diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2010-09-14 23:11:12 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2010-09-14 23:11:12 +0000 |
commit | 1fe50da4bb3a207aff8f8d792d39a11f854edf13 (patch) | |
tree | 0ee86490ae41a771254fd4dee1673472ada487a0 /package/firewall/files | |
parent | fc7fbe83490df97271a50ded051aa312a6260e51 (diff) | |
download | upstream-1fe50da4bb3a207aff8f8d792d39a11f854edf13.tar.gz upstream-1fe50da4bb3a207aff8f8d792d39a11f854edf13.tar.bz2 upstream-1fe50da4bb3a207aff8f8d792d39a11f854edf13.zip |
firewall: deliver remove hotplug events for all active zones/networks when restarting the firewall
SVN-Revision: 23062
Diffstat (limited to 'package/firewall/files')
-rw-r--r-- | package/firewall/files/lib/core.sh | 14 | ||||
-rw-r--r-- | package/firewall/files/lib/core_interface.sh | 29 |
2 files changed, 41 insertions, 2 deletions
diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh index 03a80c6f6c..2178e0505c 100644 --- a/package/firewall/files/lib/core.sh +++ b/package/firewall/files/lib/core.sh @@ -49,6 +49,7 @@ fw_start() { fw_callback post core + uci_set_state firewall core zones "$FW_ZONES" uci_set_state firewall core loaded 1 } @@ -57,6 +58,19 @@ fw_stop() { fw_callback pre stop + local old_zones z + config_get old_zones core zones + for z in $old_zones; do + local old_networks n i + config_get old_networks core "${z}_networks" + for n in $old_networks; do + config_get i core "${n}_ifname" + [ -n "$i" ] && env -i ACTION=remove ZONE="$z" \ + INTERFACE="$n" DEVICE="$i" \ + /sbin/hotplug-call firewall + done + done + fw_clear ACCEPT fw_callback post stop diff --git a/package/firewall/files/lib/core_interface.sh b/package/firewall/files/lib/core_interface.sh index 889dcc9047..1a33cde1ec 100644 --- a/package/firewall/files/lib/core_interface.sh +++ b/package/firewall/files/lib/core_interface.sh @@ -1,5 +1,24 @@ # Copyright (C) 2009-2010 OpenWrt.org +fw__uci_state_add() { + local var="$1" + local item="$2" + + local val="$(uci_get_state firewall core $var)" + uci_set_state firewall core $var "${val:+$val }$item" +} + +fw__uci_state_del() { + local var="$1" + local item="$2" + + local val=" $(uci_get_state firewall core $var) " + val="${val// $item / }" + val="${val# }" + val="${val% }" + uci_set_state firewall core $var "$val" +} + fw_configure_interface() { local iface=$1 local action=$2 @@ -83,7 +102,10 @@ fw_configure_interface() { fw__do_rules del $z $old_ifname $n done - [ -n "$old_subnets" ] || ACTION=remove ZONE="$z" INTERFACE="$iface" DEVICE="$ifname" /sbin/hotplug-call firewall + [ -n "$old_subnets" ] || { + fw__uci_state_del "${z}_networks" "$iface" + env -i ACTION=remove ZONE="$z" INTERFACE="$iface" DEVICE="$ifname" /sbin/hotplug-call firewall + } done local old_aliases @@ -139,7 +161,10 @@ fw_configure_interface() { fw__do_rules add ${zone_name} "$ifname" "$aliasnet" append new_zones $zone_name - [ -n "$aliasnet" ] || ACTION=add ZONE="$zone_name" INTERFACE="$iface" DEVICE="$ifname" /sbin/hotplug-call firewall + [ -n "$aliasnet" ] || { + fw__uci_state_add "${zone_name}_networks" "${zone_network}" + env -i ACTION=add ZONE="$zone_name" INTERFACE="$iface" DEVICE="$ifname" /sbin/hotplug-call firewall + } } config_foreach load_zone zone |