package/firewall/files/lib/core.sh

   1 # Copyright (C) 2009-2010 OpenWrt.org
   2
   3 FW_LIBDIR=${FW_LIBDIR:-/lib/firewall}
   4
   5 . $FW_LIBDIR/fw.sh
   6 include /lib/network
   7
   8 fw_start() {
   9         fw_init
  10
  11         lock /var/lock/firewall.start
  12
  13         FW_DEFAULTS_APPLIED=
  14
  15         fw_is_loaded && {
  16                 echo "firewall already loaded" >&2
  17                 exit 1
  18         }
  19         uci_set_state firewall core "" firewall_state
  20
  21         fw_clear DROP
  22
  23         fw_callback pre core
  24
  25         echo "Loading defaults"
  26         fw_config_once fw_load_defaults defaults
  27
  28         echo "Loading zones"
  29         config_foreach fw_load_zone zone
  30
  31         echo "Loading forwardings"
  32         config_foreach fw_load_forwarding forwarding
  33
  34         echo "Loading redirects"
  35         config_foreach fw_load_redirect redirect
  36
  37         echo "Loading rules"
  38         config_foreach fw_load_rule rule
  39
  40         echo "Loading includes"
  41         config_foreach fw_load_include include
  42
  43         [ -n "$FW_NOTRACK_DISABLED" ] && {
  44                 echo "Optimizing conntrack"
  45                 config_foreach fw_load_notrack_zone zone
  46         }
  47
  48         echo "Loading interfaces"
  49         config_foreach fw_configure_interface interface add
  50
  51         fw_callback post core
  52
  53         uci_set_state firewall core loaded 1
  54
  55         lock -u /var/lock/firewall.start
  56 }
  57
  58 fw_stop() {
  59         fw_init
  60
  61         fw_callback pre stop
  62
  63         fw_clear ACCEPT
  64
  65         fw_callback post stop
  66
  67         uci_revert_state firewall
  68         config_clear
  69
  70         local h
  71         for h in $FW_HOOKS; do unset $h; done
  72
  73         unset FW_HOOKS
  74         unset FW_INITIALIZED
  75 }
  76
  77 fw_restart() {
  78         fw_stop
  79         fw_start
  80 }
  81
  82 fw_reload() {
  83         fw_restart
  84 }
  85
  86 fw_is_loaded() {
  87         local bool=$(uci -q -P /var/state get firewall.core.loaded)
  88         return $((! ${bool:-0}))
  89 }
  90
  91
  92 fw_die() {
  93         echo "Error:" "$@" >&2
  94         fw_log error "$@"
  95         fw_stop
  96         exit 1
  97 }
  98
  99 fw_log() {
 100         local level="$1"
 101         [ -n "$2" ] || {
 102                 shift
 103                 level=notice
 104         }
 105         logger -t firewall -p user.$level "$@"
 106 }
 107
 108
 109 fw_init() {
 110         [ -z "$FW_INITIALIZED" ] || return 0
 111
 112         . $FW_LIBDIR/config.sh
 113
 114         scan_interfaces
 115         fw_config_append firewall
 116
 117         local hooks="core stop defaults zone notrack synflood"
 118         local file lib hk pp
 119         for file in $FW_LIBDIR/core_*.sh; do
 120                 . $file
 121                 hk=$(basename $file .sh)
 122                 hk=${hk#core_}
 123                 append hooks $hk
 124         done
 125         for file in $FW_LIBDIR/*.sh; do
 126                 lib=$(basename $file .sh)
 127                 lib=${lib##[0-9][0-9]_}
 128                 case $lib in
 129                         core*|fw|config|uci_firewall) continue ;;
 130                 esac
 131                 . $file
 132                 for hk in $hooks; do
 133                         for pp in pre post; do
 134                                 type ${lib}_${pp}_${hk}_cb >/dev/null && {
 135                                         append FW_CB_${pp}_${hk} ${lib}
 136                                         append FW_HOOKS FW_CB_${pp}_${hk}
 137                                 }
 138                         done
 139                 done
 140         done
 141
 142         fw_callback post init
 143
 144         FW_INITIALIZED=1
 145         return 0
 146 }