mirror of
https://git.openwrt.org/feed/packages.git
synced 2024-06-15 20:03:57 +02:00
c4b18c8e96
Using shorewall-lite {en|dis}able instead of completely restarting Shorewall is much more efficient. But it also makes sense to move the starting of Shorewall from init to an interface hotplug event. The "lan" interface should be a good indicator that networking it ready. Besides, Shorewall won't start until br-lan is available. Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
20 lines
504 B
Bash
20 lines
504 B
Bash
#!/bin/sh
|
|
|
|
DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)}
|
|
|
|
case "$ACTION" in
|
|
ifup)
|
|
if [ "$INTERFACE" = "lan" ]; then
|
|
/usr/sbin/shorewall -6 start
|
|
elif [ "${INTERFACE:0:3}" = "wan" ] &&
|
|
[ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then
|
|
/etc/shorewall6/state/firewall enable "$DEVICE"
|
|
fi
|
|
;;
|
|
ifdown)
|
|
if [ "${INTERFACE:0:3}" = "wan" ]; then
|
|
/etc/shorewall6/state/firewall disable "$DEVICE"
|
|
fi
|
|
;;
|
|
esac
|