From eedf8d2761a70a66ef2697723515389070b2edba Mon Sep 17 00:00:00 2001 From: Mohd Husaam Mehdi Date: Tue, 10 Jun 2025 17:28:52 +0530 Subject: [PATCH] firewallmngr: update firewall script to get zone name dynamically --- firewallmngr/files/firewall.service | 47 +++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/firewallmngr/files/firewall.service b/firewallmngr/files/firewall.service index 2d40291cd..09d99c20c 100755 --- a/firewallmngr/files/firewall.service +++ b/firewallmngr/files/firewall.service @@ -2,6 +2,8 @@ . /lib/functions.sh +ZONE_NAME_FILE="/tmp/service_fw_zone" + log() { echo "${@}"|logger -t firewall.service -p info } @@ -17,6 +19,37 @@ exec_cmd() { return 0 } +collect_zone_name() { + local name network + + config_get name "${1}" name "" + if [ -z "${name}" ]; then + return + fi + + config_get network "${1}" network "" + for i in ${network}; do + var="${i}_zone" + echo "${var}=${name}" >> "${ZONE_NAME_FILE}" + done +} + +load_zone_names() { + rm -f "${ZONE_NAME_FILE}" + config_foreach collect_zone_name zone +} + +get_firewall_zone() { + if [ ! -f "${ZONE_NAME_FILE}" ]; then + echo "" + return + fi + + var="${1}_zone=" + name="$(cat ${ZONE_NAME_FILE} | grep ${var} | head -n 1 | cut -d'=' -f 2)" + echo "${name}" +} + add_iptable_rule() { chain_name=$1 protocol=$2 @@ -135,9 +168,14 @@ add_service() { fi action=$(echo "${target}" | tr a-z A-Z) - chain_name="zone_${interface}_input" - res=0 + zone_name="$(get_firewall_zone ${interface})" + if [ -z "${zone_name}" ]; then + log "Rule can not be added without zone name for interface ${interface}" + return + fi + chain_name="zone_${zone_name}_input" + res=0 count=$(echo "${proto}" | sed -n "/-1/p" | wc -l) if [ "${count}" -eq 0 ]; then @@ -160,4 +198,9 @@ add_service() { } config_load firewall + +load_zone_names + config_foreach add_service "service" + +rm -f "${ZONE_NAME_FILE}"