net/miniupnpd/files/miniupnpd.firewall

   1 . /etc/functions.sh
   2 include /lib/network
   3 scan_interfaces
   4
   5 upnp_ipt() {
   6         iptables "$@" 2>/dev/null
   7 }
   8
   9 upnp_firewall_addif() {
  10         local extif
  11         local extip
  12         local iface
  13
  14         config_load upnpd
  15         config_get iface config external_iface
  16
  17         [ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return
  18
  19         config_load network
  20         config_get extip "${iface:-wan}" ipaddr
  21         config_get extif "${iface:-wan}" ifname
  22
  23         logger -t "upnp firewall" "adding wan interface $extif($extip)"
  24
  25         upnp_ipt -t nat -N miniupnpd_${iface:-wan}_rule
  26         upnp_ipt -t nat -A miniupnpd_${iface:-wan}_rule -i $extif -d $extip -j MINIUPNPD
  27         upnp_ipt -t nat -A prerouting_rule -j miniupnpd_${iface:-wan}_rule
  28
  29         upnp_ipt -t filter -N miniupnpd_${iface:-wan}_rule
  30         upnp_ipt -t filter -A miniupnpd_${iface:-wan}_rule -i $extif -o ! $extif -j MINIUPNPD
  31         upnp_ipt -t filter -A forwarding_rule -j miniupnpd_${iface:-wan}_rule
  32 }
  33
  34 upnp_firewall_delif() {
  35         local iface
  36
  37         config_load upnpd
  38         config_get iface config external_iface
  39
  40         [ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return
  41
  42         logger -t "upnp firewall" "removing wan interface"
  43
  44         upnp_ipt -t nat -D prerouting_rule -j miniupnpd_${iface:-wan}_rule
  45         upnp_ipt -t nat -F miniupnpd_${iface:-wan}_rule
  46         upnp_ipt -t nat -X miniupnpd_${iface:-wan}_rule
  47
  48         upnp_ipt -t filter -D forwarding_rule -j miniupnpd_${iface:-wan}_rule
  49         upnp_ipt -t filter -F miniupnpd_${iface:-wan}_rule
  50         upnp_ipt -t filter -X miniupnpd_${iface:-wan}_rule
  51 }
  52
  53 upnp_firewall_start() {
  54         upnp_ipt -t nat -N MINIUPNPD
  55         upnp_ipt -t filter -N MINIUPNPD
  56         upnp_firewall_addif
  57 }
  58
  59 upnp_firewall_stop() {
  60         upnp_firewall_delif
  61         upnp_ipt -t nat -F MINIUPNPD
  62         upnp_ipt -t nat -X MINIUPNPD
  63         upnp_ipt -t filter -F MINIUPNPD
  64         upnp_ipt -t filter -X MINIUPNPD
  65 }