package/firewall/files/lib/core.sh

   1 # Copyright (C) 2009-2010 OpenWrt.org
   2
   3 FW_LIBDIR=${FW_LIBDIR:-/lib/firewall}
   4
   5 . $FW_LIBDIR/fw.sh
   6 include /lib/network
   7
   8 fw_start() {
   9         fw_init
  10
  11         FW_DEFAULTS_APPLIED=
  12
  13         fw_is_loaded && {
  14                 echo "firewall already loaded" >&2
  15                 exit 1
  16         }
  17
  18         lock /var/lock/firewall.start
  19
  20         uci_set_state firewall core "" firewall_state
  21
  22         fw_clear DROP
  23
  24         fw_callback pre core
  25
  26         echo "Loading defaults"
  27         fw_config_once fw_load_defaults defaults
  28
  29         echo "Loading zones"
  30         config_foreach fw_load_zone zone
  31
  32         echo "Loading forwardings"
  33         config_foreach fw_load_forwarding forwarding
  34
  35         echo "Loading redirects"
  36         config_foreach fw_load_redirect redirect
  37
  38         echo "Loading rules"
  39         config_foreach fw_load_rule rule
  40
  41         echo "Loading includes"
  42         config_foreach fw_load_include include
  43
  44         [ -n "$FW_NOTRACK_DISABLED" ] && {
  45                 echo "Optimizing conntrack"
  46                 config_foreach fw_load_notrack_zone zone
  47         }
  48
  49         echo "Loading interfaces"
  50         config_foreach fw_configure_interface interface add
  51
  52         fw_callback post core
  53
  54         uci_set_state firewall core loaded 1
  55
  56         lock -u /var/lock/firewall.start
  57 }
  58
  59 fw_stop() {
  60         fw_init
  61
  62         fw_callback pre stop
  63
  64         fw_clear ACCEPT
  65
  66         fw_callback post stop
  67
  68         uci_revert_state firewall
  69         config_clear
  70
  71         local h
  72         for h in $FW_HOOKS; do unset $h; done
  73
  74         unset FW_HOOKS
  75         unset FW_INITIALIZED
  76 }
  77
  78 fw_restart() {
  79         fw_stop
  80         fw_start
  81 }
  82
  83 fw_reload() {
  84         fw_restart
  85 }
  86
  87 fw_is_loaded() {
  88         local bool=$(uci_get_state firewall.core.loaded)
  89         return $((! ${bool:-0}))
  90 }
  91
  92
  93 fw_die() {
  94         echo "Error:" "$@" >&2
  95         fw_log error "$@"
  96         fw_stop
  97         lock -u /var/lock/firewall.start
  98         exit 1
  99 }
 100
 101 fw_log() {
 102         local level="$1"
 103         [ -n "$2" ] || {
 104                 shift
 105                 level=notice
 106         }
 107         logger -t firewall -p user.$level "$@"
 108 }
 109
 110
 111 fw_init() {
 112         [ -z "$FW_INITIALIZED" ] || return 0
 113
 114         . $FW_LIBDIR/config.sh
 115
 116         scan_interfaces
 117         fw_config_append firewall
 118
 119         local hooks="core stop defaults zone notrack synflood"
 120         local file lib hk pp
 121         for file in $FW_LIBDIR/core_*.sh; do
 122                 . $file
 123                 hk=$(basename $file .sh)
 124                 hk=${hk#core_}
 125                 append hooks $hk
 126         done
 127         for file in $FW_LIBDIR/*.sh; do
 128                 lib=$(basename $file .sh)
 129                 lib=${lib##[0-9][0-9]_}
 130                 case $lib in
 131                         core*|fw|config|uci_firewall) continue ;;
 132                 esac
 133                 . $file
 134                 for hk in $hooks; do
 135                         for pp in pre post; do
 136                                 type ${lib}_${pp}_${hk}_cb >/dev/null && {
 137                                         append FW_CB_${pp}_${hk} ${lib}
 138                                         append FW_HOOKS FW_CB_${pp}_${hk}
 139                                 }
 140                         done
 141                 done
 142         done
 143
 144         fw_callback post init
 145
 146         FW_INITIALIZED=1
 147         return 0
 148 }