diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2010-05-19 01:55:46 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2010-05-19 01:55:46 +0000 |
commit | 3ffd27f90558a7df28b983b7b635b62e0480f509 (patch) | |
tree | 7ca748db93d1c3edbfe98483437930668b6a87a1 | |
parent | c6fdffd9324698cf6147fc3c7dce1cb0526c4d16 (diff) | |
download | upstream-3ffd27f90558a7df28b983b7b635b62e0480f509.tar.gz upstream-3ffd27f90558a7df28b983b7b635b62e0480f509.tar.bz2 upstream-3ffd27f90558a7df28b983b7b635b62e0480f509.zip |
firewall: implement disable_ipv6 uci option
SVN-Revision: 21503
-rw-r--r-- | package/firewall/files/lib/core_init.sh | 8 | ||||
-rw-r--r-- | package/firewall/files/lib/fw.sh | 8 |
2 files changed, 11 insertions, 5 deletions
diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh index 82939b9416..2dd989e494 100644 --- a/package/firewall/files/lib/core_init.sh +++ b/package/firewall/files/lib/core_init.sh @@ -16,6 +16,9 @@ FW_DEFAULT_INPUT_POLICY=REJECT FW_DEFAULT_OUTPUT_POLICY=REJECT FW_DEFAULT_FORWARD_POLICY=REJECT +FW_DISABLE_IPV4=0 +FW_DISABLE_IPV6=0 + fw_load_defaults() { fw_config_get_section "$1" defaults { \ @@ -34,6 +37,7 @@ fw_load_defaults() { boolean accept_redirects 0 \ boolean accept_source_route 0 \ boolean custom_chains 1 \ + boolean disable_ipv6 0 \ } || return [ -n "$FW_DEFAULTS_APPLIED" ] && { echo "Error: multiple defaults sections detected" @@ -50,6 +54,8 @@ fw_load_defaults() { FW_ACCEPT_REDIRECTS=$defaults_accept_redirects FW_ACCEPT_SRC_ROUTE=$defaults_accept_source_route + FW_DISABLE_IPV6=$defaults_disable_ipv6 + fw_callback pre defaults # Seems like there are only one sysctl for both IP versions. @@ -96,7 +102,7 @@ fw_load_defaults() { fw add i f forwarding_rule fw add i n prerouting_rule fw add i n postrouting_rule - + fw add i f INPUT input_rule fw add i f OUTPUT output_rule fw add i f FORWARD forwarding_rule diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh index 72aa37c5bf..1dd5227c16 100644 --- a/package/firewall/files/lib/fw.sh +++ b/package/firewall/files/lib/fw.sh @@ -72,7 +72,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> } if [ $tab == '-' ]; then type $app > /dev/null 2> /dev/null fw__rc $(($? & 1)) - return + return fi local mod eval "mod=\$FW_${fam}_${tab}" @@ -85,7 +85,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> } 6) mod=ip6table_${tab} ;; *) mod=. ;; esac - grep "^${mod} " /proc/modules > /dev/null + grep -q "^${mod} " /proc/modules mod=$? export FW_${fam}_${tab}=$mod fw__rc $mod @@ -100,8 +100,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> } local app= local pol= case "$fam" in - 4) app=iptables ;; - 6) app=ip6tables ;; + 4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables || return ;; + 6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;; i) fw__dualip "$@"; return ;; I) fw__autoip "$@"; return ;; e) app=ebtables ;; |