firewallmngr: update firewall script to get zone name dynamically

firewallmngr/files/firewall.service

@@ -2,6 +2,8 @@
 
 . /lib/functions.sh
 
+ZONE_NAME_FILE="/tmp/service_fw_zone"
+
 log() {
 	echo "${@}"|logger -t firewall.service -p info
 }
@@ -17,6 +19,37 @@ exec_cmd() {
 	return 0
 }
 
+collect_zone_name() {
+	local name network
+
+	config_get name "${1}" name ""
+	if [ -z "${name}" ]; then
+		return
+	fi
+
+	config_get network "${1}" network ""
+	for i in ${network}; do
+		var="${i}_zone"
+		echo "${var}=${name}" >> "${ZONE_NAME_FILE}"
+	done
+}
+
+load_zone_names() {
+	rm -f "${ZONE_NAME_FILE}"
+	config_foreach collect_zone_name zone
+}
+
+get_firewall_zone() {
+	if [ ! -f "${ZONE_NAME_FILE}" ]; then
+		echo ""
+		return
+	fi
+
+	var="${1}_zone="
+	name="$(cat ${ZONE_NAME_FILE} | grep ${var} | head -n 1 | cut -d'=' -f 2)"
+	echo "${name}"
+}
+
 add_iptable_rule() {
 	chain_name=$1
 	protocol=$2
@@ -135,9 +168,14 @@ add_service() {
 	fi
 
 	action=$(echo "${target}" | tr a-z A-Z)
-	chain_name="zone_${interface}_input"
+	zone_name="$(get_firewall_zone ${interface})"
-	res=0
+	if [ -z "${zone_name}" ]; then
+		log "Rule can not be added without zone name for interface ${interface}"
+		return
+	fi
 
+	chain_name="zone_${zone_name}_input"
+	res=0
 	count=$(echo "${proto}" | sed -n "/-1/p" | wc -l)
 
 	if [ "${count}" -eq 0 ]; then
@@ -160,4 +198,9 @@ add_service() {
 }
 
 config_load firewall
+
+load_zone_names
+
 config_foreach add_service "service"
+
+rm -f "${ZONE_NAME_FILE}"