firewall: - defer firewall start until the first interface is brought up by hotplug, fixes race conditions on slow devices - create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif - start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off - get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state - bump package revision to r2

SVN-Revision: 21486

1 files changed, 12 insertions, 3 deletions

diff --git a/package/firewall/files/firewall.hotplug b/package/firewall/files/firewall.hotplug
index e9d167b79d..bc75e42d1d 100644
--- a/package/firewall/files/firewall.hotplug
+++ b/package/firewall/files/firewall.hotplug
@@ -9,11 +9,20 @@
 
 . /lib/firewall/core.sh
 fw_init
-fw_is_loaded || exit 0
+
+# Wait for firewall if startup is in progress
+lock -w /var/lock/firewall.start
 
 case "$ACTION" in
 	ifup)
-		fw_configure_interface "$INTERFACE" add "$DEVICE" ;;
+		fw_is_loaded && {
+			fw_configure_interface "$INTERFACE" add "$DEVICE" &
+		} || {
+			/etc/init.d/firewall enabled && fw_start &
+		}
+	;;
 	ifdown)
-		fw_configure_interface "$INTERFACE" del "$DEVICE" ;;
+		fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" &
+	;;
 esac
+