From 15ebcfc04e102ccd54f3782a696c01fbde134b4c Mon Sep 17 00:00:00 2001
From: John Crispin <john@openwrt.org>
Date: Tue, 18 Feb 2014 13:33:47 +0000
Subject: firewall3: update init.d script to make use of procd

add validation data

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39617
---
 .../network/config/firewall/files/firewall.init    | 58 ++++++++++++++++++----
 1 file changed, 49 insertions(+), 9 deletions(-)

(limited to 'package')

diff --git a/package/network/config/firewall/files/firewall.init b/package/network/config/firewall/files/firewall.init
index 64e3a8c..8abbf68 100755
--- a/package/network/config/firewall/files/firewall.init
+++ b/package/network/config/firewall/files/firewall.init
@@ -1,25 +1,65 @@
 #!/bin/sh /etc/rc.common
 
 START=19
+USE_PROCD=1
+QUIET=""
 
-boot() {
-	# Be silent on boot, firewall might be started by hotplug already,
-	# so don't complain in syslog.
-	fw3 -q start
+validate_firewall_redirect()
+{
+	uci_validate_section firewall redirect "${1}" \
+		'proto:or("tcp", "udp", "tcpudp")' \
+		'src:string' \
+		'src_ip:ipaddr' \
+		'src_dport:string' \
+		'dest:string' \
+		'dest_ip:ipaddr' \
+		'dest_port:string' \
+		'target:or("SNAT", "DNAT")'
+	
+	return $?
 }
 
-start() {
-	fw3 start
+validate_firewall_rule()
+{
+	uci_validate_section firewall rule "${1}" \
+		'proto:string' \
+		'src:string' \
+		'dest:string' \
+		'src_port:string' \
+		'dest_port:string' \
+		'target:string'
+	
+	return $?
 }
 
-stop() {
-	fw3 flush
+service_triggers() {
+	procd_add_reload_trigger firewall	
+
+	procd_open_validate
+	validate_firewall_redirect
+	validate_firewall_rule
+	procd_close_validate
 }
 
 restart() {
 	fw3 restart
 }
 
-reload() {
+start_service() {
+	fw3 ${QUIET} start
+}
+
+stop_service() {
+	fw3 flush
+}
+
+reload_service() {
 	fw3 reload
 }
+
+boot() {
+	# Be silent on boot, firewall might be started by hotplug already,
+	# so don't complain in syslog.
+	QUIET=1
+	start
+}
-- 
cgit v1.1