[package] firewall:
[openwrt/svn-archive/archive.git] / package / firewall / files / lib / core.sh
1 # Copyright (C) 2009-2010 OpenWrt.org
2
3 FW_LIBDIR=${FW_LIBDIR:-/lib/firewall}
4
5 . $FW_LIBDIR/fw.sh
6 include /lib/network
7
8 fw_start() {
9 fw_init
10
11 FW_DEFAULTS_APPLIED=
12
13 fw_is_loaded && {
14 echo "firewall already loaded" >&2
15 exit 1
16 }
17 uci_set_state firewall core "" firewall_state
18
19 fw_clear DROP
20
21 fw_callback pre core
22
23 echo "Loading defaults"
24 fw_config_once fw_load_defaults defaults
25
26 echo "Loading zones"
27 config_foreach fw_load_zone zone
28
29 echo "Loading forwardings"
30 config_foreach fw_load_forwarding forwarding
31
32 echo "Loading redirects"
33 config_foreach fw_load_redirect redirect
34
35 echo "Loading rules"
36 config_foreach fw_load_rule rule
37
38 echo "Loading includes"
39 config_foreach fw_load_include include
40
41 [ -n "$FW_NOTRACK_DISABLED" ] && {
42 echo "Optimizing conntrack"
43 config_foreach fw_load_notrack_zone zone
44 }
45
46 echo "Loading interfaces"
47 config_foreach fw_configure_interface interface add
48
49 fw_callback post core
50
51 uci_set_state firewall core loaded 1
52 }
53
54 fw_stop() {
55 fw_init
56
57 fw_callback pre stop
58
59 fw_clear ACCEPT
60
61 fw_callback post stop
62
63 uci_revert_state firewall
64 config_clear
65 unset FW_INITIALIZED
66 }
67
68 fw_restart() {
69 fw_stop
70 fw_start
71 }
72
73 fw_reload() {
74 fw_restart
75 }
76
77 fw_is_loaded() {
78 local bool
79 config_get_bool bool core loaded 0
80 return $((! $bool))
81 }
82
83
84 fw_die() {
85 echo "Error:" "$@" >&2
86 fw_log error "$@"
87 fw_stop
88 exit 1
89 }
90
91 fw_log() {
92 local level="$1"
93 [ -n "$2" ] || {
94 shift
95 level=notice
96 }
97 logger -t firewall -p user.$level "$@"
98 }
99
100
101 fw_init() {
102 [ -z "$FW_INITIALIZED" ] || return 0
103
104 . $FW_LIBDIR/config.sh
105
106 scan_interfaces
107 fw_config_append firewall
108
109 local hooks="core stop defaults zone notrack synflood"
110 local file lib hk pp
111 for file in $FW_LIBDIR/core_*.sh; do
112 . $file
113 hk=$(basename $file .sh)
114 hk=${hk#core_}
115 append hooks $hk
116 done
117 for file in $FW_LIBDIR/*.sh; do
118 lib=$(basename $file .sh)
119 lib=${lib##[0-9][0-9]_}
120 case $lib in
121 core*|fw|config|uci_firewall) continue ;;
122 esac
123 . $file
124 for hk in $hooks; do
125 for pp in pre post; do
126 type ${lib}_${pp}_${hk}_cb >/dev/null &&
127 append FW_CB_${pp}_${hk} ${lib}
128 done
129 done
130 done
131
132 fw_callback post init
133
134 FW_INITIALIZED=1
135 return 0
136 }