package/firewall/files/lib/core.sh

   1 # Copyright (C) 2009-2010 OpenWrt.org
   2
   3 FW_LIBDIR=${FW_LIBDIR:-/lib/firewall}
   4
   5 . $FW_LIBDIR/fw.sh
   6 include /lib/network
   7
   8 fw_start() {
   9         fw_init
  10
  11         FW_DEFAULTS_APPLIED=
  12
  13         fw_is_loaded && {
  14                 echo "firewall already loaded" >&2
  15                 exit 1
  16         }
  17
  18         uci_set_state firewall core "" firewall_state
  19
  20         fw_clear DROP
  21
  22         fw_callback pre core
  23
  24         echo "Loading defaults"
  25         fw_config_once fw_load_defaults defaults
  26
  27         echo "Loading zones"
  28         config_foreach fw_load_zone zone
  29
  30         echo "Loading forwardings"
  31         config_foreach fw_load_forwarding forwarding
  32
  33         echo "Loading redirects"
  34         config_foreach fw_load_redirect redirect
  35
  36         echo "Loading rules"
  37         config_foreach fw_load_rule rule
  38
  39         echo "Loading includes"
  40         config_foreach fw_load_include include
  41
  42         [ -z "$FW_NOTRACK_DISABLED" ] && {
  43                 echo "Optimizing conntrack"
  44                 config_foreach fw_load_notrack_zone zone
  45         }
  46
  47         echo "Loading interfaces"
  48         config_foreach fw_configure_interface interface add
  49
  50         fw_callback post core
  51
  52         uci_set_state firewall core loaded 1
  53 }
  54
  55 fw_stop() {
  56         fw_init
  57
  58         fw_callback pre stop
  59
  60         fw_clear ACCEPT
  61
  62         fw_callback post stop
  63
  64         uci_revert_state firewall
  65         config_clear
  66
  67         local h
  68         for h in $FW_HOOKS; do unset $h; done
  69
  70         unset FW_HOOKS
  71         unset FW_INITIALIZED
  72 }
  73
  74 fw_restart() {
  75         fw_stop
  76         fw_start
  77 }
  78
  79 fw_reload() {
  80         fw_restart
  81 }
  82
  83 fw_is_loaded() {
  84         local bool=$(uci_get_state firewall.core.loaded)
  85         return $((! ${bool:-0}))
  86 }
  87
  88
  89 fw_die() {
  90         echo "Error:" "$@" >&2
  91         fw_log error "$@"
  92         fw_stop
  93         exit 1
  94 }
  95
  96 fw_log() {
  97         local level="$1"
  98         [ -n "$2" ] || {
  99                 shift
 100                 level=notice
 101         }
 102         logger -t firewall -p user.$level "$@"
 103 }
 104
 105
 106 fw_init() {
 107         [ -z "$FW_INITIALIZED" ] || return 0
 108
 109         . $FW_LIBDIR/config.sh
 110
 111         scan_interfaces
 112         fw_config_append firewall
 113
 114         local hooks="core stop defaults zone notrack synflood"
 115         local file lib hk pp
 116         for file in $FW_LIBDIR/core_*.sh; do
 117                 . $file
 118                 hk=$(basename $file .sh)
 119                 hk=${hk#core_}
 120                 append hooks $hk
 121         done
 122         for file in $FW_LIBDIR/*.sh; do
 123                 lib=$(basename $file .sh)
 124                 lib=${lib##[0-9][0-9]_}
 125                 case $lib in
 126                         core*|fw|config|uci_firewall) continue ;;
 127                 esac
 128                 . $file
 129                 for hk in $hooks; do
 130                         for pp in pre post; do
 131                                 type ${lib}_${pp}_${hk}_cb >/dev/null && {
 132                                         append FW_CB_${pp}_${hk} ${lib}
 133                                         append FW_HOOKS FW_CB_${pp}_${hk}
 134                                 }
 135                         done
 136                 done
 137         done
 138
 139         fw_callback post init
 140
 141         FW_INITIALIZED=1
 142         return 0
 143 }