[v2] fff-firewall: Add network to procd_add_reload_trigger

Submitted by Robert Langhammer on April 25, 2019, 5:58 p.m.

Details

Message ID 20190425175850.5615-1-rlanghammer@web.de
State New
Headers show

Commit Message

Robert Langhammer April 25, 2019, 5:58 p.m.
fff-firewall depends on network.wan.ifname. By adding network, changes there will invoke a firewall reload called by "reload-config".
Scripts that play with "network" do not need pay attention to the firewall if "reload-config" is used.

Signed-off-by: Robert Langhammer <rlanghammer@web.de>
---
 .../files/etc/init.d/fff-firewall             | 37 ++++++++++++++-----
 .../fff-firewall/files/usr/sbin/fff-firewall  | 11 ++++++
 2 files changed, 38 insertions(+), 10 deletions(-)
 create mode 100755 src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall

--
2.20.1

Patch hide | download patch | download mbox

diff --git a/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall b/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall
index d460222..3b8d5a3 100755
--- a/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall
+++ b/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall
@@ -7,22 +7,39 @@  USE_PROCD=1
 SERVICE_WRITE_PID=1
 SERVICE_DAEMONIZE=1

-FIREWALL_DIR=/usr/lib/firewall.d
-
 service_triggers()
 {
-    procd_add_reload_trigger "fff-firewall"
+	local script name
+
+	script=$(readlink -f "$initscript")
+	name=$(basename ${script:-$initscript})
+
+	procd_add_reload_trigger "fff-firewall"
+	procd_add_config_trigger "config.change" "network" /etc/init.d/$name start
 }

 start_service()
 {
-    local file
+	procd_open_instance firewall
+	procd_set_param command /usr/sbin/fff-firewall
+	procd_close_instance
+}
+
+reload_service()
+{
+	echo "Explicitly restarting firewall"
+	start
+}

-    IF_WAN=$(uci get network.wan.ifname)
+stop_service()
+{
+	ebtables -F
+	ebtables -X

-    for file in ${FIREWALL_DIR}/*; do
-        if [ -f "$file" ]; then
-            . "$file"
-        fi
-    done
+	iptables -F
+	iptables -X
+
+	ip6tables -F
+	ip6tables -X
 }
+
diff --git a/src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall b/src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall
new file mode 100755
index 0000000..8972b7f
--- /dev/null
+++ b/src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall
@@ -0,0 +1,11 @@ 
+#!/bin/sh
+
+FIREWALL_DIR=/usr/lib/firewall.d
+IF_WAN=$(uci get network.wan.ifname)
+for file in ${FIREWALL_DIR}/*; do
+	echo "running $file"
+	if [ -f "$file" ]; then
+		. "$file"
+	fi
+done
+