uci firewall - remove implicit creation of zones, based on network interfaces
authorJohn Crispin <john@openwrt.org>
Mon, 11 Aug 2008 20:46:17 +0000 (20:46 +0000)
committerJohn Crispin <john@openwrt.org>
Mon, 11 Aug 2008 20:46:17 +0000 (20:46 +0000)
SVN-Revision: 12281

package/firewall/files/new/20-firewall
package/firewall/files/new/uci_firewall.sh

index a8ce17c97662ce87b6b263b2a0d64ee09ce381ed..217e3f66bba89673dd4577df6ce88b8932da8cd5 100644 (file)
@@ -20,9 +20,7 @@ load_zones() {
 
 config_foreach load_zones zone
 
-IFACE=$(find_config $INTERFACE)
-[ -n "$IFACE" ] && 
-       list_contains ZONE $IFACE || ZONE="$ZONE $IFACE"
+[ -z "$ZONE" ] && exit 0
 
 [ ifup = "$ACTION" ] && {
        for z in $ZONE; do 
index dcb9c100bf1c6a95c83ea3f8a8f7ebb4f3d80866..e1683e9cf0bf25c1bcae68d80b2951966c6264d0 100755 (executable)
@@ -91,10 +91,6 @@ load_synflood() {
        $IPTABLES -A INPUT -p tcp --syn -j SYN_FLOOD
 }
 
-create_network_zone() {
-       create_zone "$1" "$1"
-}
-
 fw_defaults() {
        load_policy $1
        DEF_INPUT=$input
@@ -261,8 +257,6 @@ fw_init() {
        config_foreach fw_defaults defaults
        echo "Loading zones"
        config_foreach fw_zone zone
-       echo "Loading interfaces"
-       config_foreach create_network_zone interface
        echo "Loading rules"
        config_foreach fw_rule rule
        echo "Loading forwarding"