From: cshore Date: Wed, 5 May 2010 08:52:10 +0000 (+0000) Subject: packages: libs/savedynamic: rename package to firewall-mod-save and script to 20_save... X-Git-Url: http://git.archive.openwrt.org/?a=commitdiff_plain;h=810e7c4bf10c8a0fffc29294500ff5bd40443bcc;p=packages.git packages: libs/savedynamic: rename package to firewall-mod-save and script to 20_save.sh (from savedynamic.sh). Thanks jow git-svn-id: svn://svn.openwrt.org/openwrt/packages@21371 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- diff --git a/libs/firewall-mod-save/Makefile b/libs/firewall-mod-save/Makefile new file mode 100644 index 000000000..ab5db3ff6 --- /dev/null +++ b/libs/firewall-mod-save/Makefile @@ -0,0 +1,51 @@ +# +# Copyright (C) 2006-2009 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=firewall-mod-save +PKG_VERSION:=1.0 +PKG_RELEASE:=2 +MAINTAINER:=Daniel Dickinson + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) + +include $(INCLUDE_DIR)/package.mk + +define Package/firewall-mod-save/Default + SECTION:=libs + CATEGORY:=Libraries + TITLE:=Preserve dynamic chains during firewall restart +endef + +define Package/firewall-mod-save + $(call Package/firewall-mod-save/Default) + DEPENDS:=+iptables-utils +endef + +define Package/firewall-mod-save/description + Uses iptables-save to save the option chain in option table (default filter) + as defined by the config section save in /etc/config/firewall. +endef + +define Build/Prepare +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/firewall-mod-save/install + $(INSTALL_DIR) $(1)/lib/firewall + $(INSTALL_DATA) ./files/20_save.sh $(1)/lib/firewall/ +endef + +$(eval $(call BuildPackage,firewall-mod-save)) + diff --git a/libs/firewall-mod-save/files/20_save.sh b/libs/firewall-mod-save/files/20_save.sh new file mode 100644 index 000000000..d26251863 --- /dev/null +++ b/libs/firewall-mod-save/files/20_save.sh @@ -0,0 +1,73 @@ +#!/bin/sh + +. /etc/functions.sh + +save_print_table_chain() { + local table="$1" + local chain="$2" + local fsave="$3" + local fsavetmp="$fsave"".tmp" + local next_table_line + local cur_table_line + local table_line + table_line="$(($(grep -n "^*$table" "$fsave" | cut -f1 -d: ) + 1))" + tail -n+$table_line $fsave >"$fsavetmp" + for cur_table_line in $(grep -n "^*" "$fsavetmp"); do + [ -z "$next_table_line" ] && { + local lineno="$(echo $cur_table_line | cut -f1 -d:)" + [ -n "$lineno" ] && [ "$lineno" -gt $(($table_line - 1)) ] && { + next_table_line=$lineno + } + } + done + [ -z "$next_table_line" ] && { + next_table_line="$(cat $fsavetmp|wc -l)" + } + next_table_line=$(($next_table_line - 1)) + head -n $next_table_line "$fsave.tmp" | grep $chain | grep -Ev "^:$chain" + rm -f "$fsavetmp" +} + +save_save_fw_chain() { + local chain + local table + local fsave="/tmp/.firewall/save" + + config_get chain $1 chain + config_get table $1 table filter + [ -z "$chain" ] && return 0 + mkdir -p /tmp/.firewall + iptables-save >"$fsave" + save_print_table_chain $table $chain "$fsave" > /tmp/.firewall/save-$table-$chain + +} + +save_load_fw_chain() { + local chain + local table + + config_get chain $1 chain + config_get table $1 table filter + [ -e /tmp/.firewall/save-$table-$chain ] && [ "$(cat /tmp/.firewall/save-$table-$chain | wc -l)" -ge 1 ] && { + iptables -t $table -N $chain + while read line; do + sh -c "iptables -t $table $line" + done < /tmp/.firewall/save-$table-$chain + rm /tmp/.firewall/save-$table-$chain + } +} + +save_pre_stop_cb() { + echo "Saving dynamic