Browse Source

Shorewall: start and enable interfaces all in hotplug

Using shorewall-lite {en|dis}able instead of completely restarting
Shorewall is much more efficient.

But it also makes sense to move the starting of Shorewall from init
to an interface hotplug event.  The "lan" interface should be a good
indicator that networking it ready.  Besides, Shorewall won't start
until br-lan is available.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
lilik-openwrt-22.03
Brian J. Murrell 6 years ago
parent
commit
c4b18c8e96
4 changed files with 42 additions and 18 deletions
  1. +11
    -5
      net/shorewall-lite/files/hotplug_iface
  2. +10
    -4
      net/shorewall/files/hotplug_iface
  3. +11
    -5
      net/shorewall6-lite/files/hotplug_iface
  4. +10
    -4
      net/shorewall6/files/hotplug_iface

+ 11
- 5
net/shorewall-lite/files/hotplug_iface View File

@ -1,13 +1,19 @@
#!/bin/sh
# should restart shorewall when an interface comes up
DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)}
case "$ACTION" in
ifup)
/etc/init.d/shorewall-lite restart
if [ "$INTERFACE" = "lan" ]; then
/usr/sbin/shorewall -l start
elif [ "${INTERFACE:0:3}" = "wan" ] &&
[ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then
/etc/shorewall-lite/state/firewall enable "$DEVICE"
fi
;;
ifdown)
# might need to restore some routing
/etc/init.d/shorewall-lite restart
if [ "${INTERFACE:0:3}" = "wan" ]; then
/etc/shorewall-lite/state/firewall disable "$DEVICE"
fi
;;
esac
esac

+ 10
- 4
net/shorewall/files/hotplug_iface View File

@ -1,13 +1,19 @@
#!/bin/sh
# should restart shorewall when an interface comes up
DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)}
case "$ACTION" in
ifup)
/etc/init.d/shorewall restart
if [ "$INTERFACE" = "lan" ]; then
/usr/sbin/shorewall start
elif [ "${INTERFACE:0:3}" = "wan" ] &&
[ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then
/etc/shorewall/state/firewall enable "$DEVICE"
fi
;;
ifdown)
# might need to restore some routing
/etc/init.d/shorewall restart
if [ "${INTERFACE:0:3}" = "wan" ]; then
/etc/shorewall/state/firewall disable "$DEVICE"
fi
;;
esac

+ 11
- 5
net/shorewall6-lite/files/hotplug_iface View File

@ -1,13 +1,19 @@
#!/bin/sh
# should restart shorewall when an interface comes up
DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)}
case "$ACTION" in
ifup)
/etc/init.d/shorewall6-lite restart
if [ "$INTERFACE" = "lan" ]; then
/usr/sbin/shorewall -6 -l start
elif [ "${INTERFACE:0:3}" = "wan" ] &&
[ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then
/etc/shorewall6-lite/state/firewall enable "$DEVICE"
fi
;;
ifdown)
# might need to restore some routing
/etc/init.d/shorewall6-lite restart
if [ "${INTERFACE:0:3}" = "wan" ]; then
/etc/shorewall6-lite/state/firewall disable "$DEVICE"
fi
;;
esac
esac

+ 10
- 4
net/shorewall6/files/hotplug_iface View File

@ -1,13 +1,19 @@
#!/bin/sh
# should restart shorewall when an interface comes up
DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)}
case "$ACTION" in
ifup)
/etc/init.d/shorewall6 restart
if [ "$INTERFACE" = "lan" ]; then
/usr/sbin/shorewall -6 start
elif [ "${INTERFACE:0:3}" = "wan" ] &&
[ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then
/etc/shorewall6/state/firewall enable "$DEVICE"
fi
;;
ifdown)
# might need to restore some routing
/etc/init.d/shorewall6 restart
if [ "${INTERFACE:0:3}" = "wan" ]; then
/etc/shorewall6/state/firewall disable "$DEVICE"
fi
;;
esac

Loading…
Cancel
Save