|
|
@@ -1,25 +1,65 @@
|
|
|
#!/bin/sh /etc/rc.common
|
|
|
|
|
|
START=19
|
|
|
+USE_PROCD=1
|
|
|
+QUIET=""
|
|
|
|
|
|
-boot() {
|
|
|
- # Be silent on boot, firewall might be started by hotplug already,
|
|
|
- # so don't complain in syslog.
|
|
|
- fw3 -q start
|
|
|
+validate_firewall_redirect()
|
|
|
+{
|
|
|
+ uci_validate_section firewall redirect "${1}" \
|
|
|
+ 'proto:or("tcp", "udp", "tcpudp")' \
|
|
|
+ 'src:string' \
|
|
|
+ 'src_ip:ipaddr' \
|
|
|
+ 'src_dport:string' \
|
|
|
+ 'dest:string' \
|
|
|
+ 'dest_ip:ipaddr' \
|
|
|
+ 'dest_port:string' \
|
|
|
+ 'target:or("SNAT", "DNAT")'
|
|
|
+
|
|
|
+ return $?
|
|
|
}
|
|
|
|
|
|
-start() {
|
|
|
- fw3 start
|
|
|
+validate_firewall_rule()
|
|
|
+{
|
|
|
+ uci_validate_section firewall rule "${1}" \
|
|
|
+ 'proto:string' \
|
|
|
+ 'src:string' \
|
|
|
+ 'dest:string' \
|
|
|
+ 'src_port:string' \
|
|
|
+ 'dest_port:string' \
|
|
|
+ 'target:string'
|
|
|
+
|
|
|
+ return $?
|
|
|
}
|
|
|
|
|
|
-stop() {
|
|
|
- fw3 flush
|
|
|
+service_triggers() {
|
|
|
+ procd_add_reload_trigger firewall
|
|
|
+
|
|
|
+ procd_open_validate
|
|
|
+ validate_firewall_redirect
|
|
|
+ validate_firewall_rule
|
|
|
+ procd_close_validate
|
|
|
}
|
|
|
|
|
|
restart() {
|
|
|
fw3 restart
|
|
|
}
|
|
|
|
|
|
-reload() {
|
|
|
+start_service() {
|
|
|
+ fw3 ${QUIET} start
|
|
|
+}
|
|
|
+
|
|
|
+stop_service() {
|
|
|
+ fw3 flush
|
|
|
+}
|
|
|
+
|
|
|
+reload_service() {
|
|
|
fw3 reload
|
|
|
}
|
|
|
+
|
|
|
+boot() {
|
|
|
+ # Be silent on boot, firewall might be started by hotplug already,
|
|
|
+ # so don't complain in syslog.
|
|
|
+ QUIET=1
|
|
|
+ start
|
|
|
+}
|
John Crispin