From: Daniel Dickinson <crazycshore@gmail.com>
Date: Wed, 5 May 2010 03:53:23 +0000 (+0000)
Subject: packages: libs/savedynamic: Add package that uses new modular firewall to save chains... 
X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;hb=bd1df498e96309eab85a7dc18b97cfa0248e39f2

packages: libs/savedynamic: Add package that uses new modular firewall to save chains with dynamically generates rules from packages such as miniupnpd and strongswan in order that they might be preserved across a firewall restart (but not a router reboot).


SVN-Revision: 21368
---

diff --git a/libs/savedynamic/files/savedynamic.sh b/libs/savedynamic/files/savedynamic.sh
new file mode 100644
index 0000000000..32d350fc73
--- /dev/null
+++ b/libs/savedynamic/files/savedynamic.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+. /etc/functions.sh
+
+savedynamic_print_table_chain() {
+	local table="$1"
+	local chain="$2"
+	local fsave="$3"
+	local fsavetmp="$fsave"".tmp"
+	local next_table_line
+	local cur_table_line
+	local table_line
+	table_line="$(($(grep -n "^*$table" "$fsave" | cut -f1 -d: ) + 1))"
+	tail -n+$table_line $fsave >"$fsavetmp"
+	for cur_table_line in $(grep -n "^*" "$fsavetmp"); do
+		[ -z "$next_table_line" ] && {
+			local lineno="$(echo $cur_table_line | cut -f1 -d:)"
+			[ -n "$lineno" ] && [ "$lineno" -gt $(($table_line - 1)) ] && {
+				next_table_line=$lineno
+			}
+		}
+	done
+	[ -z "$next_table_line" ] && {
+		next_table_line="$(cat $fsavetmp|wc -l)"
+	}
+	next_table_line=$(($next_table_line - 1))
+	head -n $next_table_line "$fsave.tmp" | grep $chain | grep -Ev "^:$chain" 
+        rm -f "$fsavetmp"
+}
+
+savedynamic_save_fw_chain() {
+	local chain
+	local table
+	local fsave="/tmp/.firewall/save"
+
+	config_get chain $1 chain
+	config_get table $1 table filter
+	[ -z "$chain" ] && return 0
+	mkdir -p /tmp/.firewall
+	iptables-save >"$fsave"
+	savedynamic_print_table_chain $table $chain "$fsave" > /tmp/.firewall/save-$table-$chain
+
+}
+
+savedynamic_load_fw_chain() {
+	local chain
+	local table
+
+	config_get chain $1 chain
+	config_get table $1 table filter 
+	[ -e /tmp/.firewall/save-$table-$chain ] && [ "$(cat /tmp/.firewall/save-$table-$chain | wc -l)" -ge 1 ] && {
+		iptables -t $table -N $chain
+		while read line; do
+			sh -c "iptables -t $table $line"
+		done < /tmp/.firewall/save-$table-$chain
+		rm /tmp/.firewall/save-$table-$chain
+	}
+}
+
+savedynamic_pre_stop_cb() {
+	echo "Saving dynamic firewall chains"
+	config_load firewall
+
+	config_foreach savedynamic_save_fw_chain save
+}
+
+savedynamic_post_core_cb() {
+	echo "Loading dynamic firewall chains"
+
+	config_load firewall
+	config_foreach savedynamic_load_fw_chain save
+}