firewall: relocate TCPMSS rules into mangle table, add code to selectively clear...

[openwrt/staging/dedeckeh.git] / package / firewall / files / lib / core.sh

diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
index 2178e0505c81267909a879c43f529b9cdd2fe3e7..0297518a5d620d07782786f59c22c84c03271b8f 100644 (file)
--- a/package/firewall/files/lib/core.sh
+++ b/package/firewall/files/lib/core.sh
@@ -58,17 +58,21 @@ fw_stop() {
 
        fw_callback pre stop
 
-       local old_zones z
-       config_get old_zones core zones
-       for z in $old_zones; do
-               local old_networks n i
-               config_get old_networks core "${z}_networks"
-               for n in $old_networks; do
+       local z n i
+       config_get z core zones
+       for z in $z; do
+               config_get n core "${z}_networks"
+               for n in $n; do
                        config_get i core "${n}_ifname"
                        [ -n "$i" ] && env -i ACTION=remove ZONE="$z" \
-                               INTERFACE="$n" DEVICE="$i" \
-                               /sbin/hotplug-call firewall
+                               INTERFACE="$n" DEVICE="$i" /sbin/hotplug-call firewall
                done
+
+               config_get i core "${z}_tcpmss"
+               [ "$i" == 1 ] && {
+                       fw del i m FORWARD zone_${z}_MSSFIX
+                       fw del i m zone_${z}_MSSFIX
+               }
        done
 
        fw_clear ACCEPT
@@ -109,10 +113,8 @@ fw_die() {
 
 fw_log() {
        local level="$1"
-       [ -n "$2" ] || {
-               shift
-               level=notice
-       }
+       [ -n "$2" ] && shift || level=notice
+       [ "$level" != error ] || echo "Error: $@" >&2
        logger -t firewall -p user.$level "$@"
 }