5 MAIN
=/usr
/share
/firewall
4/main.uc
7 STATE
=/var
/run
/fw4.state
10 [ -t 2 ] && export TTY
=1
13 [ -n "$QUIET" ] ||
echo "$@" >&2
23 [ -f $STATE ] && die
"The fw4 firewall appears to be already loaded."
26 [ ! -f $STATE ] && die
"The fw4 firewall does not appear to be loaded."
28 # Delete state to force reloading ubus state
34 utpl
-S $MAIN | nft
$VERBOSE -f /proc
/self
/fd
/0
47 if nft list tables inet |
grep -sq "table inet fw4"; then
48 nft delete table inet fw4
60 local dummy family table
61 nft list tables |
while read dummy family table
; do
62 nft delete table
"$family" "$table"
71 flock
-x $LOCK utpl
-S $MAIN | nft
$VERBOSE -f /proc
/self
/fd
/0
75 ACTION
=$1 OBJECT
=$2 DEVICE
=$3 \
76 flock
-x $LOCK utpl
-S $MAIN
100 stop || die
"The fw4 firewall does not appear to be loaded, try fw4 flush to delete all rules."
122 $0 [-v] [-q] start|stop|flush|restart|reload
124 Start, stop, flush, restart or reload the firewall respectively.
127 $0 [-v] [-q] reload-sets
129 Reload the contents of all declared sets but do not touch the
135 Print the rendered ruleset.
138 $0 [-q] network {net}
140 Print the name of the firewall zone covering the given network.
142 Exits with code 1 if the network is not found or if no zone is
148 Print the name of the firewall zone covering the given device.
150 Exits with code 1 if the device is not found or if no zone is
154 $0 [-q] zone {zone} [dev]
156 Print all covered devices of the given zone, optionally restricted
157 to only the given device name.
159 Exits with code 1 if zone is not found or if a device is specified
160 and not covered by the given zone.