projects / openwrt / svn-archive / archive.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[package] firewall:
[openwrt/svn-archive/archive.git] / package / firewall / files / lib / fw.sh
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index c06e8642364223d529f9ad8f15d4bd442113a12c..819aa48eae87f8efdc4100fc2aebe8714554f2eb 100644 (file)
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -36,7 +36,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
        done
 
        fw__rc() {
-               export FW_${fam}_ERROR=$1
+               export FW_${fam#G}_ERROR=$1
                return $1
        }
 
@@ -51,8 +51,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
                shift
                while [ "$1" != '}' ]; do
                        case "$1" in
-                               *.*.*.*) ip4=1 ;;
                                *:*) ip6=1 ;;
+                               *.*.*.*) ip4=1 ;;
                        esac
                        shift
                done
@@ -72,20 +72,20 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
                if [ $tab == '-' ]; then
                        type $app > /dev/null 2> /dev/null
                        fw__rc $(($? & 1))
-                       return 
+                       return
                fi
                local mod
-               eval "mod=\$FW_${fam}_${tab}"
+               eval "mod=\$FW_${fam#G}_${tab}"
                if [ "$mod" ]; then
                        fw__rc $mod
                        return
                fi
                case "$fam" in
-                       4) mod=iptable_${tab} ;;
-                       6) mod=ip6table_${tab} ;;
+                       *4) mod=iptable_${tab} ;;
+                       *6) mod=ip6table_${tab} ;;
                        *) mod=. ;;
                esac
-               grep "^${mod} " /proc/modules > /dev/null
+               grep -q "^${mod} " /proc/modules
                mod=$?
                export FW_${fam}_${tab}=$mod
                fw__rc $mod
@@ -100,8 +100,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
        local app=
        local pol=
        case "$fam" in
-               4) app=iptables ;;
-               6) app=ip6tables ;;
+               *4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables  || return ;;
+               *6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
                i) fw__dualip "$@"; return ;;
                I) fw__autoip "$@"; return ;;
                e) app=ebtables ;;
@@ -148,14 +148,25 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
                return 0
        fi
 
+       case "$fam" in
+               G*) shift; while [ "$1" != "{" ]; do shift; done ;;
+       esac
+
        if [ $# -gt 0 ]; then
                shift
-               if [ $cmd == del ]; then
-                       pos=-
+               if [ $cmd == delete ]; then
+                       pos=
                fi
        fi
+
        while [ $# -gt 1 ]; do
-               echo -n  "$1"
+               case "$app:$1" in
+                       ip6tables:--icmp-type) echo -n "--icmpv6-type" ;;
+                       ip6tables:icmp|ip6tables:ICMP) echo -n "icmpv6" ;;
+                       iptables:--icmpv6-type) echo -n "--icmp-type" ;;
+                       iptables:icmpv6) echo -n "icmp" ;;
+                       *) echo -n "$1" ;;
+               esac
                echo -ne "\0"
                shift
        done | xargs -0 ${FW_TRACE:+-t} \
@@ -180,3 +191,24 @@ fw_get_port_range() {
        fi
 }
 
+fw_get_family_mode() {
+       local hint="$1"
+       local zone="$2"
+       local mode="$3"
+
+       local ipv4 ipv6
+       [ -n "$FW_ZONES4$FW_ZONES6" ] && {
+               list_contains FW_ZONES4 $zone && ipv4=1 || ipv4=0
+               list_contains FW_ZONES6 $zone && ipv6=1 || ipv6=0
+       } || {
+               ipv4=$(uci_get_state firewall core ${zone}_ipv4 0)
+               ipv6=$(uci_get_state firewall core ${zone}_ipv6 0)
+       }
+
+       case "$hint:$ipv4:$ipv6" in
+               *4:1:*|*:1:0) echo G4 ;;
+               *6:*:1|*:0:1) echo G6 ;;
+               *) echo $mode ;;
+       esac
+}
+
OpenWrt SVN history