Ticket refs #5596: Icwmp improvement - Firewall entry

common.c

@@ -296,48 +296,6 @@ end:
 	cwmp_uci_exit();
 }
 
-/*
- * updated firewall.cwmp file
- */
-int update_firewall_cwmp_file(int port, char *zone_name, char *ip_addr, int ip_type)
-{
-	FILE *fp;
-
-	remove(FIREWALL_CWMP);
-	fp = fopen(FIREWALL_CWMP, "a");
-	if (fp == NULL)
-		return -1;
-	fprintf(fp, "zone_name=%s\n", zone_name);
-	fprintf(fp, "port=%d\n", port);
-	fprintf(fp, "if [ \"$zone_name\" = \"\" ]; then\n");
-	fprintf(fp, "	exit 0\n");
-	fprintf(fp, "elif [ \"$zone_name\" = \"icwmp\" ]; then\n");
-	fprintf(fp, "	iptables -nL zone_icwmp_input 2> /dev/null\n");
-	fprintf(fp, "	if [ $? != 0 ]; then\n");
-	fprintf(fp, "		iptables -N zone_icwmp_input\n");
-	fprintf(fp, "		iptables -t filter -A INPUT -j zone_icwmp_input\n");
-	fprintf(fp, "		iptables -I zone_icwmp_input -p tcp --dport $port -j REJECT\n");
-	fprintf(fp, "	else\n");
-	fprintf(fp, "		iptables -F zone_icwmp_input\n");
-	fprintf(fp, "		iptables -I zone_icwmp_input -p tcp --dport $port -j REJECT\n");
-	fprintf(fp, "	fi\n");
-	fprintf(fp, "else\n");
-	fprintf(fp, "	iptables -F zone_icwmp_input 2> /dev/null\n");
-	fprintf(fp, "	iptables -t filter -D INPUT -j zone_icwmp_input 2> /dev/null\n");
-	fprintf(fp, "	iptables -X zone_icwmp_input 2> /dev/null\n");
-	fprintf(fp, "fi\n");
-	if (ip_type == 0)
-		fprintf(fp,
-			"iptables -I zone_%s_input -p tcp -s %s --dport %d -j ACCEPT -m comment --comment=\"Open ACS port\"\n",
-			zone_name, ip_addr, port);
-	else
-		fprintf(fp,
-			"ip6tables -I zone_%s_input -p tcp -s %s --dport %d -j ACCEPT -m comment --comment=\"Open ACS port\"\n",
-			zone_name, ip_addr, port);
-	fclose(fp);
-	return 0;
-}
-
 /*
  * Reboot
  */

http.c

@@ -238,7 +238,12 @@ int http_send_message(struct cwmp *cwmp, char *msg_out, int msg_out_len, char **
 			}
 			char *zone_name = NULL;
 			get_firewall_zone_name_by_wan_iface(cwmp->conf.default_wan_iface, &zone_name);
-			update_firewall_cwmp_file(cwmp->conf.connection_request_port, zone_name ? zone_name : "wan", ip_acs, tmp);
+			uci_set_value(UCI_FIREWALL_ACS_IP, ip_acs, CWMP_CMD_SET_STATE);
+			char connection_requset_port_str[10];
+			snprintf(connection_requset_port_str, sizeof(connection_requset_port_str), "%d", cwmp->conf.connection_request_port);
+			uci_set_value(UCI_FIREWALL_ACS_PORT, connection_requset_port_str, CWMP_CMD_SET_STATE);
+			uci_set_value(UCI_FIREWALL_ACS_ZONENAME, zone_name ? zone_name : "wan", CWMP_CMD_SET_STATE);
+			uci_set_value(UCI_FIREWALL_ACS_IPV6ENABLE, tmp ? "1" : "0", CWMP_CMD_SET_STATE);
 
 			/*
 			 * Restart firewall service

inc/common.h

@@ -456,7 +456,6 @@ bool file_exists(const char *path);
 void cwmp_reboot(char *command_key);
 void cwmp_factory_reset();
 void get_firewall_zone_name_by_wan_iface(char *if_wan, char **zone_name);
-int update_firewall_cwmp_file(int port, char *zone_name, char *ip_addr, int ip_type);
 int download_file(const char *file_path, const char *url, const char *username, const char *password);
 long int get_file_size(char *file_name);
 int cwmp_check_image();

inc/cwmp_uci.h

@@ -62,6 +62,10 @@
 #define LW_NOTIFICATION_HOSTNAME "cwmp.lwn.hostname"
 #define LW_NOTIFICATION_PORT "cwmp.lwn.port"
 #define UCI_DHCP_ACS_URL "cwmp.acs.dhcp_url"
+#define UCI_FIREWALL_ACS_IP "cwmp.acs.ip"
+#define UCI_FIREWALL_ACS_PORT "cwmp.acs.port"
+#define UCI_FIREWALL_ACS_ZONENAME "cwmp.acs.zonename"
+#define UCI_FIREWALL_ACS_IPV6ENABLE "cwmp.acs.ipv6enable"
 
 #define UCI_CONFIG_DIR "/etc/config/"
 #define LIB_DB_CONFIG "/lib/db/config"