From patchwork Thu Apr 25 17:58:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [v2] fff-firewall: Add network to procd_add_reload_trigger From: Robert Langhammer X-Patchwork-Id: 1101 Message-Id: <20190425175850.5615-1-rlanghammer@web.de> To: franken-dev@freifunk.net Date: Thu, 25 Apr 2019 19:58:50 +0200 fff-firewall depends on network.wan.ifname. By adding network, changes there will invoke a firewall reload called by "reload-config". Scripts that play with "network" do not need pay attention to the firewall if "reload-config" is used. Signed-off-by: Robert Langhammer --- .../files/etc/init.d/fff-firewall | 37 ++++++++++++++----- .../fff-firewall/files/usr/sbin/fff-firewall | 11 ++++++ 2 files changed, 38 insertions(+), 10 deletions(-) create mode 100755 src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall -- 2.20.1 diff --git a/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall b/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall index d460222..3b8d5a3 100755 --- a/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall +++ b/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall @@ -7,22 +7,39 @@ USE_PROCD=1 SERVICE_WRITE_PID=1 SERVICE_DAEMONIZE=1 -FIREWALL_DIR=/usr/lib/firewall.d - service_triggers() { - procd_add_reload_trigger "fff-firewall" + local script name + + script=$(readlink -f "$initscript") + name=$(basename ${script:-$initscript}) + + procd_add_reload_trigger "fff-firewall" + procd_add_config_trigger "config.change" "network" /etc/init.d/$name start } start_service() { - local file + procd_open_instance firewall + procd_set_param command /usr/sbin/fff-firewall + procd_close_instance +} + +reload_service() +{ + echo "Explicitly restarting firewall" + start +} - IF_WAN=$(uci get network.wan.ifname) +stop_service() +{ + ebtables -F + ebtables -X - for file in ${FIREWALL_DIR}/*; do - if [ -f "$file" ]; then - . "$file" - fi - done + iptables -F + iptables -X + + ip6tables -F + ip6tables -X } + diff --git a/src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall b/src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall new file mode 100755 index 0000000..8972b7f --- /dev/null +++ b/src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall @@ -0,0 +1,11 @@ +#!/bin/sh + +FIREWALL_DIR=/usr/lib/firewall.d +IF_WAN=$(uci get network.wan.ifname) +for file in ${FIREWALL_DIR}/*; do + echo "running $file" + if [ -f "$file" ]; then + . "$file" + fi +done +