firewall chains" + config_load firewall + + config_foreach save_save_fw_chain save +} + +save_post_core_cb() { + echo "Loading dynamic firewall chains" + + config_load firewall + config_foreach save_load_fw_chain save +} + diff --git a/libs/savedynamic/Makefile b/libs/savedynamic/Makefile deleted file mode 100644 index 521bf77bc..000000000 --- a/libs/savedynamic/Makefile +++ /dev/null @@ -1,52 +0,0 @@ -# -# Copyright (C) 2006-2009 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=savedynamic -PKG_VERSION:=1.0 -PKG_RELEASE:=1 -MAINTAINER:=Daniel Dickinson - -PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) - -include $(INCLUDE_DIR)/package.mk - -define Package/savedynamic/Default - SECTION:=libs - CATEGORY:=Libraries - TITLE:=Preserve dynamic chains during firewall restart -endef - -define Package/savedynamic - $(call Package/savedynamic/Default) - MENU:=1 - DEPENDS:=+iptables-utils -endef - -define Package/savedynamic/description - Uses iptables-save to save the option chain in option table (default filter) - as defined by the config section save in /etc/config/firewall. -endef - -define Build/Prepare -endef - -define Build/Configure -endef - -define Build/Compile -endef - -define Package/block-extroot/install - $(INSTALL_DIR) $(1)/lib/firewall - $(INSTALL_DATA) ./files/savedynamic.sh $(1)/lib/firewall/ -endef - -$(eval $(call BuildPackage,savedynamic)) - diff --git a/libs/savedynamic/files/savedynamic.sh b/libs/savedynamic/files/savedynamic.sh deleted file mode 100644 index 32d350fc7..000000000 --- a/libs/savedynamic/files/savedynamic.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/sh - -. /etc/functions.sh - -savedynamic_print_table_chain() { - local table="$1" - local chain="$2" - local fsave="$3" - local fsavetmp="$fsave"".tmp" - local next_table_line - local cur_table_line - local table_line - table_line="$(($(grep -n "^*$table" "$fsave" | cut -f1 -d: ) + 1))" - tail -n+$table_line $fsave >"$fsavetmp" - for cur_table_line in $(grep -n "^*" "$fsavetmp"); do - [ -z "$next_table_line" ] && { - local lineno="$(echo $cur_table_line | cut -f1 -d:)" - [ -n "$lineno" ] && [ "$lineno" -gt $(($table_line - 1)) ] && { - next_table_line=$lineno - } - } - done - [ -z "$next_table_line" ] && { - next_table_line="$(cat $fsavetmp|wc -l)" - } - next_table_line=$(($next_table_line - 1)) - head -n $next_table_line "$fsave.tmp" | grep $chain | grep -Ev "^:$chain" - rm -f "$fsavetmp" -} - -savedynamic_save_fw_chain() { - local chain - local table - local fsave="/tmp/.firewall/save" - - config_get chain $1 chain - config_get table $1 table filter - [ -z "$chain" ] && return 0 - mkdir -p /tmp/.firewall - iptables-save >"$fsave" - savedynamic_print_table_chain $table $chain "$fsave" > /tmp/.firewall/save-$table-$chain - -} - -savedynamic_load_fw_chain() { - local chain - local table - - config_get chain $1 chain - config_get table $1 table filter - [ -e /tmp/.firewall/save-$table-$chain ] && [ "$(cat /tmp/.firewall/save-$table-$chain | wc -l)" -ge 1 ] && { - iptables -t $table -N $chain - while read line; do - sh -c "iptables -t $table $line" - done < /tmp/.firewall/save-$table-$chain - rm /tmp/.firewall/save-$table-$chain - } -} - -savedynamic_pre_stop_cb() { - echo "Saving dynamic firewall chains" - config_load firewall - - config_foreach savedynamic_save_fw_chain save -} - -savedynamic_post_core_cb() { - echo "Loading dynamic firewall chains" - - config_load firewall - config_foreach savedynamic_load_fw_chain save -}