diff options
author | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2010-05-01 18:22:01 +0000 |
---|---|---|
committer | jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2010-05-01 18:22:01 +0000 |
commit | e8be3016c98c2e7d81755c4eae34ea3c60f4b3f9 (patch) | |
tree | c2bf3d0e96906797339230fbdb5c75a268fb9f1e /package/firewall/files/lib/core_rule.sh | |
parent | 35989ffd58dc41981d5e12d2e0b369d7ad9f12fc (diff) |
[package] firewall:
- replace uci firewall with a modular dual stack implementation developed by Malte S. Stretz
- bump version to 2
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21286 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/firewall/files/lib/core_rule.sh')
-rw-r--r-- | package/firewall/files/lib/core_rule.sh | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/package/firewall/files/lib/core_rule.sh b/package/firewall/files/lib/core_rule.sh new file mode 100644 index 0000000000..e6a276e5f3 --- /dev/null +++ b/package/firewall/files/lib/core_rule.sh @@ -0,0 +1,66 @@ +# Copyright (C) 2009-2010 OpenWrt.org + +fw_config_get_rule() { + [ "${rule_NAME}" != "$1" ] || return + fw_config_get_section "$1" rule { \ + string _name "$1" \ + string name "" \ + string src "" \ + ipaddr src_ip "" \ + string src_mac "" \ + string src_port "" \ + string dest "" \ + ipaddr dest_ip "" \ + string dest_mac "" \ + string dest_port "" \ + string icmp_type "" \ + string proto "tcpudp" \ + string target "" \ + } || return + [ -n "$rule_name" ] || rule_name=$rule__name + [ "$rule_proto" == "icmp" ] || rule_icmp_type= +} + +fw_load_rule() { + fw_config_get_rule "$1" + + fw_callback pre rule + + rule_src_port=$(fw_get_port_range $rule_src_port) + rule_dest_port=$(fw_get_port_range $rule_dest_port) + + local chain=input + [ -n "$rule_src" ] && { + [ -z "$rule_dest" ] && { + chain=zone_${rule_src} + } || { + chain=zone_${rule_src}_forward + } + } + + local target=$rule_target + [ -z "$target" ] && { + target=REJECT + } + [ -n "$dest" ] && { + target=zone_${rule_dest}_${target} + } + + local rule_pos + eval 'rule_pos=$((++FW__RULE_COUNT_'$chain'))' + + [ "$rule_proto" == "tcpudp" ] && rule_proto="tcp udp" + for rule_proto in $rule_proto; do + fw add I f $chain $target $rule_pos { $rule_src_ip $rule_dest_ip } { \ + ${rule_proto:+-p $rule_proto} \ + ${rule_src_ip:+-s $rule_src_ip} \ + ${rule_src_port:+--sport $rule_src_port} \ + ${rule_src_mac:+-m mac --mac-source $rule_src_mac} \ + ${rule_dest_ip:+-d $rule_dest_ip} \ + ${rule_dest_port:+--dport $rule_dest_port} \ + ${rule_icmp_type:+--icmp-type $rule_icmp_type} \ + } + done + + fw_callback post rule +} |