| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 |
- #!/bin/sh /etc/rc.common
- # Copyright (C) 2013 Project Gluon
- #
- # Firewall script for inserting and removing ebtables rules.
- #
- # Example format, for filtering any IPv4 multicast packets to the SSDP UDP port:
- # rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP
- #
- # Removing all rules:
- # $ ./firewall-ebtables stop
- # Inserting all rules:
- # $ ./firewall-ebtables start
- # Inserting a specific rule file:
- # $ ./firewall-ebtables start /lib/gluon/ebtables/100-mcast-chain
- # Removing a specific rule file:
- # $ ./firewall-ebtables stop /lib/gluon/ebtables/100-mcast-chain
- START=19
- STOP=91
- exec_file() {
- local file="$1"
- /usr/bin/lua -e "
- function rule(command, table)
- table = table or 'filter'
- os.execute($EBTABLES_RULE)
- end
- function chain(name, policy, table)
- table = table or 'filter'
- os.execute($EBTABLES_CHAIN)
- end
- " "$file"
- }
- exec_all() {
- local sort_arg="$1"
- local old_ifs="$IFS"
- IFS='
- '
- for file in `find /lib/gluon/ebtables -type f | sort $sort_arg`; do
- exec_file "$file"
- done
- IFS="$old_ifs"
- }
- start() {
- (
- export EBTABLES_RULE='"ebtables --concurrent -t " .. table .. " -A " .. command'
- export EBTABLES_CHAIN='"ebtables --concurrent -t " .. table .. " -N " .. name .. " -P " .. policy'
- # Contains /var/lib/ebtables/lock for '--concurrent'
- [ ! -d "/var/lib/ebtables" ] && \
- mkdir -p /var/lib/ebtables
- if [ -z "$1" ]; then
- exec_all ''
- else
- exec_file "$1"
- fi
- )
- }
- stop() {
- (
- export EBTABLES_RULE='"ebtables --concurrent -t " .. table .. " -D " .. command'
- export EBTABLES_CHAIN='"ebtables --concurrent -t " .. table .. " -X " .. name'
- if [ -z "$1" ]; then
- exec_all '-r'
- else
- exec_file "$1"
- fi
- )
- }
|
