aboutsummaryrefslogtreecommitdiffstats
path: root/package/firewall/files/lib/core.sh
diff options
context:
space:
mode:
Diffstat (limited to 'package/firewall/files/lib/core.sh')
-rw-r--r--package/firewall/files/lib/core.sh159
1 files changed, 159 insertions, 0 deletions
diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
new file mode 100644
index 000000000..93d4d2e29
--- /dev/null
+++ b/package/firewall/files/lib/core.sh
@@ -0,0 +1,159 @@
+# Copyright (C) 2009-2010 OpenWrt.org
+
+FW_LIBDIR=${FW_LIBDIR:-/lib/firewall}
+
+. $FW_LIBDIR/fw.sh
+include /lib/network
+
+fw_start() {
+ fw_init
+
+ FW_DEFAULTS_APPLIED=
+
+ fw_is_loaded && {
+ echo "firewall already loaded" >&2
+ exit 1
+ }
+
+ uci_set_state firewall core "" firewall_state
+
+ fw_clear DROP
+
+ fw_callback pre core
+
+ echo "Loading defaults"
+ fw_config_once fw_load_defaults defaults
+
+ echo "Loading zones"
+ config_foreach fw_load_zone zone
+
+ echo "Loading forwardings"
+ config_foreach fw_load_forwarding forwarding
+
+ echo "Loading rules"
+ config_foreach fw_load_rule rule
+
+ echo "Loading redirects"
+ config_foreach fw_load_redirect redirect
+
+ echo "Loading includes"
+ config_foreach fw_load_include include
+
+ [ -z "$FW_NOTRACK_DISABLED" ] && {
+ echo "Optimizing conntrack"
+ config_foreach fw_load_notrack_zone zone
+ }
+
+ echo "Loading interfaces"
+ config_foreach fw_configure_interface interface add
+
+ fw_callback post core
+
+ uci_set_state firewall core zones "$FW_ZONES"
+ uci_set_state firewall core loaded 1
+}
+
+fw_stop() {
+ fw_init
+
+ fw_callback pre stop
+
+ local z n i
+ config_get z core zones
+ for z in $z; do
+ config_get n core "${z}_networks"
+ for n in $n; do
+ config_get i core "${n}_ifname"
+ [ -n "$i" ] && env -i ACTION=remove ZONE="$z" \
+ INTERFACE="$n" DEVICE="$i" /sbin/hotplug-call firewall
+ done
+
+ config_get i core "${z}_tcpmss"
+ [ "$i" == 1 ] && {
+ fw del i m FORWARD zone_${z}_MSSFIX
+ fw del i m zone_${z}_MSSFIX
+ }
+ done
+
+ fw_clear ACCEPT
+
+ fw_callback post stop
+
+ uci_revert_state firewall
+ config_clear
+
+ local h
+ for h in $FW_HOOKS; do unset $h; done
+
+ unset FW_HOOKS
+ unset FW_INITIALIZED
+}
+
+fw_restart() {
+ fw_stop
+ fw_start
+}
+
+fw_reload() {
+ fw_restart
+}
+
+fw_is_loaded() {
+ local bool=$(uci_get_state firewall.core.loaded)
+ return $((! ${bool:-0}))
+}
+
+
+fw_die() {
+ echo "Error:" "$@" >&2
+ fw_log error "$@"
+ fw_stop
+ exit 1
+}
+
+fw_log() {
+ local level="$1"
+ [ -n "$2" ] && shift || level=notice
+ [ "$level" != error ] || echo "Error: $@" >&2
+ logger -t firewall -p user.$level "$@"
+}
+
+
+fw_init() {
+ [ -z "$FW_INITIALIZED" ] || return 0
+
+ . $FW_LIBDIR/config.sh
+
+ scan_interfaces
+ fw_config_append firewall
+
+ local hooks="core stop defaults zone notrack synflood"
+ local file lib hk pp
+ for file in $FW_LIBDIR/core_*.sh; do
+ . $file
+ hk=$(basename $file .sh)
+ hk=${hk#core_}
+ append hooks $hk
+ done
+ for file in $FW_LIBDIR/*.sh; do
+ lib=$(basename $file .sh)
+ lib=${lib##[0-9][0-9]_}
+ case $lib in
+ core*|fw|config|uci_firewall) continue ;;
+ esac
+ . $file
+ for hk in $hooks; do
+ for pp in pre post; do
+ type ${lib}_${pp}_${hk}_cb >/dev/null && {
+ append FW_CB_${pp}_${hk} ${lib}
+ append FW_HOOKS FW_CB_${pp}_${hk}
+ }
+ done
+ done
+ done
+
+ fw_callback post init
+
+ FW_INITIALIZED=1
+ return 0
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-06 03:18:05 +0000