summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>2010-05-19 00:50:14 +0000
committerjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>2010-05-19 00:50:14 +0000
commit389232eaac53f22bd0d6b1bd0b43419b9214a3c5 (patch)
tree1a4037a5def167640cc2674f082661faae384121
parent0b44419f282bff17b9504da361910edc9c6f7758 (diff)
[package] firewall (#7355)
- partially revert r21486, start firewall on init again - skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21502 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/firewall/Makefile2
-rw-r--r--package/firewall/files/firewall.hotplug16
-rwxr-xr-xpackage/firewall/files/firewall.init4
-rw-r--r--package/firewall/files/lib/core.sh5
-rw-r--r--package/firewall/files/lib/core_interface.sh12
5 files changed, 12 insertions, 27 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 3b37c87357..1a7216ce17 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2
-PKG_RELEASE:=2
+PKG_RELEASE:=3
include $(INCLUDE_DIR)/package.mk
diff --git a/package/firewall/files/firewall.hotplug b/package/firewall/files/firewall.hotplug
index bc75e42d1d..ac8469524b 100644
--- a/package/firewall/files/firewall.hotplug
+++ b/package/firewall/files/firewall.hotplug
@@ -3,26 +3,20 @@
# HOTPLUG_TYPE=iface, triggered by various scripts when an interface
# is configured (ACTION=ifup) or deconfigured (ACTION=ifdown). The
# interface is available as INTERFACE, the real device as DEVICE.
-. /etc/functions.sh
[ "$DEVICE" == "lo" ] && exit 0
+. /etc/functions.sh
. /lib/firewall/core.sh
-fw_init
-# Wait for firewall if startup is in progress
-lock -w /var/lock/firewall.start
+fw_init
+fw_is_loaded || exit 0
case "$ACTION" in
ifup)
- fw_is_loaded && {
- fw_configure_interface "$INTERFACE" add "$DEVICE" &
- } || {
- /etc/init.d/firewall enabled && fw_start &
- }
+ fw_configure_interface "$INTERFACE" add "$DEVICE" &
;;
ifdown)
- fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" &
+ fw_configure_interface "$INTERFACE" del "$DEVICE" &
;;
esac
-
diff --git a/package/firewall/files/firewall.init b/package/firewall/files/firewall.init
index d04804d756..a2fd0a0e94 100755
--- a/package/firewall/files/firewall.init
+++ b/package/firewall/files/firewall.init
@@ -1,5 +1,5 @@
#!/bin/sh /etc/rc.common
-# Copyright (C) 2008 OpenWrt.org
+# Copyright (C) 2008-2010 OpenWrt.org
START=45
@@ -10,8 +10,6 @@ fw() {
fw_$1
}
-boot() { :; }
-
start() {
fw start
}
diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
index 5f06ffe3fb..5880cd3acc 100644
--- a/package/firewall/files/lib/core.sh
+++ b/package/firewall/files/lib/core.sh
@@ -15,8 +15,6 @@ fw_start() {
exit 1
}
- lock /var/lock/firewall.start
-
uci_set_state firewall core "" firewall_state
fw_clear DROP
@@ -52,8 +50,6 @@ fw_start() {
fw_callback post core
uci_set_state firewall core loaded 1
-
- lock -u /var/lock/firewall.start
}
fw_stop() {
@@ -94,7 +90,6 @@ fw_die() {
echo "Error:" "$@" >&2
fw_log error "$@"
fw_stop
- lock -u /var/lock/firewall.start
exit 1
}
diff --git a/package/firewall/files/lib/core_interface.sh b/package/firewall/files/lib/core_interface.sh
index 9da6739f0e..9b35c8b2bc 100644
--- a/package/firewall/files/lib/core_interface.sh
+++ b/package/firewall/files/lib/core_interface.sh
@@ -5,14 +5,12 @@ fw_configure_interface() {
local action=$2
local ifname=$3
- local status;
- config_get_bool status "$iface" up "0"
- [ "$status" == 1 ] || return 0
-
- [ -n "$ifname" ] || {
- config_get ifname "$iface" ifname
- ifname=${ifname:-$iface}
+ [ "$action" == "add" ] && {
+ local status=$(uci_get_state network "$iface" up 0)
+ [ "$status" == 1 ] || return 0
}
+
+ [ -n "$ifname" ] || ifname=$(uci_get_state network "$iface" ifname "$iface")
[ "$ifname" == "lo" ] && return 0
fw_callback pre interface