From 5de9130cfa04cbb2d0c840e846e82391180dda5c Mon Sep 17 00:00:00 2001 From: John Crispin Date: Tue, 18 Feb 2014 13:33:47 +0000 Subject: [PATCH] firewall3: update init.d script to make use of procd add validation data Signed-off-by: John Crispin SVN-Revision: 39617 --- .../config/firewall/files/firewall.init | 58 ++++++++++++++++--- 1 file changed, 49 insertions(+), 9 deletions(-) diff --git a/package/network/config/firewall/files/firewall.init b/package/network/config/firewall/files/firewall.init index 64e3a8c12b..8abbf68254 100755 --- a/package/network/config/firewall/files/firewall.init +++ b/package/network/config/firewall/files/firewall.init @@ -1,25 +1,65 @@ #!/bin/sh /etc/rc.common START=19 +USE_PROCD=1 +QUIET="" -boot() { - # Be silent on boot, firewall might be started by hotplug already, - # so don't complain in syslog. - fw3 -q start +validate_firewall_redirect() +{ + uci_validate_section firewall redirect "${1}" \ + 'proto:or("tcp", "udp", "tcpudp")' \ + 'src:string' \ + 'src_ip:ipaddr' \ + 'src_dport:string' \ + 'dest:string' \ + 'dest_ip:ipaddr' \ + 'dest_port:string' \ + 'target:or("SNAT", "DNAT")' + + return $? } -start() { - fw3 start +validate_firewall_rule() +{ + uci_validate_section firewall rule "${1}" \ + 'proto:string' \ + 'src:string' \ + 'dest:string' \ + 'src_port:string' \ + 'dest_port:string' \ + 'target:string' + + return $? } -stop() { - fw3 flush +service_triggers() { + procd_add_reload_trigger firewall + + procd_open_validate + validate_firewall_redirect + validate_firewall_rule + procd_close_validate } restart() { fw3 restart } -reload() { +start_service() { + fw3 ${QUIET} start +} + +stop_service() { + fw3 flush +} + +reload_service() { fw3 reload } + +boot() { + # Be silent on boot, firewall might be started by hotplug already, + # so don't complain in syslog. + QUIET=1 + start +} -- 2.30.2