15 năm trước cách đây · 3ffd27f905
--- a/package/firewall/files/lib/core_init.sh
+++ b/package/firewall/files/lib/core_init.sh
@@ -16,6 +16,9 @@ FW_DEFAULT_INPUT_POLICY=REJECT
 
				 FW_DEFAULT_OUTPUT_POLICY=REJECT
			
 
				 FW_DEFAULT_FORWARD_POLICY=REJECT
			
 
				 
			
 
				+FW_DISABLE_IPV4=0
			
 
				+FW_DISABLE_IPV6=0
			
 
				+
			
 
				 
			
 
				 fw_load_defaults() {
			
 
				 	fw_config_get_section "$1" defaults { \
			
@@ -34,6 +37,7 @@ fw_load_defaults() {
 
				 		boolean accept_redirects 0 \
			
 
				 		boolean accept_source_route 0 \
			
 
				 		boolean custom_chains 1 \
			
 
				+		boolean disable_ipv6 0 \
			
 
				 	} || return
			
 
				 	[ -n "$FW_DEFAULTS_APPLIED" ] && {
			
 
				 		echo "Error: multiple defaults sections detected"
			
@@ -50,6 +54,8 @@ fw_load_defaults() {
 
				 	FW_ACCEPT_REDIRECTS=$defaults_accept_redirects
			
 
				 	FW_ACCEPT_SRC_ROUTE=$defaults_accept_source_route
			
 
				 
			
 
				+	FW_DISABLE_IPV6=$defaults_disable_ipv6
			
 
				+
			
 
				 	fw_callback pre defaults
			
 
				 
			
 
				 	# Seems like there are only one sysctl for both IP versions.
			
@@ -96,7 +102,7 @@ fw_load_defaults() {
 
				 		fw add i f forwarding_rule
			
 
				 		fw add i n prerouting_rule
			
 
				 		fw add i n postrouting_rule
			
 
				-			
			
 
				+
			
 
				 		fw add i f INPUT       input_rule
			
 
				 		fw add i f OUTPUT      output_rule
			
 
				 		fw add i f FORWARD     forwarding_rule
			
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -72,7 +72,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
 
				 		if [ $tab == '-' ]; then
			
 
				 			type $app > /dev/null 2> /dev/null
			
 
				 			fw__rc $(($? & 1))
			
 
				-			return 
			
 
				+			return
			
 
				 		fi
			
 
				 		local mod
			
 
				 		eval "mod=\$FW_${fam}_${tab}"
			
@@ -85,7 +85,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
 
				 			6) mod=ip6table_${tab} ;;
			
 
				 			*) mod=. ;;
			
 
				 		esac
			
 
				-		grep "^${mod} " /proc/modules > /dev/null
			
 
				+		grep -q "^${mod} " /proc/modules
			
 
				 		mod=$?
			
 
				 		export FW_${fam}_${tab}=$mod
			
 
				 		fw__rc $mod
			
@@ -100,8 +100,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
 
				 	local app=
			
 
				 	local pol=
			
 
				 	case "$fam" in
			
 
				-		4) app=iptables ;;
			
 
				-		6) app=ip6tables ;;
			
 
				+		4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables  || return ;;
			
 
				+		6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
			
 
				 		i) fw__dualip "$@"; return ;;
			
 
				 		I) fw__autoip "$@"; return ;;
			
 
				 		e) app=ebtables ;;