firewall (#7355) - partially revert r21486, start firewall on init again - skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision

SVN-Revision: 21502

package/firewall/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 include $(INCLUDE_DIR)/package.mk
 

package/firewall/files/firewall.hotplug

@@ -3,26 +3,20 @@
 # HOTPLUG_TYPE=iface, triggered by various scripts when an interface
 # is configured (ACTION=ifup) or deconfigured (ACTION=ifdown).  The
 # interface is available as INTERFACE, the real device as DEVICE.
-. /etc/functions.sh
 
 [ "$DEVICE" == "lo" ] && exit 0
 
+. /etc/functions.sh
 . /lib/firewall/core.sh
-fw_init
 
-# Wait for firewall if startup is in progress
-lock -w /var/lock/firewall.start
+fw_init
+fw_is_loaded || exit 0
 
 case "$ACTION" in
 	ifup)
-		fw_is_loaded && {
-			fw_configure_interface "$INTERFACE" add "$DEVICE" &
-		} || {
-			/etc/init.d/firewall enabled && fw_start &
-		}
+		fw_configure_interface "$INTERFACE" add "$DEVICE" &
 	;;
 	ifdown)
-		fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" &
+		fw_configure_interface "$INTERFACE" del "$DEVICE" &
 	;;
 esac
-

package/firewall/files/firewall.init

@@ -1,5 +1,5 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2008 OpenWrt.org
+# Copyright (C) 2008-2010 OpenWrt.org
 
 START=45
 
@@ -10,8 +10,6 @@ fw() {
 	fw_$1
 }
 
-boot() { :; }
-
 start() {
 	fw start
 }

package/firewall/files/lib/core.sh

@@ -15,8 +15,6 @@ fw_start() {
 		exit 1
 	}
 
-	lock /var/lock/firewall.start
-
 	uci_set_state firewall core "" firewall_state
 
 	fw_clear DROP
@@ -52,8 +50,6 @@ fw_start() {
 	fw_callback post core
 
 	uci_set_state firewall core loaded 1
-
-	lock -u /var/lock/firewall.start
 }
 
 fw_stop() {
@@ -94,7 +90,6 @@ fw_die() {
 	echo "Error:" "$@" >&2
 	fw_log error "$@"
 	fw_stop
-	lock -u /var/lock/firewall.start
 	exit 1
 }
 

package/firewall/files/lib/core_interface.sh

@@ -5,14 +5,12 @@ fw_configure_interface() {
 	local action=$2
 	local ifname=$3
 
-	local status;
-	config_get_bool status "$iface" up "0"
-	[ "$status" == 1 ] || return 0
-
-	[ -n "$ifname" ] || {
-		config_get ifname "$iface" ifname
-		ifname=${ifname:-$iface}
+	[ "$action" == "add" ] && {
+		local status=$(uci_get_state network "$iface" up 0)
+		[ "$status" == 1 ] || return 0
 	}
+
+	[ -n "$ifname" ] || ifname=$(uci_get_state network "$iface" ifname "$iface")
 	[ "$ifname" == "lo" ] && return 0
 
 	fw_callback pre interface