aboutsummaryrefslogtreecommitdiffstats
path: root/package/firewall
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2009-10-11 02:42:22 +0000
committerFelix Fietkau <nbd@openwrt.org>2009-10-11 02:42:22 +0000
commitb83fd240a23033695eb441ebe443e1f3ff3ba319 (patch)
tree906e7405ec1e5ff5f6c9ee596f8230ac430fef1a /package/firewall
parentf108b7c46e8794485c9679d428973cd5c7542015 (diff)
downloadupstream-b83fd240a23033695eb441ebe443e1f3ff3ba319.tar.gz
upstream-b83fd240a23033695eb441ebe443e1f3ff3ba319.tar.bz2
upstream-b83fd240a23033695eb441ebe443e1f3ff3ba319.zip
firewall: fix zone defaults
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18028 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/firewall')
-rwxr-xr-xpackage/firewall/files/uci_firewall.sh21
1 files changed, 19 insertions, 2 deletions
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 64e052fcb2..67662c1ace 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -56,8 +56,6 @@ create_zone() {
$IPTABLES -N zone_$1_DROP
$IPTABLES -N zone_$1_REJECT
$IPTABLES -N zone_$1_forward
- [ "$5" ] && $IPTABLES -A zone_$1_forward -j zone_$1_$5
- [ "$3" ] && $IPTABLES -A zone_$1 -j zone_$1_$3
[ "$4" ] && $IPTABLES -A output -j zone_$1_$4
$IPTABLES -N zone_$1_nat -t nat
$IPTABLES -N zone_$1_prerouting -t nat
@@ -66,6 +64,7 @@ create_zone() {
[ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX
}
+
addif() {
local network="$1"
local ifname="$2"
@@ -219,6 +218,22 @@ fw_defaults() {
fw_set_chain_policy FORWARD "$DEF_FORWARD"
}
+fw_zone_defaults() {
+ local name
+ local network
+ local masq
+
+ config_get name $1 name
+ config_get network $1 network
+ config_get_bool masq $1 masq "0"
+ config_get_bool conntrack $1 conntrack "0"
+ config_get_bool mtu_fix $1 mtu_fix 0
+
+ load_policy $1
+ [ "$forward" ] && $IPTABLES -A zone_${name}_forward -j zone_${name}_${forward}
+ [ "$input" ] && $IPTABLES -A zone_${name} -j zone_${name}_${input}
+}
+
fw_zone() {
local name
local network
@@ -446,6 +461,8 @@ fw_init() {
config_foreach fw_rule rule
echo "Loading includes"
config_foreach fw_include include
+ echo "Loading zone defaults"
+ config_foreach fw_zone_defaults zone
uci_set_state firewall core loaded 1
config_foreach fw_check_notrack zone
unset CONFIG_APPEND