igmpproxy: fix creation of firewall rules

The init sccript for igmpproxy uses the option 'network' both as an interface name for fetching the l3_device name and for creating the firewall rules. This only works if the name of the network and firewall zone are identical.

This commit introduces a new option 'zone' for configuring the upstream and downstream firewall zones in order for the init script to create the required firewall rules automatically. When no such options are given, the init script falls back to not creating the firewall rules and the user can opt to create these manually.

Signed-off-by: Jaap Buurman <jaapbuurman@gmail.com>

diff --git a/package/network/services/igmpproxy/Makefile b/package/network/services/igmpproxy/Makefile
index 38efabe1cb6b4576b07db04dadabc166eb0e776e..e335b72d6a3276186ca01691f68642a93212a39f 100644 (file)
--- a/package/network/services/igmpproxy/Makefile
+++ b/package/network/services/igmpproxy/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=igmpproxy
 PKG_VERSION:=0.1
-PKG_RELEASE:=10
+PKG_RELEASE:=11
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/igmpproxy

diff --git a/package/network/services/igmpproxy/files/igmpproxy.config b/package/network/services/igmpproxy/files/igmpproxy.config
index d89013ca987edba6cea28ec7261a0e3f5fb9278a..6230f8aa1d6bb9deb04f3028d136b2d4f6c66a05 100644 (file)
--- a/package/network/services/igmpproxy/files/igmpproxy.config
+++ b/package/network/services/igmpproxy/files/igmpproxy.config
@@ -2,11 +2,13 @@ config igmpproxy
        option quickleave 1
 #      option verbose [0-2]
 
-config phyint wan
+config phyint
        option network wan
+       option zone wan
        option direction upstream
        list altnet 192.168.1.0/24
 
-config phyint lan
+config phyint
        option network lan
+       option zone lan
        option direction downstream

diff --git a/package/network/services/igmpproxy/files/igmpproxy.init b/package/network/services/igmpproxy/files/igmpproxy.init
index 403854546fab0c6b562cf94518b20d1a64f251f2..009bb5d429c676881519e2c851340239fee55329 100644 (file)
--- a/package/network/services/igmpproxy/files/igmpproxy.init
+++ b/package/network/services/igmpproxy/files/igmpproxy.init
@@ -62,15 +62,15 @@ igmp_add_network() {
 }
 
 igmp_add_firewall_routing() {
-       config_get network $1 network
        config_get direction $1 direction
+       config_get zone $1 zone
 
-       [[ "$direction" = "downstream" ]] || return 0
+       [[ "$direction" = "downstream" && ! -z "$zone" ]] || return 0
 
        json_add_object ""
        json_add_string type rule
        json_add_string src "$upstream"
-       json_add_string dest "$network"
+       json_add_string dest "$zone"
        json_add_string family ipv4
        json_add_string proto udp
        json_add_string dest_ip "224.0.0.0/4"
@@ -79,18 +79,21 @@ igmp_add_firewall_routing() {
 }
 
 igmp_add_firewall_network() {
-       config_get network $1 network
        config_get direction $1 direction
+       config_get zone $1 zone
+
+       [ ! -z "$zone" ] || return
 
        json_add_object ""
        json_add_string type rule
-       json_add_string src "$network"
+       json_add_string src "$zone"
+       json_add_string family ipv4
        json_add_string proto igmp
        json_add_string target ACCEPT
        json_close_object
 
        [[ "$direction" = "upstream" ]] && {
-               upstream="$network"
+               upstream="$zone"
                config_foreach igmp_add_firewall_routing phyint
        }
 }