package/firewall/files/lib/core.sh

   1 # Copyright (C) 2009-2010 OpenWrt.org
   2
   3 FW_LIBDIR=${FW_LIBDIR:-/lib/firewall}
   4
   5 . $FW_LIBDIR/fw.sh
   6 include /lib/network
   7
   8 fw_start() {
   9         fw_init
  10
  11         lock /var/lock/firewall.start
  12
  13         FW_DEFAULTS_APPLIED=
  14
  15         fw_is_loaded && {
  16                 echo "firewall already loaded" >&2
  17                 exit 1
  18         }
  19         uci_set_state firewall core "" firewall_state
  20
  21         fw_clear DROP
  22
  23         fw_callback pre core
  24
  25         echo "Loading defaults"
  26         fw_config_once fw_load_defaults defaults
  27
  28         echo "Loading zones"
  29         config_foreach fw_load_zone zone
  30
  31         echo "Loading forwardings"
  32         config_foreach fw_load_forwarding forwarding
  33
  34         echo "Loading redirects"
  35         config_foreach fw_load_redirect redirect
  36
  37         echo "Loading rules"
  38         config_foreach fw_load_rule rule
  39
  40         echo "Loading includes"
  41         config_foreach fw_load_include include
  42
  43         [ -n "$FW_NOTRACK_DISABLED" ] && {
  44                 echo "Optimizing conntrack"
  45                 config_foreach fw_load_notrack_zone zone
  46         }
  47
  48         echo "Loading interfaces"
  49         config_foreach fw_configure_interface interface add
  50
  51         fw_callback post core
  52
  53         uci_set_state firewall core loaded 1
  54
  55         lock -u /var/lock/firewall.start
  56 }
  57
  58 fw_stop() {
  59         fw_init
  60
  61         fw_callback pre stop
  62
  63         fw_clear ACCEPT
  64
  65         fw_callback post stop
  66
  67         uci_revert_state firewall
  68         config_clear
  69         unset FW_INITIALIZED
  70 }
  71
  72 fw_restart() {
  73         fw_stop
  74         fw_start
  75 }
  76
  77 fw_reload() {
  78         fw_restart
  79 }
  80
  81 fw_is_loaded() {
  82         local bool=$(uci -q -P /var/state get firewall.core.loaded)
  83         return $((! ${bool:-0}))
  84 }
  85
  86
  87 fw_die() {
  88         echo "Error:" "$@" >&2
  89         fw_log error "$@"
  90         fw_stop
  91         exit 1
  92 }
  93
  94 fw_log() {
  95         local level="$1"
  96         [ -n "$2" ] || {
  97                 shift
  98                 level=notice
  99         }
 100         logger -t firewall -p user.$level "$@"
 101 }
 102
 103
 104 fw_init() {
 105         [ -z "$FW_INITIALIZED" ] || return 0
 106
 107         . $FW_LIBDIR/config.sh
 108
 109         scan_interfaces
 110         fw_config_append firewall
 111
 112         local hooks="core stop defaults zone notrack synflood"
 113         local file lib hk pp
 114         for file in $FW_LIBDIR/core_*.sh; do
 115                 . $file
 116                 hk=$(basename $file .sh)
 117                 hk=${hk#core_}
 118                 append hooks $hk
 119         done
 120         for file in $FW_LIBDIR/*.sh; do
 121                 lib=$(basename $file .sh)
 122                 lib=${lib##[0-9][0-9]_}
 123                 case $lib in
 124                         core*|fw|config|uci_firewall) continue ;;
 125                 esac
 126                 . $file
 127                 for hk in $hooks; do
 128                         for pp in pre post; do
 129                                 type ${lib}_${pp}_${hk}_cb >/dev/null &&
 130                                         append FW_CB_${pp}_${hk} ${lib}
 131                         done
 132                 done
 133         done
 134
 135         fw_callback post init
 136
 137         FW_INITIALIZED=1
 138         return 0
 139 }