Ticket refs #11651 :Connection request iptables rule

config/firewall.cwmp

@@ -1,2 +1,21 @@
 #created by the icwmp package 
+zone_name=""
+port=""
+if [ "$zone_name" = "" ]; then
+	exit 0
+elif [ "$zone_name" = "icwmp" ]; then
+	iptables -nL zone_icwmp_input 2> /dev/null
+	if [ $? != 0 ]; then
+		iptables -N zone_icwmp_input
+		iptables -t filter -A INPUT -j zone_icwmp_input
+		iptables -I zone_icwmp_input -p tcp --dport $port -j REJECT
+	else			
+		iptables -F zone_icwmp_input
+		iptables -I zone_icwmp_input -p tcp --dport $port -j REJECT
+	fi			
+else
+	iptables -F zone_icwmp_input 2> /dev/null
+	iptables -t filter -D INPUT -j zone_icwmp_input 2> /dev/null
+	iptables -X zone_icwmp_input 2> /dev/null
+fi
 #iptables -I FW_ZONE -p tcp -s ACS_ADDRESS --dport PORT -j ACCEPT --comment "Open ACS port"

scripts/icwmp.sh

@@ -372,13 +372,17 @@ handle_action() {
 		local if_wan=`$UCI_GET cwmp.cpe.default_wan_interface`
 		local zone=`$UCI_SHOW firewall | grep "firewall\.@zone\[[0-9]\+\]\.network=.*$if_wan" | head -1 | cut -f2 -d.`
 		local zone_name=`$UCI_GET firewall.$zone.name`
-		[ "$zone_name" = "" ] && return
+		if [ "$zone_name" = "" ]; then
+			zone_name=icwmp	
+		fi
+		sed -i "s,^port=.*,port=${port},g" /etc/firewall.cwmp
+		sed -i "s,^zone_name=.*,zone_name=${zone_name},g" /etc/firewall.cwmp	
 		# update iptables rule
 		if [ "$__arg2" != "1" ]; then 
 			sed -i "s,^.*iptables.*Open ACS port.*,iptables -I zone_${zone_name}_input -p tcp -s $__arg1 --dport $port -j ACCEPT -m comment --comment=\"Open ACS port\",g" /etc/firewall.cwmp			
 		else
 			sed -i "s,^.*iptables.*Open ACS port.*,ip6tables -I zone_${zone_name}_input -p tcp -s $__arg1 --dport $port -j ACCEPT -m comment --comment=\"Open ACS port\",g" /etc/firewall.cwmp			
-		fi		
+		fi
 		fw3 reload
 	fi