diff options
| author | Brian J. Murrell <brian@interlinx.bc.ca> | 2019-03-01 06:27:44 -0500 |
|---|---|---|
| committer | Brian J. Murrell <brian@interlinx.bc.ca> | 2019-03-16 23:43:29 -0400 |
| commit | c4b18c8e96e2a41196610600735d3cda7fbc44a0 (patch) | |
| tree | bef54e21daa9ccbfef2a9c05a25d1744211541bf /net/shorewall-lite/files | |
| parent | 1acacbbf6cf49c65cb6f52719ed19509fa151054 (diff) | |
Shorewall: start and enable interfaces all in hotplug
Using shorewall-lite {en|dis}able instead of completely restarting
Shorewall is much more efficient.
But it also makes sense to move the starting of Shorewall from init
to an interface hotplug event. The "lan" interface should be a good
indicator that networking it ready. Besides, Shorewall won't start
until br-lan is available.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Diffstat (limited to 'net/shorewall-lite/files')
| -rw-r--r-- | net/shorewall-lite/files/hotplug_iface | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/net/shorewall-lite/files/hotplug_iface b/net/shorewall-lite/files/hotplug_iface index 90ed80c8c..367cea6f4 100644 --- a/net/shorewall-lite/files/hotplug_iface +++ b/net/shorewall-lite/files/hotplug_iface @@ -1,13 +1,19 @@ #!/bin/sh -# should restart shorewall when an interface comes up +DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)} case "$ACTION" in ifup) - /etc/init.d/shorewall-lite restart + if [ "$INTERFACE" = "lan" ]; then + /usr/sbin/shorewall -l start + elif [ "${INTERFACE:0:3}" = "wan" ] && + [ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then + /etc/shorewall-lite/state/firewall enable "$DEVICE" + fi ;; ifdown) - # might need to restore some routing - /etc/init.d/shorewall-lite restart + if [ "${INTERFACE:0:3}" = "wan" ]; then + /etc/shorewall-lite/state/firewall disable "$DEVICE" + fi ;; -esac
\ No newline at end of file +esac |