5 MAIN
=/usr
/share
/firewall
4/main.uc
7 STATE
=/var
/run
/fw4.state
10 [ -e /dev
/stdin
] && STDIN
=/dev
/stdin || STDIN
=/proc
/self
/fd
/0
12 [ -t 2 ] && export TTY
=1
15 [ -n "$QUIET" ] ||
echo "$@" >&2
25 [ -f $STATE ] && die
"The fw4 firewall appears to be already loaded."
28 [ ! -f $STATE ] && die
"The fw4 firewall does not appear to be loaded."
30 # Delete state to force reloading ubus state
36 utpl
-S $MAIN | nft
$VERBOSE -f $STDIN
52 if nft list tables inet |
grep -sq "table inet fw4"; then
53 nft delete table inet fw4
65 local dummy family table
66 nft list tables |
while read dummy family table
; do
67 nft delete table
"$family" "$table"
76 flock
-x $LOCK utpl
-S $MAIN | nft
$VERBOSE -f $STDIN
80 ACTION
=$1 OBJECT
=$2 DEVICE
=$3 \
81 flock
-x $LOCK utpl
-S $MAIN
105 stop || die
"The fw4 firewall does not appear to be loaded, try fw4 flush to delete all rules."
111 QUIET
=1 print | nft
${VERBOSE} -c -f $STDIN || die
"The rendered ruleset contains errors, not doing firewall restart."
116 if [ -n "$QUIET" ]; then
121 print | nft
${VERBOSE} -c -f $STDIN && echo "Ruleset passes nftables check."
136 $0 [-v] [-q] start|stop|flush|restart|reload
138 Start, stop, flush, restart or reload the firewall respectively.
141 $0 [-v] [-q] reload-sets
143 Reload the contents of all declared sets but do not touch the
149 Print the rendered ruleset.
154 Test the rendered ruleset using nftables' check mode without
155 applying it to the running system.
158 $0 [-q] network {net}
160 Print the name of the firewall zone covering the given network.
162 Exits with code 1 if the network is not found or if no zone is
168 Print the name of the firewall zone covering the given device.
170 Exits with code 1 if the device is not found or if no zone is
174 $0 [-q] zone {zone} [dev]
176 Print all covered devices of the given zone, optionally restricted
177 to only the given device name.
179 Exits with code 1 if zone is not found or if a device is specified
180 and not covered by the given zone.