projects / openwrt.git / blob
? search:


3fd98d1602ecac2aa986ea80979dc77022d43095
[openwrt.git] / package / firewall / files / lib / core.sh
1 # Copyright (C) 2009-2010 OpenWrt.org
2
3 FW_LIBDIR=${FW_LIBDIR:-/lib/firewall}
4
5 . $FW_LIBDIR/fw.sh
6 include /lib/network
7
8 fw_start() {
9         fw_init
10
11         FW_DEFAULTS_APPLIED=
12
13         fw_is_loaded && {
14                 echo "firewall already loaded" >&2
15                 exit 1
16         }
17         uci_set_state firewall core "" firewall_state
18
19         fw_clear DROP
20
21         fw_callback pre core
22
23         echo "Loading defaults"
24         fw_config_once fw_load_defaults defaults
25
26         echo "Loading zones"
27         config_foreach fw_load_zone zone
28
29         echo "Loading forwardings"
30         config_foreach fw_load_forwarding forwarding
31
32         echo "Loading redirects"
33         config_foreach fw_load_redirect redirect
34
35         echo "Loading rules"
36         config_foreach fw_load_rule rule
37
38         echo "Loading includes"
39         config_foreach fw_load_include include
40
41         [ -n "$FW_NOTRACK_DISABLED" ] && {
42                 echo "Optimizing conntrack"
43                 config_foreach fw_load_notrack_zone zone
44         }
45
46         echo "Loading interfaces"
47         config_foreach fw_configure_interface interface add
48
49         fw_callback post core
50
51         uci_set_state firewall core loaded 1
52 }
53
54 fw_stop() {
55         fw_init
56
57         fw_callback pre stop
58
59         fw_clear ACCEPT
60
61         fw_callback post stop
62
63         uci_revert_state firewall
64         config_clear
65         unset FW_INITIALIZED
66 }
67
68 fw_restart() {
69         fw_stop
70         fw_start
71 }
72
73 fw_reload() {
74         fw_restart
75 }
76
77 fw_is_loaded() {
78         local bool
79         config_get_bool bool core loaded 0
80         return $((! $bool))
81 }
82
83
84 fw_die() {
85         echo "Error:" "$@" >&2
86         fw_log error "$@"
87         fw_stop
88         exit 1
89 }
90
91 fw_log() {
92         local level="$1"
93         [ -n "$2" ] || {
94                 shift
95                 level=notice
96         }
97         logger -t firewall -p user.$level "$@"
98 }
99
100
101 fw_init() {
102         [ -z "$FW_INITIALIZED" ] || return 0
103
104         . $FW_LIBDIR/config.sh
105
106         scan_interfaces
107         fw_config_append firewall
108
109         local hooks="core stop defaults zone notrack synflood"
110         local file lib hk pp
111         for file in $FW_LIBDIR/core_*.sh; do
112                 . $file
113                 hk=$(basename $file .sh)
114                 hk=${hk#core_}
115                 append hooks $hk
116         done
117         for file in $FW_LIBDIR/*.sh; do
118                 lib=$(basename $file .sh)
119                 lib=${lib##[0-9][0-9]_}
120                 case $lib in
121                         core*|fw|config|uci_firewall) continue ;;
122                 esac
123                 . $file
124                 for hk in $hooks; do
125                         for pp in pre post; do
126                                 type ${lib}_${pp}_${hk}_cb >/dev/null &&
127                                         append FW_CB_${pp}_${hk} ${lib}
128                         done
129                 done
130         done
131
132         fw_callback post init
133
134         FW_INITIALIZED=1
135         return 0
136 }
OpenWrt main development branch