1 # Copyright (C) 2009-2010 OpenWrt.org
3 fw_configure_interface
() {
8 [ "$action" == "add" ] && {
9 local status
=$
(uci_get_state network
"$iface" up
0)
10 [ "$status" == 1 ] ||
return 0
13 [ -n "$ifname" ] || ifname
=$
(uci_get_state network
"$iface" ifname
"$iface")
14 [ "$ifname" == "lo" ] && return 0
16 fw_callback pre interface
23 fw
$action i f
${chain}_ACCEPT ACCEPT ^
{ -o "$ifname" }
24 fw
$action i f
${chain}_ACCEPT ACCEPT ^
{ -i "$ifname" }
25 fw
$action i f
${chain}_DROP DROP ^
{ -o "$ifname" }
26 fw
$action i f
${chain}_DROP DROP ^
{ -i "$ifname" }
27 fw
$action i f
${chain}_REJECT reject ^
{ -o "$ifname" }
28 fw
$action i f
${chain}_REJECT reject ^
{ -i "$ifname" }
30 fw
$action i n
${chain}_nat MASQUERADE ^
{ -o "$ifname" }
31 fw
$action i f
${chain}_MSSFIX TCPMSS ^
{ -o "$ifname" -p tcp
--tcp-flags SYN
,RST SYN
--clamp-mss-to-pmtu }
33 fw
$action i f input
${chain} $
{ -i "$ifname" }
34 fw
$action i f forward
${chain}_forward $
{ -i "$ifname" }
35 fw
$action i n PREROUTING
${chain}_prerouting ^
{ -i "$ifname" }
36 fw
$action i r PREROUTING
${chain}_notrack ^
{ -i "$ifname" }
39 local old_zones old_ifname
40 config_get old_zones core
"${iface}_zone"
41 [ -n "$old_zones" ] && {
42 config_get old_ifname core
"${iface}_ifname"
43 for z
in $old_zones; do
44 fw_log info
"removing $iface ($old_ifname) from zone $z"
45 fw__do_rules del zone_
$z $old_ifname
47 ACTION
=remove ZONE
="$z" INTERFACE
="$iface" DEVICE
="$ifname" /sbin
/hotplug-call firewall
49 uci_revert_state firewall core
"${iface}_zone"
50 uci_revert_state firewall core
"${iface}_ifname"
52 [ "$action" == del
] && return
56 fw_config_get_zone
"$1"
57 list_contains zone_network
"$iface" ||
return
59 fw_log info
"adding $iface ($ifname) to zone $zone_name"
60 fw__do_rules add zone_
${zone_name} "$ifname"
61 append new_zones
$zone_name
63 ACTION
=add ZONE
="$zone_name" INTERFACE
="$iface" DEVICE
="$ifname" /sbin
/hotplug-call firewall
65 config_foreach load_zone zone
67 uci_set_state firewall core
"${iface}_zone" "$new_zones"
68 uci_set_state firewall core
"${iface}_ifname" "$ifname"
70 fw_sysctl_interface
$ifname
72 fw_callback post interface
75 fw_sysctl_interface
() {
78 sysctl
-w net.ipv4.conf.
${ifname}.accept_redirects
=$FW_ACCEPT_REDIRECTS
79 sysctl
-w net.ipv6.conf.
${ifname}.accept_redirects
=$FW_ACCEPT_REDIRECTS
80 sysctl
-w net.ipv4.conf.
${ifname}.accept_source_route
=$FW_ACCEPT_SRC_ROUTE
81 sysctl
-w net.ipv6.conf.
${ifname}.accept_source_route
=$FW_ACCEPT_SRC_ROUTE
82 } >/dev
/null
2>/dev
/null