let ipkg fail when a package file to be installed is not found
[openwrt/svn-archive/archive.git] / openwrt / package / iptables / files / firewall.awk
1 BEGIN {
2 print ". /etc/config/network"
3 print "proto=\"$wan_proto\""
4 print "[ -z \"$proto\" -o \"$proto\" = \"none\" ] && exit"
5 print "ifname=\"$wan_ifname\""
6 print "[ -z \"$ifname\" ] && exit"
7 print ""
8 print "iptables -X input_$ifname 2>&- >&-"
9 print "iptables -N input_$ifname"
10 print "iptables -X forward_$ifname 2>&- >&-"
11 print "iptables -N forward_$ifname"
12 print "iptables -t nat -X prerouting_$ifname 2>&- >&-"
13 print "iptables -t nat -N prerouting_$ifname"
14 print ""
15 print "iptables -A input_rule -i \"$ifname\" -j input_$ifname"
16 print "iptables -A forwarding_rule -i \"$ifname\" -j forward_$ifname"
17 print "iptables -t nat -A prerouting_rule -i \"$ifname\" -j prerouting_$ifname"
18 print ""
19 FS=":"
20 }
21
22 ($1 == "accept") || ($1 == "drop") || ($1 == "forward") {
23 delete _opt
24 str2data($2)
25 if ((_l["proto"] == "") && (_l["sport"] _l["dport"] != "")) {
26 _opt[0] = " -p tcp"
27 _opt[1] = " -p udp"
28 } else {
29 _opt[0] = ""
30 }
31 }
32
33 ($1 == "accept") {
34 target = " -j ACCEPT"
35 for (o in _opt) {
36 print "iptables -t nat -A prerouting_$ifname" _opt[o] str2ipt($2) target
37 print "iptables -A input_$ifname " _opt[o] str2ipt($2) target
38 print ""
39 }
40 }
41
42 ($1 == "drop") {
43 for (o in _opt) {
44 print "iptables -t nat -A prerouting_$ifname" _opt[o] str2ipt($2) " -j DROP"
45 print ""
46 }
47 }
48
49 ($1 == "forward") {
50 target = " -j DNAT --to " $3
51 fwopts = ""
52 if ($4 != "") {
53 if ((_l["proto"] == "tcp") || (_l["proto"] == "udp") || (_l["proto"] == "")) {
54 if (_l["proto"] != "") fwopts = " -p " _l["proto"]
55 fwopts = fwopts " --dport " $4
56 target = target ":" $4
57 }
58 else fwopts = ""
59 }
60 for (o in _opt) {
61 print "iptables -t nat -A prerouting_$ifname" _opt[o] str2ipt($2) target
62 print "iptables -A forward_$ifname " _opt[o] " -d " $3 fwopts " -j ACCEPT"
63 print ""
64 }
65 }