aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2010-05-19 01:55:46 +0000
committerJo-Philipp Wich <jow@openwrt.org>2010-05-19 01:55:46 +0000
commit3ffd27f90558a7df28b983b7b635b62e0480f509 (patch)
tree7ca748db93d1c3edbfe98483437930668b6a87a1
parentc6fdffd9324698cf6147fc3c7dce1cb0526c4d16 (diff)
downloadupstream-3ffd27f90558a7df28b983b7b635b62e0480f509.tar.gz
upstream-3ffd27f90558a7df28b983b7b635b62e0480f509.tar.bz2
upstream-3ffd27f90558a7df28b983b7b635b62e0480f509.zip
firewall: implement disable_ipv6 uci option
SVN-Revision: 21503
-rw-r--r--package/firewall/files/lib/core_init.sh8
-rw-r--r--package/firewall/files/lib/fw.sh8
2 files changed, 11 insertions, 5 deletions
diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh
index 82939b9416..2dd989e494 100644
--- a/package/firewall/files/lib/core_init.sh
+++ b/package/firewall/files/lib/core_init.sh
@@ -16,6 +16,9 @@ FW_DEFAULT_INPUT_POLICY=REJECT
FW_DEFAULT_OUTPUT_POLICY=REJECT
FW_DEFAULT_FORWARD_POLICY=REJECT
+FW_DISABLE_IPV4=0
+FW_DISABLE_IPV6=0
+
fw_load_defaults() {
fw_config_get_section "$1" defaults { \
@@ -34,6 +37,7 @@ fw_load_defaults() {
boolean accept_redirects 0 \
boolean accept_source_route 0 \
boolean custom_chains 1 \
+ boolean disable_ipv6 0 \
} || return
[ -n "$FW_DEFAULTS_APPLIED" ] && {
echo "Error: multiple defaults sections detected"
@@ -50,6 +54,8 @@ fw_load_defaults() {
FW_ACCEPT_REDIRECTS=$defaults_accept_redirects
FW_ACCEPT_SRC_ROUTE=$defaults_accept_source_route
+ FW_DISABLE_IPV6=$defaults_disable_ipv6
+
fw_callback pre defaults
# Seems like there are only one sysctl for both IP versions.
@@ -96,7 +102,7 @@ fw_load_defaults() {
fw add i f forwarding_rule
fw add i n prerouting_rule
fw add i n postrouting_rule
-
+
fw add i f INPUT input_rule
fw add i f OUTPUT output_rule
fw add i f FORWARD forwarding_rule
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index 72aa37c5bf..1dd5227c16 100644
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -72,7 +72,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
if [ $tab == '-' ]; then
type $app > /dev/null 2> /dev/null
fw__rc $(($? & 1))
- return
+ return
fi
local mod
eval "mod=\$FW_${fam}_${tab}"
@@ -85,7 +85,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
6) mod=ip6table_${tab} ;;
*) mod=. ;;
esac
- grep "^${mod} " /proc/modules > /dev/null
+ grep -q "^${mod} " /proc/modules
mod=$?
export FW_${fam}_${tab}=$mod
fw__rc $mod
@@ -100,8 +100,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
local app=
local pol=
case "$fam" in
- 4) app=iptables ;;
- 6) app=ip6tables ;;
+ 4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables || return ;;
+ 6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
i) fw__dualip "$@"; return ;;
I) fw__autoip "$@"; return ;;
e) app=ebtables ;;