uci firewall

- remove implicit creation of zones, based on network interfaces

SVN-Revision: 12281

diff --git a/package/firewall/files/new/20-firewall b/package/firewall/files/new/20-firewall
index a8ce17c97662ce87b6b263b2a0d64ee09ce381ed..217e3f66bba89673dd4577df6ce88b8932da8cd5 100644 (file)
--- a/package/firewall/files/new/20-firewall
+++ b/package/firewall/files/new/20-firewall
@@ -20,9 +20,7 @@ load_zones() {
 
 config_foreach load_zones zone
 
-IFACE=$(find_config $INTERFACE)
-[ -n "$IFACE" ] && 
-       list_contains ZONE $IFACE || ZONE="$ZONE $IFACE"
+[ -z "$ZONE" ] && exit 0
 
 [ ifup = "$ACTION" ] && {
        for z in $ZONE; do 

diff --git a/package/firewall/files/new/uci_firewall.sh b/package/firewall/files/new/uci_firewall.sh
index dcb9c100bf1c6a95c83ea3f8a8f7ebb4f3d80866..e1683e9cf0bf25c1bcae68d80b2951966c6264d0 100755 (executable)
--- a/package/firewall/files/new/uci_firewall.sh
+++ b/package/firewall/files/new/uci_firewall.sh
@@ -91,10 +91,6 @@ load_synflood() {
        $IPTABLES -A INPUT -p tcp --syn -j SYN_FLOOD
 }
 
-create_network_zone() {
-       create_zone "$1" "$1"
-}
-
 fw_defaults() {
        load_policy $1
        DEF_INPUT=$input
@@ -261,8 +257,6 @@ fw_init() {
        config_foreach fw_defaults defaults
        echo "Loading zones"
        config_foreach fw_zone zone
-       echo "Loading interfaces"
-       config_foreach create_network_zone interface
        echo "Loading rules"
        config_foreach fw_rule rule
        echo "Loading forwarding"