diff options
author | Felix Fietkau <nbd@openwrt.org> | 2009-10-11 02:42:22 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2009-10-11 02:42:22 +0000 |
commit | b83fd240a23033695eb441ebe443e1f3ff3ba319 (patch) | |
tree | 906e7405ec1e5ff5f6c9ee596f8230ac430fef1a /package/firewall/files | |
parent | f108b7c46e8794485c9679d428973cd5c7542015 (diff) | |
download | master-187ad058-b83fd240a23033695eb441ebe443e1f3ff3ba319.tar.gz master-187ad058-b83fd240a23033695eb441ebe443e1f3ff3ba319.tar.bz2 master-187ad058-b83fd240a23033695eb441ebe443e1f3ff3ba319.zip |
firewall: fix zone defaults
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18028 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/firewall/files')
-rwxr-xr-x | package/firewall/files/uci_firewall.sh | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh index 64e052fcb2..67662c1ace 100755 --- a/package/firewall/files/uci_firewall.sh +++ b/package/firewall/files/uci_firewall.sh @@ -56,8 +56,6 @@ create_zone() { $IPTABLES -N zone_$1_DROP $IPTABLES -N zone_$1_REJECT $IPTABLES -N zone_$1_forward - [ "$5" ] && $IPTABLES -A zone_$1_forward -j zone_$1_$5 - [ "$3" ] && $IPTABLES -A zone_$1 -j zone_$1_$3 [ "$4" ] && $IPTABLES -A output -j zone_$1_$4 $IPTABLES -N zone_$1_nat -t nat $IPTABLES -N zone_$1_prerouting -t nat @@ -66,6 +64,7 @@ create_zone() { [ "$7" == "1" ] && $IPTABLES -I FORWARD 1 -j zone_$1_MSSFIX } + addif() { local network="$1" local ifname="$2" @@ -219,6 +218,22 @@ fw_defaults() { fw_set_chain_policy FORWARD "$DEF_FORWARD" } +fw_zone_defaults() { + local name + local network + local masq + + config_get name $1 name + config_get network $1 network + config_get_bool masq $1 masq "0" + config_get_bool conntrack $1 conntrack "0" + config_get_bool mtu_fix $1 mtu_fix 0 + + load_policy $1 + [ "$forward" ] && $IPTABLES -A zone_${name}_forward -j zone_${name}_${forward} + [ "$input" ] && $IPTABLES -A zone_${name} -j zone_${name}_${input} +} + fw_zone() { local name local network @@ -446,6 +461,8 @@ fw_init() { config_foreach fw_rule rule echo "Loading includes" config_foreach fw_include include + echo "Loading zone defaults" + config_foreach fw_zone_defaults zone uci_set_state firewall core loaded 1 config_foreach fw_check_notrack zone unset CONFIG_APPEND |