#!/bin/sh
-/etc/init.d/miniupnpd enabled && {
+miniupnpd_add_rules() {
+ local zone="$1"
+ local network="$2"
+ local iface="$3"
- local state="${ZONE}_${INTERFACE}"
- local extif initifs
+ miniupnpd_remove_rules
- config_load upnpd
- config_get extif config external_iface
+ logger -t miniupnpd "adding firewall rules for $iface to zone $zone"
- if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then
+ iptables -t nat -N MINIUPNPD 2>/dev/null
+ iptables -t nat -A zone_${zone}_prerouting -i $iface -j MINIUPNPD
+ iptables -t filter -N MINIUPNPD 2>/dev/null
+ iptables -t filter -A zone_${zone}_forward -i $iface ! -o $iface -j MINIUPNPD
- local active
- config_get active "$state" ifname
-
- [ -z "$active" ] && {
- local ipaddr
- config_get ipaddr "$extif" ipaddr
-
- logger -t "upnp" "adding $INTERFACE ($DEVICE - $ipaddr) to firewall"
-
- iptables -t nat -N MINIUPNPD 2>/dev/null
- iptables -t nat -A prerouting_rule -i $DEVICE -d $ipaddr -j MINIUPNPD
- iptables -t filter -N MINIUPNPD 2>/dev/null
- iptables -t filter -A forwarding_rule -i $DEVICE ! -o $DEVICE -j MINIUPNPD
-
- uci_set_state upnpd "$state" "" "firewall"
- uci_set_state upnpd "$state" ifname "$DEVICE"
- uci_set_state upnpd "$state" ipaddr "$ipaddr"
- }
-
- elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$extif" ]; then
-
- local ifname ipaddr
- config_get ifname "$state" ifname
- config_get ipaddr "$state" ipaddr
-
- [ -n "$ifname" ] && [ -n "$ipaddr" ] && {
- logger -t "upnp" "removing $INTERFACE ($ifname - $ipaddr) from firewall"
- iptables -t nat -D prerouting_rule -i $ifname -d $ipaddr -j MINIUPNPD
- iptables -t filter -D forwarding_rule -i $DEVICE ! -o $DEVICE -j MINIUPNPD
- uci_revert_state upnpd "$state"
- }
- fi
+ uci_set_state upnpd state "" state
+ uci_set_state upnpd state zone "$zone"
+ uci_set_state upnpd state ifname "$iface"
+ uci_set_state upnpd state network "$network"
}
+miniupnpd_remove_rules() {
+ local zone="$(uci_get_state upnpd state zone)"
+ local iface="$(uci_get_state upnpd state ifname)"
+
+ [ -n "$zone" ] && [ -n "$iface" ] && {
+ logger -t miniupnpd "removing firewall rules for $iface from zone $zone"
+
+ while iptables -t nat -D zone_${zone}_prerouting \
+ -i $iface -j MINIUPNPD 2>/dev/null; do :; done
+
+ while iptables -t filter -D zone_${zone}_forward \
+ -i $iface ! -o $iface -j MINIUPNPD 2>/dev/null; do :; done
+ }
+
+ uci_revert_state upnpd
+}
+
+/etc/init.d/miniupnpd enabled && [ -n "`pidof miniupnpd`" ] && {
+
+ local extif="$(uci_get upnpd config external_iface)"
+ local curif="$(uci_get_state upnpd state network)"
+
+ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then
+ miniupnpd_add_rules "$ZONE" "$INTERFACE" "$DEVICE"
+ elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$curif" ]; then
+ miniupnpd_remove_rules
+ fi
+}
START=95
start() {
+ type miniupnpd_add_rules >/dev/null 2>/dev/null || \
+ ACTION=- . /etc/hotplug.d/firewall/50-miniupnpd
+
config_load "upnpd"
local extiface intiface upload download logging secure enabled
config_load firewall
config_get zone core "${extiface:-wan}_zone"
[ -n "$zone" ] && \
- ACTION="add" ZONE="$zone" INTERFACE="${extiface:-wan}" DEVICE="$ifname" \
- . /etc/hotplug.d/firewall/50-miniupnpd
+ miniupnpd_add_rules "$zone" "${extiface:-wan}" "$ifname"
else
logger -t "upnp daemon" "external interface not found, not starting"
fi
}
-clear_rule() {
- local state="$1"
- local ifname ipaddr
-
- config_get ifname "$state" ifname
- config_get ipaddr "$state" ipaddr
-
- [ -n "$ifname" ] && [ -n "$ipaddr" ] && {
- iptables -t nat -D prerouting_rule -i $ifname -d $ipaddr -j MINIUPNPD
- iptables -t filter -D forwarding_rule -i $ifname ! -o $ifname -j MINIUPNPD
- uci_revert_state upnpd "$state"
- unset "CONFIG_${state}_ifname"
- unset "CONFIG_${state}_ipaddr"
- }
-}
-
stop() {
start-stop-daemon -K -q -x miniupnpd -p /var/run/miniupnpd.pid
rm -f /var/run/miniupnpd.pid
- logger -t "upnp" "removing firewall rules"
+ type miniupnpd_remove_rules >/dev/null 2>/dev/null || \
+ ACTION=- . /etc/hotplug.d/firewall/50-miniupnpd
- config_load upnpd
- config_foreach clear_rule firewall
+ miniupnpd_remove_rules
iptables -t nat -F MINIUPNPD 2>/dev/null
iptables -t nat -X MINIUPNPD 2>/dev/null
iptables -t filter -F MINIUPNPD 2>/dev/null
iptables -t filter -X MINIUPNPD 2>/dev/null
}
-
projects / packages.git / commitdiff