aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config/firewall
diff options
context:
space:
mode:
authorJohn Crispin <john@openwrt.org>2014-02-18 13:33:47 +0000
committerJohn Crispin <john@openwrt.org>2014-02-18 13:33:47 +0000
commit15ebcfc04e102ccd54f3782a696c01fbde134b4c (patch)
tree096ce8f0b940168e0efcc6d29d679b9174ae3018 /package/network/config/firewall
parentf9f8948c6e8fa8c04a26ad19e94bf47eb970eecd (diff)
downloadupstream-15ebcfc04e102ccd54f3782a696c01fbde134b4c.tar.gz
upstream-15ebcfc04e102ccd54f3782a696c01fbde134b4c.tar.bz2
upstream-15ebcfc04e102ccd54f3782a696c01fbde134b4c.zip
firewall3: update init.d script to make use of procd
add validation data Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 39617
Diffstat (limited to 'package/network/config/firewall')
-rwxr-xr-xpackage/network/config/firewall/files/firewall.init58
1 files changed, 49 insertions, 9 deletions
diff --git a/package/network/config/firewall/files/firewall.init b/package/network/config/firewall/files/firewall.init
index 64e3a8c12b..8abbf68254 100755
--- a/package/network/config/firewall/files/firewall.init
+++ b/package/network/config/firewall/files/firewall.init
@@ -1,25 +1,65 @@
#!/bin/sh /etc/rc.common
START=19
+USE_PROCD=1
+QUIET=""
-boot() {
- # Be silent on boot, firewall might be started by hotplug already,
- # so don't complain in syslog.
- fw3 -q start
+validate_firewall_redirect()
+{
+ uci_validate_section firewall redirect "${1}" \
+ 'proto:or("tcp", "udp", "tcpudp")' \
+ 'src:string' \
+ 'src_ip:ipaddr' \
+ 'src_dport:string' \
+ 'dest:string' \
+ 'dest_ip:ipaddr' \
+ 'dest_port:string' \
+ 'target:or("SNAT", "DNAT")'
+
+ return $?
}
-start() {
- fw3 start
+validate_firewall_rule()
+{
+ uci_validate_section firewall rule "${1}" \
+ 'proto:string' \
+ 'src:string' \
+ 'dest:string' \
+ 'src_port:string' \
+ 'dest_port:string' \
+ 'target:string'
+
+ return $?
}
-stop() {
- fw3 flush
+service_triggers() {
+ procd_add_reload_trigger firewall
+
+ procd_open_validate
+ validate_firewall_redirect
+ validate_firewall_rule
+ procd_close_validate
}
restart() {
fw3 restart
}
-reload() {
+start_service() {
+ fw3 ${QUIET} start
+}
+
+stop_service() {
+ fw3 flush
+}
+
+reload_service() {
fw3 reload
}
+
+boot() {
+ # Be silent on boot, firewall might be started by hotplug already,
+ # so don't complain in syslog.
+ QUIET=1
+ start
+}