[PATCH v2] fff-firewall: Add network to procd_add_reload_trigger
Robert Langhammer
rlanghammer at web.de
Do Apr 25 19:58:50 CEST 2019
fff-firewall depends on network.wan.ifname. By adding network, changes there will invoke a firewall reload called by "reload-config".
Scripts that play with "network" do not need pay attention to the firewall if "reload-config" is used.
Signed-off-by: Robert Langhammer <rlanghammer at web.de>
---
.../files/etc/init.d/fff-firewall | 37 ++++++++++++++-----
.../fff-firewall/files/usr/sbin/fff-firewall | 11 ++++++
2 files changed, 38 insertions(+), 10 deletions(-)
create mode 100755 src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall
diff --git a/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall b/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall
index d460222..3b8d5a3 100755
--- a/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall
+++ b/src/packages/fff/fff-firewall/files/etc/init.d/fff-firewall
@@ -7,22 +7,39 @@ USE_PROCD=1
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
-FIREWALL_DIR=/usr/lib/firewall.d
-
service_triggers()
{
- procd_add_reload_trigger "fff-firewall"
+ local script name
+
+ script=$(readlink -f "$initscript")
+ name=$(basename ${script:-$initscript})
+
+ procd_add_reload_trigger "fff-firewall"
+ procd_add_config_trigger "config.change" "network" /etc/init.d/$name start
}
start_service()
{
- local file
+ procd_open_instance firewall
+ procd_set_param command /usr/sbin/fff-firewall
+ procd_close_instance
+}
+
+reload_service()
+{
+ echo "Explicitly restarting firewall"
+ start
+}
- IF_WAN=$(uci get network.wan.ifname)
+stop_service()
+{
+ ebtables -F
+ ebtables -X
- for file in ${FIREWALL_DIR}/*; do
- if [ -f "$file" ]; then
- . "$file"
- fi
- done
+ iptables -F
+ iptables -X
+
+ ip6tables -F
+ ip6tables -X
}
+
diff --git a/src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall b/src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall
new file mode 100755
index 0000000..8972b7f
--- /dev/null
+++ b/src/packages/fff/fff-firewall/files/usr/sbin/fff-firewall
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+FIREWALL_DIR=/usr/lib/firewall.d
+IF_WAN=$(uci get network.wan.ifname)
+for file in ${FIREWALL_DIR}/*; do
+ echo "running $file"
+ if [ -f "$file" ]; then
+ . "$file"
+ fi
+done
+
--
2.20.1
Mehr Informationen über die Mailingliste franken-dev