diff options
| author | Brian J. Murrell <brian@interlinx.bc.ca> | 2019-03-01 06:27:44 -0500 |
|---|---|---|
| committer | Brian J. Murrell <brian@interlinx.bc.ca> | 2019-03-16 23:43:29 -0400 |
| commit | c4b18c8e96e2a41196610600735d3cda7fbc44a0 (patch) | |
| tree | bef54e21daa9ccbfef2a9c05a25d1744211541bf | |
| parent | 1acacbbf6cf49c65cb6f52719ed19509fa151054 (diff) | |
Shorewall: start and enable interfaces all in hotplug
Using shorewall-lite {en|dis}able instead of completely restarting
Shorewall is much more efficient.
But it also makes sense to move the starting of Shorewall from init
to an interface hotplug event. The "lan" interface should be a good
indicator that networking it ready. Besides, Shorewall won't start
until br-lan is available.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
| -rw-r--r-- | net/shorewall-lite/files/hotplug_iface | 16 | ||||
| -rw-r--r-- | net/shorewall/files/hotplug_iface | 14 | ||||
| -rw-r--r-- | net/shorewall6-lite/files/hotplug_iface | 16 | ||||
| -rw-r--r-- | net/shorewall6/files/hotplug_iface | 14 |
4 files changed, 42 insertions, 18 deletions
diff --git a/net/shorewall-lite/files/hotplug_iface b/net/shorewall-lite/files/hotplug_iface index 90ed80c8c..367cea6f4 100644 --- a/net/shorewall-lite/files/hotplug_iface +++ b/net/shorewall-lite/files/hotplug_iface @@ -1,13 +1,19 @@ #!/bin/sh -# should restart shorewall when an interface comes up +DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)} case "$ACTION" in ifup) - /etc/init.d/shorewall-lite restart + if [ "$INTERFACE" = "lan" ]; then + /usr/sbin/shorewall -l start + elif [ "${INTERFACE:0:3}" = "wan" ] && + [ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then + /etc/shorewall-lite/state/firewall enable "$DEVICE" + fi ;; ifdown) - # might need to restore some routing - /etc/init.d/shorewall-lite restart + if [ "${INTERFACE:0:3}" = "wan" ]; then + /etc/shorewall-lite/state/firewall disable "$DEVICE" + fi ;; -esac
\ No newline at end of file +esac diff --git a/net/shorewall/files/hotplug_iface b/net/shorewall/files/hotplug_iface index f787424c1..0071e4ff4 100644 --- a/net/shorewall/files/hotplug_iface +++ b/net/shorewall/files/hotplug_iface @@ -1,13 +1,19 @@ #!/bin/sh -# should restart shorewall when an interface comes up +DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)} case "$ACTION" in ifup) - /etc/init.d/shorewall restart + if [ "$INTERFACE" = "lan" ]; then + /usr/sbin/shorewall start + elif [ "${INTERFACE:0:3}" = "wan" ] && + [ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then + /etc/shorewall/state/firewall enable "$DEVICE" + fi ;; ifdown) - # might need to restore some routing - /etc/init.d/shorewall restart + if [ "${INTERFACE:0:3}" = "wan" ]; then + /etc/shorewall/state/firewall disable "$DEVICE" + fi ;; esac diff --git a/net/shorewall6-lite/files/hotplug_iface b/net/shorewall6-lite/files/hotplug_iface index bb8973b7b..410266aae 100644 --- a/net/shorewall6-lite/files/hotplug_iface +++ b/net/shorewall6-lite/files/hotplug_iface @@ -1,13 +1,19 @@ #!/bin/sh -# should restart shorewall when an interface comes up +DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)} case "$ACTION" in ifup) - /etc/init.d/shorewall6-lite restart + if [ "$INTERFACE" = "lan" ]; then + /usr/sbin/shorewall -6 -l start + elif [ "${INTERFACE:0:3}" = "wan" ] && + [ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then + /etc/shorewall6-lite/state/firewall enable "$DEVICE" + fi ;; ifdown) - # might need to restore some routing - /etc/init.d/shorewall6-lite restart + if [ "${INTERFACE:0:3}" = "wan" ]; then + /etc/shorewall6-lite/state/firewall disable "$DEVICE" + fi ;; -esac
\ No newline at end of file +esac diff --git a/net/shorewall6/files/hotplug_iface b/net/shorewall6/files/hotplug_iface index aaa03e8a9..bfe2bf7b1 100644 --- a/net/shorewall6/files/hotplug_iface +++ b/net/shorewall6/files/hotplug_iface @@ -1,13 +1,19 @@ #!/bin/sh -# should restart shorewall when an interface comes up +DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)} case "$ACTION" in ifup) - /etc/init.d/shorewall6 restart + if [ "$INTERFACE" = "lan" ]; then + /usr/sbin/shorewall -6 start + elif [ "${INTERFACE:0:3}" = "wan" ] && + [ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then + /etc/shorewall6/state/firewall enable "$DEVICE" + fi ;; ifdown) - # might need to restore some routing - /etc/init.d/shorewall6 restart + if [ "${INTERFACE:0:3}" = "wan" ]; then + /etc/shorewall6/state/firewall disable "$DEVICE" + fi ;; esac |