aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Crispin <blogic@openwrt.org>2008-08-27 12:03:48 +0000
committerJohn Crispin <blogic@openwrt.org>2008-08-27 12:03:48 +0000
commit48d2b4210f963cfafac6cb99f6c7810421ff1603 (patch)
tree265a91bab1cf30b7008f5c2ef73278ac050bb1e2
parent3f7faf2347632e97dc9880c64f60558179a24915 (diff)
downloadmaster-187ad058-48d2b4210f963cfafac6cb99f6c7810421ff1603.tar.gz
master-187ad058-48d2b4210f963cfafac6cb99f6c7810421ff1603.tar.bz2
master-187ad058-48d2b4210f963cfafac6cb99f6c7810421ff1603.zip
adds 5 new chains to the uci firewall that can be used to hook custom rules
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12395 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rwxr-xr-xpackage/firewall/files/uci_firewall.sh17
1 files changed, 16 insertions, 1 deletions
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 99663c6771..f6e82bcb69 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -261,6 +261,19 @@ fw_addif() {
(ACTION="ifup" INTERFACE="$1" . /etc/hotplug.d/iface/20-firewall)
}
+fw_custom_chains() {
+ $IPTABLES -N input_rule
+ $IPTABLES -N output_rule
+ $IPTABLES -N forward_rule
+ $IPTABLES -N prerouting_rule -t nat
+ $IPTABLES -N postrouting_rule -t nat
+ $IPTABLES -A INPUT -j input_rule
+ $IPTABLES -A OUTPUT -j output_rule
+ $IPTABLES -A FORWARD -j forward_rule
+ $IPTABLES -A PREROUTING -t nat -j prerouting_rule
+ $IPTABLES -A POSTROUTING -t nat -j postrouting_rule
+}
+
fw_init() {
echo "Loading defaults"
config_foreach fw_defaults defaults
@@ -274,7 +287,9 @@ fw_init() {
config_foreach fw_redirect redirect
echo "Loading includes"
config_foreach fw_include include
-
+ echo "Adding custom chains"
+ fw_custom_chains
+
uci_set_state firewall core "" firewall_state
uci_set_state firewall core loaded 1
unset CONFIG_APPEND