@ fw_configure_interface() {
fw__do_rules add ${zone_name} "$ifname" "$aliasnet"
append new_zones $zone_name
- [ -n "$aliasnet" ] || ACTION=add ZONE="$zone_name" INTERFACE="$iface" DEVICE="$ifname" /sbin/hotplug-call firewall
+ [ -n "$aliasnet" ] || {
+ fw__uci_state_add "${zone_name}_networks" "${zone_network}"
+ env -i ACTION=add ZONE="$zone_name" INTERFACE="$iface" DEVICE="$ifname" /sbin/hotplug-call firewall
+ }
}
config_foreach load_zone zone