source: trunk/package/firewall/files/lib/core.sh @ 21286

Last change on this file since 21286 was 21286, checked in by jow, 7 years ago

[package] firewall:

  • replace uci firewall with a modular dual stack implementation developed by Malte S. Stretz
  • bump version to 2
File size: 2.1 KB
Line 
1# Copyright (C) 2009-2010 OpenWrt.org
2
3FW_LIBDIR=${FW_LIBDIR:-/lib/firewall}
4
5. $FW_LIBDIR/fw.sh
6include /lib/network
7
8fw_start() {
9        fw_init
10
11        FW_DEFAULTS_APPLIED=
12
13        fw_is_loaded && {
14                echo "firewall already loaded" >&2
15                exit 1
16        }
17        uci_set_state firewall core "" firewall_state
18
19        fw_clear DROP
20
21        fw_callback pre core
22
23        echo "Loading defaults"
24        fw_config_once fw_load_defaults defaults
25
26        echo "Loading zones"
27        config_foreach fw_load_zone zone
28
29        echo "Loading forwardings"
30        config_foreach fw_load_forwarding forwarding
31
32        echo "Loading redirects"
33        config_foreach fw_load_redirect redirect
34
35        echo "Loading rules"
36        config_foreach fw_load_rule rule
37
38        echo "Loading includes"
39        config_foreach fw_load_include include
40
41        [ -n "$FW_NOTRACK_DISABLED" ] && {
42                echo "Optimizing conntrack"
43                config_foreach fw_load_notrack_zone zone
44        }
45
46        echo "Loading interfaces"
47        config_foreach fw_configure_interface interface add
48
49        fw_callback post core
50
51        uci_set_state firewall core loaded 1
52}
53
54fw_stop() {
55        fw_init
56
57        fw_callback pre stop
58
59        fw_clear ACCEPT
60
61        fw_callback post stop
62
63        uci_revert_state firewall
64        config_clear
65        unset FW_INITIALIZED
66}
67
68fw_restart() {
69        fw_stop
70        fw_start
71}
72
73fw_reload() {
74        fw_restart
75}
76
77fw_is_loaded() {
78        local bool
79        config_get_bool bool core loaded 0
80        return $((! $bool))
81}
82
83
84fw_die() {
85        echo "Error:" "$@" >&2
86        fw_log error "$@"
87        fw_stop
88        exit 1
89}
90
91fw_log() {
92        local level="$1"
93        [ -n "$2" ] || {
94                shift
95                level=notice
96        }
97        logger -t firewall -p user.$level "$@"
98}
99
100
101fw_init() {
102        [ -z "$FW_INITIALIZED" ] || return 0
103
104        . $FW_LIBDIR/config.sh
105
106        scan_interfaces
107        fw_config_append firewall
108
109        local hooks="core stop defaults zone notrack synflood"
110        local file lib hk pp
111        for file in $FW_LIBDIR/core_*.sh; do
112                . $file
113                hk=$(basename $file .sh)
114                hk=${hk#core_}
115                append hooks $hk
116        done
117        for file in $FW_LIBDIR/*.sh; do
118                lib=$(basename $file .sh)
119                lib=${lib##[0-9][0-9]_}
120                case $lib in
121                        core*|fw|config|uci_firewall) continue ;;
122                esac
123                . $file
124                for hk in $hooks; do
125                        for pp in pre post; do
126                                type ${lib}_${pp}_${hk}_cb >/dev/null &&
127                                        append FW_CB_${pp}_${hk} ${lib}
128                        done
129                done
130        done
131
132        fw_callback post init
133
134        FW_INITIALIZED=1
135        return 0
136}
Note: See TracBrowser for help on using the repository browser.