source: trunk/package/firewall/files/lib/core.sh @ 21502

Last change on this file since 21502 was 21502, checked in by jow, 6 years ago

[package] firewall (#7355)

  • partially revert r21486, start firewall on init again
  • skip iface hotplug events if base fw is not up yet
  • get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp)
  • ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event
  • bump package revision
File size: 2.2 KB
Line 
1# Copyright (C) 2009-2010 OpenWrt.org
2
3FW_LIBDIR=${FW_LIBDIR:-/lib/firewall}
4
5. $FW_LIBDIR/fw.sh
6include /lib/network
7
8fw_start() {
9        fw_init
10
11        FW_DEFAULTS_APPLIED=
12
13        fw_is_loaded && {
14                echo "firewall already loaded" >&2
15                exit 1
16        }
17
18        uci_set_state firewall core "" firewall_state
19
20        fw_clear DROP
21
22        fw_callback pre core
23
24        echo "Loading defaults"
25        fw_config_once fw_load_defaults defaults
26
27        echo "Loading zones"
28        config_foreach fw_load_zone zone
29
30        echo "Loading forwardings"
31        config_foreach fw_load_forwarding forwarding
32
33        echo "Loading redirects"
34        config_foreach fw_load_redirect redirect
35
36        echo "Loading rules"
37        config_foreach fw_load_rule rule
38
39        echo "Loading includes"
40        config_foreach fw_load_include include
41
42        [ -n "$FW_NOTRACK_DISABLED" ] && {
43                echo "Optimizing conntrack"
44                config_foreach fw_load_notrack_zone zone
45        }
46
47        echo "Loading interfaces"
48        config_foreach fw_configure_interface interface add
49
50        fw_callback post core
51
52        uci_set_state firewall core loaded 1
53}
54
55fw_stop() {
56        fw_init
57
58        fw_callback pre stop
59
60        fw_clear ACCEPT
61
62        fw_callback post stop
63
64        uci_revert_state firewall
65        config_clear
66
67        local h
68        for h in $FW_HOOKS; do unset $h; done
69
70        unset FW_HOOKS
71        unset FW_INITIALIZED
72}
73
74fw_restart() {
75        fw_stop
76        fw_start
77}
78
79fw_reload() {
80        fw_restart
81}
82
83fw_is_loaded() {
84        local bool=$(uci_get_state firewall.core.loaded)
85        return $((! ${bool:-0}))
86}
87
88
89fw_die() {
90        echo "Error:" "$@" >&2
91        fw_log error "$@"
92        fw_stop
93        exit 1
94}
95
96fw_log() {
97        local level="$1"
98        [ -n "$2" ] || {
99                shift
100                level=notice
101        }
102        logger -t firewall -p user.$level "$@"
103}
104
105
106fw_init() {
107        [ -z "$FW_INITIALIZED" ] || return 0
108
109        . $FW_LIBDIR/config.sh
110
111        scan_interfaces
112        fw_config_append firewall
113
114        local hooks="core stop defaults zone notrack synflood"
115        local file lib hk pp
116        for file in $FW_LIBDIR/core_*.sh; do
117                . $file
118                hk=$(basename $file .sh)
119                hk=${hk#core_}
120                append hooks $hk
121        done
122        for file in $FW_LIBDIR/*.sh; do
123                lib=$(basename $file .sh)
124                lib=${lib##[0-9][0-9]_}
125                case $lib in
126                        core*|fw|config|uci_firewall) continue ;;
127                esac
128                . $file
129                for hk in $hooks; do
130                        for pp in pre post; do
131                                type ${lib}_${pp}_${hk}_cb >/dev/null && {
132                                        append FW_CB_${pp}_${hk} ${lib}
133                                        append FW_HOOKS FW_CB_${pp}_${hk}
134                                }
135                        done
136                done
137        done
138
139        fw_callback post init
140
141        FW_INITIALIZED=1
142        return 0
143}
Note: See TracBrowser for help on using the repository browser.