projects
/
librecmc
/
librecmc.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
52940f7
)
firewall: fix zone defaults
author
Felix Fietkau
<nbd@openwrt.org>
Sun, 11 Oct 2009 02:42:22 +0000
(
02:42
+0000)
committer
Felix Fietkau
<nbd@openwrt.org>
Sun, 11 Oct 2009 02:42:22 +0000
(
02:42
+0000)
SVN-Revision: 18028
package/firewall/files/uci_firewall.sh
patch
|
blob
|
history
diff --git
a/package/firewall/files/uci_firewall.sh
b/package/firewall/files/uci_firewall.sh
index 64e052fcb2e553ced338de127ac892d5a95ce4ef..67662c1ace89e23cc99c7d0ab465dacce7559b5d 100755
(executable)
--- a/
package/firewall/files/uci_firewall.sh
+++ b/
package/firewall/files/uci_firewall.sh
@@
-56,8
+56,6
@@
create_zone() {
$IPTABLES -N zone_$1_DROP
$IPTABLES -N zone_$1_REJECT
$IPTABLES -N zone_$1_forward
$IPTABLES -N zone_$1_DROP
$IPTABLES -N zone_$1_REJECT
$IPTABLES -N zone_$1_forward
- [ "$5" ] && $IPTABLES -A zone_$1_forward -j zone_$1_$5
- [ "$3" ] && $IPTABLES -A zone_$1 -j zone_$1_$3
[ "$4" ] && $IPTABLES -A output -j zone_$1_$4
$IPTABLES -N zone_$1_nat -t nat
$IPTABLES -N zone_$1_prerouting -t nat
[ "$4" ] && $IPTABLES -A output -j zone_$1_$4
$IPTABLES -N zone_$1_nat -t nat
$IPTABLES -N zone_$1_prerouting -t nat
@@
-66,6
+64,7
@@
create_zone() {
[ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX
}
[ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX
}
+
addif() {
local network="$1"
local ifname="$2"
addif() {
local network="$1"
local ifname="$2"
@@
-219,6
+218,22
@@
fw_defaults() {
fw_set_chain_policy FORWARD "$DEF_FORWARD"
}
fw_set_chain_policy FORWARD "$DEF_FORWARD"
}
+fw_zone_defaults() {
+ local name
+ local network
+ local masq
+
+ config_get name $1 name
+ config_get network $1 network
+ config_get_bool masq $1 masq "0"
+ config_get_bool conntrack $1 conntrack "0"
+ config_get_bool mtu_fix $1 mtu_fix 0
+
+ load_policy $1
+ [ "$forward" ] && $IPTABLES -A zone_${name}_forward -j zone_${name}_${forward}
+ [ "$input" ] && $IPTABLES -A zone_${name} -j zone_${name}_${input}
+}
+
fw_zone() {
local name
local network
fw_zone() {
local name
local network
@@
-446,6
+461,8
@@
fw_init() {
config_foreach fw_rule rule
echo "Loading includes"
config_foreach fw_include include
config_foreach fw_rule rule
echo "Loading includes"
config_foreach fw_include include
+ echo "Loading zone defaults"
+ config_foreach fw_zone_defaults zone
uci_set_state firewall core loaded 1
config_foreach fw_check_notrack zone
unset CONFIG_APPEND
uci_set_state firewall core loaded 1
config_foreach fw_check_notrack zone
unset CONFIG_APPEND