aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Crispin <john@openwrt.org>2008-08-27 12:03:48 +0000
committerJohn Crispin <john@openwrt.org>2008-08-27 12:03:48 +0000
commit517dfd27e557aab371105f8dd7fc108415a13d86 (patch)
treebf5210fca39b0b54f5e1aaf8cb392e7358559fae
parent6b04ad55f9c589bfea33b0817410d05765793aae (diff)
downloadupstream-517dfd27e557aab371105f8dd7fc108415a13d86.tar.gz
upstream-517dfd27e557aab371105f8dd7fc108415a13d86.tar.bz2
upstream-517dfd27e557aab371105f8dd7fc108415a13d86.zip
adds 5 new chains to the uci firewall that can be used to hook custom rules
SVN-Revision: 12395
-rwxr-xr-xpackage/firewall/files/uci_firewall.sh17
1 files changed, 16 insertions, 1 deletions
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 99663c6771..f6e82bcb69 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -261,6 +261,19 @@ fw_addif() {
(ACTION="ifup" INTERFACE="$1" . /etc/hotplug.d/iface/20-firewall)
}
+fw_custom_chains() {
+ $IPTABLES -N input_rule
+ $IPTABLES -N output_rule
+ $IPTABLES -N forward_rule
+ $IPTABLES -N prerouting_rule -t nat
+ $IPTABLES -N postrouting_rule -t nat
+ $IPTABLES -A INPUT -j input_rule
+ $IPTABLES -A OUTPUT -j output_rule
+ $IPTABLES -A FORWARD -j forward_rule
+ $IPTABLES -A PREROUTING -t nat -j prerouting_rule
+ $IPTABLES -A POSTROUTING -t nat -j postrouting_rule
+}
+
fw_init() {
echo "Loading defaults"
config_foreach fw_defaults defaults
@@ -274,7 +287,9 @@ fw_init() {
config_foreach fw_redirect redirect
echo "Loading includes"
config_foreach fw_include include
-
+ echo "Adding custom chains"
+ fw_custom_chains
+
uci_set_state firewall core "" firewall_state
uci_set_state firewall core loaded 1
unset CONFIG_APPEND