adds a new uci firewall - iptbales and netfilter packages need to be rewrapped when we switch to this firewall as default - there are some examples in the file /etc/config/firewall - iptables-save/restore are still missing - hotplug takes care of adding/removing netdevs during runtime - misisng features ? wishes ? let me know ...

SVN-Revision: 12089

1 files changed, 50 insertions, 0 deletions

diff --git a/package/firewall/files/old/firewall.awk b/package/firewall/files/old/firewall.awk
new file mode 100644
index 0000000000..31dbae0f33
--- /dev/null
+++ b/package/firewall/files/old/firewall.awk
@@ -0,0 +1,50 @@
+# Copyright (C) 2006 OpenWrt.org
+
+BEGIN {
+	FS=":"
+}
+
+($1 == "accept") || ($1 == "drop") || ($1 == "forward") {
+	delete _opt
+	str2data($2)
+	if ((_l["proto"] == "") && (_l["sport"] _l["dport"] != "")) {
+		_opt[0] = " -p tcp"
+		_opt[1] = " -p udp"
+	} else {
+		_opt[0] = ""
+	}
+}
+
+($1 == "accept") {
+	target = " -j ACCEPT"
+	for (o in _opt) {
+		print "iptables -t nat -A prerouting_wan" _opt[o] str2ipt($2) target
+		print "iptables        -A input_wan     " _opt[o] str2ipt($2) target
+		print ""
+	}
+}
+
+($1 == "drop") {
+	for (o in _opt) {
+		print "iptables -t nat -A prerouting_wan" _opt[o] str2ipt($2) " -j DROP"
+		print ""
+	}
+}
+
+($1 == "forward") {
+	target = " -j DNAT --to " $3
+	fwopts = ""
+	if ($4 != "") {
+		if ((_l["proto"] == "tcp") || (_l["proto"] == "udp") || (_l["proto"] == "")) {
+			if (_l["proto"] != "") fwopts = " -p " _l["proto"]
+			fwopts = fwopts " --dport " $4
+			target = target ":" $4
+		}
+		else fwopts = ""
+	}
+	for (o in _opt) {
+		print "iptables -t nat -A prerouting_wan" _opt[o] str2ipt($2) target
+		print "iptables        -A forwarding_wan   " _opt[o] " -d " $3 fwopts " -j ACCEPT"
+		print ""
+	}
+}