diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2010-09-11 20:04:34 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2010-09-11 20:04:34 +0000 |
commit | f3dd8278bbc3cc62c35239a2721144e220b24004 (patch) | |
tree | 275acc3ef643b0347281335c06d6df52970f33cc /package/firewall/files/lib/fw.sh | |
parent | 9499018b9ac80ef74aeac3bffea006855dc11bfe (diff) | |
download | upstream-f3dd8278bbc3cc62c35239a2721144e220b24004.tar.gz upstream-f3dd8278bbc3cc62c35239a2721144e220b24004.tar.bz2 upstream-f3dd8278bbc3cc62c35239a2721144e220b24004.zip |
firewall: - simplify masquerade rule setup - remove various subshell invocations - speedup fw() by not relying on xargs and pipes - rework SNAT support - attach to dest zone, use src_dip/src_dport as snat source
SVN-Revision: 23024
Diffstat (limited to 'package/firewall/files/lib/fw.sh')
-rw-r--r-- | package/firewall/files/lib/fw.sh | 64 |
1 files changed, 35 insertions, 29 deletions
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh index aaf3d14ef0..3549f8aa4c 100644 --- a/package/firewall/files/lib/fw.sh +++ b/package/firewall/files/lib/fw.sh @@ -159,56 +159,62 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> } fi fi + local cmdline="$app --table ${tab} --${cmd} ${chn} ${pol} ${pos} ${tgt:+--jump "$tgt"}" while [ $# -gt 1 ]; do case "$app:$1" in - ip6tables:--icmp-type) echo -n "--icmpv6-type" ;; - ip6tables:icmp|ip6tables:ICMP) echo -n "icmpv6" ;; - iptables:--icmpv6-type) echo -n "--icmp-type" ;; - iptables:icmpv6) echo -n "icmp" ;; - *) echo -n "$1" ;; + ip6tables:--icmp-type) cmdline="$cmdline --icmpv6-type" ;; + ip6tables:icmp|ip6tables:ICMP) cmdline="$cmdline icmpv6" ;; + iptables:--icmpv6-type) cmdline="$cmdline --icmp-type" ;; + iptables:icmpv6) cmdline="$cmdline icmp" ;; + *) cmdline="$cmdline $1" ;; esac - echo -ne "\0" shift - done | xargs -0 ${FW_TRACE:+-t} \ - $app --table ${tab} --${cmd} ${chn} ${pol} ${pos} ${tgt:+--jump "$tgt"} + done + + [ -n "$FW_TRACE" ] && echo $cmdline >&2 + + $cmdline + fw__rc $? } fw_get_port_range() { - local ports=$1 - local delim=${2:-:} - if [ "$3" ]; then - fw_get_port_range "${ports}-${3}" $delim + local _var=$1 + local _ports=$2 + local _delim=${3:-:} + if [ "$4" ]; then + fw_get_port_range $_var "${_ports}-${4}" $_delim return fi - local first=${ports%-*} - local last=${ports#*-} - if [ "$first" != "$last" ]; then - echo "$first$delim$last" + local _first=${_ports%-*} + local _last=${_ports#*-} + if [ "$_first" != "$_last" ]; then + export -- "$_var=$_first$_delim$_last" else - echo "$first" + export -- "$_var=$_first" fi } fw_get_family_mode() { - local hint="$1" - local zone="$2" - local mode="$3" + local _var="$1" + local _hint="$2" + local _zone="$3" + local _mode="$4" - local ipv4 ipv6 + local _ipv4 _ipv6 [ -n "$FW_ZONES4$FW_ZONES6" ] && { - list_contains FW_ZONES4 $zone && ipv4=1 || ipv4=0 - list_contains FW_ZONES6 $zone && ipv6=1 || ipv6=0 + list_contains FW_ZONES4 $_zone && _ipv4=1 || _ipv4=0 + list_contains FW_ZONES6 $_zone && _ipv6=1 || _ipv6=0 } || { - ipv4=$(uci_get_state firewall core ${zone}_ipv4 0) - ipv6=$(uci_get_state firewall core ${zone}_ipv6 0) + _ipv4=$(uci_get_state firewall core ${_zone}_ipv4 0) + _ipv6=$(uci_get_state firewall core ${_zone}_ipv6 0) } - case "$hint:$ipv4:$ipv6" in - *4:1:*|*:1:0) echo G4 ;; - *6:*:1|*:0:1) echo G6 ;; - *) echo $mode ;; + case "$_hint:$_ipv4:$_ipv6" in + *4:1:*|*:1:0) export -n -- "$_var=G4" ;; + *6:*:1|*:0:1) export -n -- "$_var=G6" ;; + *) export -n -- "$_var=$_mode" ;; esac } |