--- /dev/null
+#!/bin/sh
+
+. /etc/functions.sh
+
+savedynamic_print_table_chain() {
+ local table="$1"
+ local chain="$2"
+ local fsave="$3"
+ local fsavetmp="$fsave"".tmp"
+ local next_table_line
+ local cur_table_line
+ local table_line
+ table_line="$(($(grep -n "^*$table" "$fsave" | cut -f1 -d: ) + 1))"
+ tail -n+$table_line $fsave >"$fsavetmp"
+ for cur_table_line in $(grep -n "^*" "$fsavetmp"); do
+ [ -z "$next_table_line" ] && {
+ local lineno="$(echo $cur_table_line | cut -f1 -d:)"
+ [ -n "$lineno" ] && [ "$lineno" -gt $(($table_line - 1)) ] && {
+ next_table_line=$lineno
+ }
+ }
+ done
+ [ -z "$next_table_line" ] && {
+ next_table_line="$(cat $fsavetmp|wc -l)"
+ }
+ next_table_line=$(($next_table_line - 1))
+ head -n $next_table_line "$fsave.tmp" | grep $chain | grep -Ev "^:$chain"
+ rm -f "$fsavetmp"
+}
+
+savedynamic_save_fw_chain() {
+ local chain
+ local table
+ local fsave="/tmp/.firewall/save"
+
+ config_get chain $1 chain
+ config_get table $1 table filter
+ [ -z "$chain" ] && return 0
+ mkdir -p /tmp/.firewall
+ iptables-save >"$fsave"
+ savedynamic_print_table_chain $table $chain "$fsave" > /tmp/.firewall/save-$table-$chain
+
+}
+
+savedynamic_load_fw_chain() {
+ local chain
+ local table
+
+ config_get chain $1 chain
+ config_get table $1 table filter
+ [ -e /tmp/.firewall/save-$table-$chain ] && [ "$(cat /tmp/.firewall/save-$table-$chain | wc -l)" -ge 1 ] && {
+ iptables -t $table -N $chain
+ while read line; do
+ sh -c "iptables -t $table $line"
+ done < /tmp/.firewall/save-$table-$chain
+ rm /tmp/.firewall/save-$table-$chain
+ }
+}
+
+savedynamic_pre_stop_cb() {
+ echo "Saving dynamic firewall chains"
+ config_load firewall
+
+ config_foreach savedynamic_save_fw_chain save
+}
+
+savedynamic_post_core_cb() {
+ echo "Loading dynamic firewall chains"
+
+ config_load firewall
+ config_foreach savedynamic_load_fw_chain save
+}
projects / openwrt / svn-archive / archive.git / commitdiff