From 21bbdc24c397671e68606e846837f28df89a5a23 Mon Sep 17 00:00:00 2001
From: John Crispin <john@openwrt.org>
Date: Mon, 4 Aug 2008 11:51:58 +0000
Subject: adds a new uci firewall - iptbales and netfilter packages need to be
 rewrapped when we switch to this firewall as default - there are some
 examples in the file /etc/config/firewall - iptables-save/restore are still
 missing - hotplug takes care of adding/removing netdevs during runtime -
 misisng features ? wishes ? let me know ...

SVN-Revision: 12089
---
 package/firewall/files/old/firewall.awk | 50 +++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 package/firewall/files/old/firewall.awk

(limited to 'package/firewall/files/old/firewall.awk')

diff --git a/package/firewall/files/old/firewall.awk b/package/firewall/files/old/firewall.awk
new file mode 100644
index 0000000000..31dbae0f33
--- /dev/null
+++ b/package/firewall/files/old/firewall.awk
@@ -0,0 +1,50 @@
+# Copyright (C) 2006 OpenWrt.org
+
+BEGIN {
+	FS=":"
+}
+
+($1 == "accept") || ($1 == "drop") || ($1 == "forward") {
+	delete _opt
+	str2data($2)
+	if ((_l["proto"] == "") && (_l["sport"] _l["dport"] != "")) {
+		_opt[0] = " -p tcp"
+		_opt[1] = " -p udp"
+	} else {
+		_opt[0] = ""
+	}
+}
+
+($1 == "accept") {
+	target = " -j ACCEPT"
+	for (o in _opt) {
+		print "iptables -t nat -A prerouting_wan" _opt[o] str2ipt($2) target
+		print "iptables        -A input_wan     " _opt[o] str2ipt($2) target
+		print ""
+	}
+}
+
+($1 == "drop") {
+	for (o in _opt) {
+		print "iptables -t nat -A prerouting_wan" _opt[o] str2ipt($2) " -j DROP"
+		print ""
+	}
+}
+
+($1 == "forward") {
+	target = " -j DNAT --to " $3
+	fwopts = ""
+	if ($4 != "") {
+		if ((_l["proto"] == "tcp") || (_l["proto"] == "udp") || (_l["proto"] == "")) {
+			if (_l["proto"] != "") fwopts = " -p " _l["proto"]
+			fwopts = fwopts " --dport " $4
+			target = target ":" $4
+		}
+		else fwopts = ""
+	}
+	for (o in _opt) {
+		print "iptables -t nat -A prerouting_wan" _opt[o] str2ipt($2) target
+		print "iptables        -A forwarding_wan   " _opt[o] " -d " $3 fwopts " -j ACCEPT"
+		print ""
+	}
+}
-- 
cgit v1.2.3