adds a new uci firewall

- iptbales and netfilter packages need to be rewrapped when we switch to this firewall as default
- there are some examples in the file /etc/config/firewall
- iptables-save/restore are still missing
- hotplug takes care of adding/removing netdevs during runtime
- misisng features ? wishes ? let me know ...



git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12089 3c298f89-4303-0410-b956-a3cf2f4a3e73

1 files changed, 41 insertions, 0 deletions

diff --git a/package/firewall/files/new/20-firewall b/package/firewall/files/new/20-firewall
new file mode 100644
index 0000000000..a8ce17c976
--- /dev/null
+++ b/package/firewall/files/new/20-firewall
@@ -0,0 +1,41 @@
+. /lib/firewall/uci_firewall.sh
+unset ZONE
+config_get ifname $INTERFACE ifname
+INTERFACE=$ifname
+[ "$INTERFACE" == "lo" ] && exit 0
+load_zones() {
+	local name
+	local network
+	config_get name $1 name
+	config_get network $1 network
+	[ -z "$network" ] && return
+	for n in $network; do
+		local ifname
+		config_get ifname $n ifname
+		list_contains ifname $INTERFACE && { 
+			list_contains ZONE $name || ZONE="$ZONE $name"
+		}
+	done
+}
+
+config_foreach load_zones zone
+
+IFACE=$(find_config $INTERFACE)
+[ -n "$IFACE" ] && 
+	list_contains ZONE $IFACE || ZONE="$ZONE $IFACE"
+
+[ ifup = "$ACTION" ] && {
+	for z in $ZONE; do 
+		local loaded
+		config_get loaded core loaded
+		[ -n "$loaded" ] && addif $INTERFACE $z
+	done
+}
+
+[ ifdown = "$ACTION" ] && {
+	for z in $ZONE; do 
+		local up
+		config_get up $z up
+		[ "$up" == "1" ] && delif $INTERFACE $z
+	done
+}