mirror of https://github.com/hak5/openwrt.git
firewall (#7355) - partially revert r21486, start firewall on init again - skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision
SVN-Revision: 21502lede-17.01
parent
91519d51e9
commit
c6fdffd932
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
PKG_NAME:=firewall
|
||||
|
||||
PKG_VERSION:=2
|
||||
PKG_RELEASE:=2
|
||||
PKG_RELEASE:=3
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
|
|
@ -3,26 +3,20 @@
|
|||
# HOTPLUG_TYPE=iface, triggered by various scripts when an interface
|
||||
# is configured (ACTION=ifup) or deconfigured (ACTION=ifdown). The
|
||||
# interface is available as INTERFACE, the real device as DEVICE.
|
||||
. /etc/functions.sh
|
||||
|
||||
[ "$DEVICE" == "lo" ] && exit 0
|
||||
|
||||
. /etc/functions.sh
|
||||
. /lib/firewall/core.sh
|
||||
fw_init
|
||||
|
||||
# Wait for firewall if startup is in progress
|
||||
lock -w /var/lock/firewall.start
|
||||
fw_init
|
||||
fw_is_loaded || exit 0
|
||||
|
||||
case "$ACTION" in
|
||||
ifup)
|
||||
fw_is_loaded && {
|
||||
fw_configure_interface "$INTERFACE" add "$DEVICE" &
|
||||
} || {
|
||||
/etc/init.d/firewall enabled && fw_start &
|
||||
}
|
||||
fw_configure_interface "$INTERFACE" add "$DEVICE" &
|
||||
;;
|
||||
ifdown)
|
||||
fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" &
|
||||
fw_configure_interface "$INTERFACE" del "$DEVICE" &
|
||||
;;
|
||||
esac
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (C) 2008 OpenWrt.org
|
||||
# Copyright (C) 2008-2010 OpenWrt.org
|
||||
|
||||
START=45
|
||||
|
||||
|
@ -10,8 +10,6 @@ fw() {
|
|||
fw_$1
|
||||
}
|
||||
|
||||
boot() { :; }
|
||||
|
||||
start() {
|
||||
fw start
|
||||
}
|
||||
|
|
|
@ -15,8 +15,6 @@ fw_start() {
|
|||
exit 1
|
||||
}
|
||||
|
||||
lock /var/lock/firewall.start
|
||||
|
||||
uci_set_state firewall core "" firewall_state
|
||||
|
||||
fw_clear DROP
|
||||
|
@ -52,8 +50,6 @@ fw_start() {
|
|||
fw_callback post core
|
||||
|
||||
uci_set_state firewall core loaded 1
|
||||
|
||||
lock -u /var/lock/firewall.start
|
||||
}
|
||||
|
||||
fw_stop() {
|
||||
|
@ -94,7 +90,6 @@ fw_die() {
|
|||
echo "Error:" "$@" >&2
|
||||
fw_log error "$@"
|
||||
fw_stop
|
||||
lock -u /var/lock/firewall.start
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
|
|
@ -5,14 +5,12 @@ fw_configure_interface() {
|
|||
local action=$2
|
||||
local ifname=$3
|
||||
|
||||
local status;
|
||||
config_get_bool status "$iface" up "0"
|
||||
[ "$status" == 1 ] || return 0
|
||||
|
||||
[ -n "$ifname" ] || {
|
||||
config_get ifname "$iface" ifname
|
||||
ifname=${ifname:-$iface}
|
||||
[ "$action" == "add" ] && {
|
||||
local status=$(uci_get_state network "$iface" up 0)
|
||||
[ "$status" == 1 ] || return 0
|
||||
}
|
||||
|
||||
[ -n "$ifname" ] || ifname=$(uci_get_state network "$iface" ifname "$iface")
|
||||
[ "$ifname" == "lo" ] && return 0
|
||||
|
||||
fw_callback pre interface
|
||||
|
|
Loading…
Reference in New Issue