firewall (#7355) - partially revert r21486, start firewall on init again - skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision

SVN-Revision: 21502

2 files changed, 5 insertions, 12 deletions

diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
index 5f06ffe3fb..5880cd3acc 100644
--- a/package/firewall/files/lib/core.sh
+++ b/package/firewall/files/lib/core.sh
@@ -15,8 +15,6 @@ fw_start() {
 		exit 1
 	}
 
-	lock /var/lock/firewall.start
-
 	uci_set_state firewall core "" firewall_state
 
 	fw_clear DROP
@@ -52,8 +50,6 @@ fw_start() {
 	fw_callback post core
 
 	uci_set_state firewall core loaded 1
-
-	lock -u /var/lock/firewall.start
 }
 
 fw_stop() {
@@ -94,7 +90,6 @@ fw_die() {
 	echo "Error:" "$@" >&2
 	fw_log error "$@"
 	fw_stop
-	lock -u /var/lock/firewall.start
 	exit 1
 }
 
diff --git a/package/firewall/files/lib/core_interface.sh b/package/firewall/files/lib/core_interface.sh
index 9da6739f0e..9b35c8b2bc 100644
--- a/package/firewall/files/lib/core_interface.sh
+++ b/package/firewall/files/lib/core_interface.sh
@@ -5,14 +5,12 @@ fw_configure_interface() {
 	local action=$2
 	local ifname=$3
 
-	local status;
-	config_get_bool status "$iface" up "0"
-	[ "$status" == 1 ] || return 0
-
-	[ -n "$ifname" ] || {
-		config_get ifname "$iface" ifname
-		ifname=${ifname:-$iface}
+	[ "$action" == "add" ] && {
+		local status=$(uci_get_state network "$iface" up 0)
+		[ "$status" == 1 ] || return 0
 	}
+
+	[ -n "$ifname" ] || ifname=$(uci_get_state network "$iface" ifname "$iface")
 	[ "$ifname" == "lo" ] && return 0
 
 	fw_callback pre interface