source: packages/libs/savedynamic/files/savedynamic.sh @ 21368

Last change on this file since 21368 was 21368, checked in by cshore, 7 years ago

packages: libs/savedynamic: Add package that uses new modular firewall to save chains with dynamically generates rules from packages such as miniupnpd and strongswan in order that they might be preserved across a firewall restart (but not a router reboot).

File size: 1.8 KB
Line 
1#!/bin/sh
2
3. /etc/functions.sh
4
5savedynamic_print_table_chain() {
6        local table="$1"
7        local chain="$2"
8        local fsave="$3"
9        local fsavetmp="$fsave"".tmp"
10        local next_table_line
11        local cur_table_line
12        local table_line
13        table_line="$(($(grep -n "^*$table" "$fsave" | cut -f1 -d: ) + 1))"
14        tail -n+$table_line $fsave >"$fsavetmp"
15        for cur_table_line in $(grep -n "^*" "$fsavetmp"); do
16                [ -z "$next_table_line" ] && {
17                        local lineno="$(echo $cur_table_line | cut -f1 -d:)"
18                        [ -n "$lineno" ] && [ "$lineno" -gt $(($table_line - 1)) ] && {
19                                next_table_line=$lineno
20                        }
21                }
22        done
23        [ -z "$next_table_line" ] && {
24                next_table_line="$(cat $fsavetmp|wc -l)"
25        }
26        next_table_line=$(($next_table_line - 1))
27        head -n $next_table_line "$fsave.tmp" | grep $chain | grep -Ev "^:$chain" 
28        rm -f "$fsavetmp"
29}
30
31savedynamic_save_fw_chain() {
32        local chain
33        local table
34        local fsave="/tmp/.firewall/save"
35
36        config_get chain $1 chain
37        config_get table $1 table filter
38        [ -z "$chain" ] && return 0
39        mkdir -p /tmp/.firewall
40        iptables-save >"$fsave"
41        savedynamic_print_table_chain $table $chain "$fsave" > /tmp/.firewall/save-$table-$chain
42
43}
44
45savedynamic_load_fw_chain() {
46        local chain
47        local table
48
49        config_get chain $1 chain
50        config_get table $1 table filter
51        [ -e /tmp/.firewall/save-$table-$chain ] && [ "$(cat /tmp/.firewall/save-$table-$chain | wc -l)" -ge 1 ] && {
52                iptables -t $table -N $chain
53                while read line; do
54                        sh -c "iptables -t $table $line"
55                done < /tmp/.firewall/save-$table-$chain
56                rm /tmp/.firewall/save-$table-$chain
57        }
58}
59
60savedynamic_pre_stop_cb() {
61        echo "Saving dynamic firewall chains"
62        config_load firewall
63
64        config_foreach savedynamic_save_fw_chain save
65}
66
67savedynamic_post_core_cb() {
68        echo "Loading dynamic firewall chains"
69
70        config_load firewall
71        config_foreach savedynamic_load_fw_chain save
72}
Note: See TracBrowser for help on using the repository browser.