igmpproxy: automatically add firewall rules for multicast routing based on the curren...
authorFelix Fietkau <nbd@openwrt.org>
Wed, 2 Jul 2014 19:18:23 +0000 (19:18 +0000)
committerFelix Fietkau <nbd@openwrt.org>
Wed, 2 Jul 2014 19:18:23 +0000 (19:18 +0000)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41483

package/network/services/igmpproxy/files/igmpproxy.init

index fb0333f048deb315c98e7a199de489ef2453acc0..8c15814712ff4282a67b3400f8cf7254b2b96d65 100644 (file)
@@ -65,6 +65,40 @@ igmp_add_network() {
        procd_add_interface_trigger "interface.*" $network /etc/init.d/igmpproxy restart
 }
 
+igmp_add_firewall_routing() {
+       config_get network $1 network
+       config_get direction $1 direction
+
+       [[ "$direction" = "downstream" ]] || return 0
+
+       json_add_object ""
+       json_add_string type rule
+       json_add_string src "$upstream"
+       json_add_string dest "$network"
+       json_add_string family ipv4
+       json_add_string proto udp
+       json_add_string dest_ip "224.0.0.0/4"
+       json_add_string target ACCEPT
+       json_close_object
+}
+
+igmp_add_firewall_network() {
+       config_get network $1 network
+       config_get direction $1 direction
+
+       json_add_object ""
+       json_add_string type rule
+       json_add_string src "$network"
+       json_add_string proto igmp
+       json_add_string target ACCEPT
+       json_close_object
+
+       [[ "$direction" = "upstream" ]] && {
+               upstream="$network"
+               config_foreach igmp_add_firewall_routing phyint
+       }
+}
+
 service_triggers() {
        procd_add_reload_trigger "igmpproxy"
 }
@@ -83,5 +117,18 @@ start_service() {
        procd_open_trigger
        config_foreach igmp_add_network phyint
        procd_close_trigger
+
+       procd_open_data
+
+       json_add_array firewall
+       config_foreach igmp_add_firewall_network phyint
+       json_close_array
+
+       procd_close_data
+
        procd_close_instance
 }
+
+service_started() {
+       procd_set_config_changed firewall
+}