@@ -7,22 +7,39 @@ USE_PROCD=1
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
-FIREWALL_DIR=/usr/lib/firewall.d
-
service_triggers()
{
- procd_add_reload_trigger "fff-firewall"
+ local script name
+
+ script=$(readlink -f "$initscript")
+ name=$(basename ${script:-$initscript})
+
+ procd_add_reload_trigger "fff-firewall"
+ procd_add_config_trigger "config.change" "network" /etc/init.d/$name start
}
start_service()
{
- local file
+ procd_open_instance firewall
+ procd_set_param command /usr/sbin/fff-firewall
+ procd_close_instance
+}
+
+reload_service()
+{
+ echo "Explicitly restarting firewall"
+ start
+}
- IF_WAN=$(uci get network.wan.ifname)
+stop_service()
+{
+ ebtables -F
+ ebtables -X
- for file in ${FIREWALL_DIR}/*; do
- if [ -f "$file" ]; then
- . "$file"
- fi
- done
+ iptables -F
+ iptables -X
+
+ ip6tables -F
+ ip6tables -X
}
+
new file mode 100755
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+FIREWALL_DIR=/usr/lib/firewall.d
+IF_WAN=$(uci get network.wan.ifname)
+for file in ${FIREWALL_DIR}/*; do
+ echo "running $file"
+ if [ -f "$file" ]; then
+ . "$file"
+ fi
+done
+
fff-firewall depends on network.wan.ifname. By adding network, changes there will invoke a firewall reload called by "reload-config". Scripts that play with "network" do not need pay attention to the firewall if "reload-config" is used. Signed-off-by: Robert Langhammer <rlanghammer@web.de> --- .../files/etc/init.d/fff-firewall | 37 ++++++++++++++----- .../fff-firewall/files/usr/sbin/fff-firewall | 11 ++++++ 2 files changed, 38 insertions(+), 10 deletions(-) create mode 100755 src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall -- 2.20.1