firewallmngr: update firewall script to get zone name dynamically

2025-12-10 07:44:50 +01:00 · 2025-06-10 17:28:52 +05:30 · 2025-06-10 17:28:52 +05:30 · eedf8d2761
commit eedf8d2761
parent bf8b4de5da
1 changed files with 45 additions and 2 deletions
--- a/firewallmngr/files/firewall.service
+++ b/firewallmngr/files/firewall.service
@ -2,6 +2,8 @@

 . /lib/functions.sh

+ZONE_NAME_FILE="/tmp/service_fw_zone"
+
 log() {
 	echo "${@}"|logger -t firewall.service -p info
 }
@ -17,6 +19,37 @@ exec_cmd() {
 	return 0
 }

+collect_zone_name() {
+	local name network
+
+	config_get name "${1}" name ""
+	if [ -z "${name}" ]; then
+		return
+	fi
+
+	config_get network "${1}" network ""
+	for i in ${network}; do
+		var="${i}_zone"
+		echo "${var}=${name}" >> "${ZONE_NAME_FILE}"
+	done
+}
+
+load_zone_names() {
+	rm -f "${ZONE_NAME_FILE}"
+	config_foreach collect_zone_name zone
+}
+
+get_firewall_zone() {
+	if [ ! -f "${ZONE_NAME_FILE}" ]; then
+		echo ""
+		return
+	fi
+
+	var="${1}_zone="
+	name="$(cat ${ZONE_NAME_FILE} | grep ${var} | head -n 1 | cut -d'=' -f 2)"
+	echo "${name}"
+}
+
 add_iptable_rule() {
 	chain_name=$1
 	protocol=$2
@ -135,9 +168,14 @@ add_service() {
 	fi

 	action=$(echo "${target}" | tr a-z A-Z)
-	chain_name="zone_${interface}_input"
-	res=0
+	zone_name="$(get_firewall_zone ${interface})"
+	if [ -z "${zone_name}" ]; then
+		log "Rule can not be added without zone name for interface ${interface}"
+		return
+	fi

+	chain_name="zone_${zone_name}_input"
+	res=0
 	count=$(echo "${proto}" | sed -n "/-1/p" | wc -l)

 	if [ "${count}" -eq 0 ]; then
@ -160,4 +198,9 @@ add_service() {
 }

 config_load firewall
+
+load_zone_names
+
 config_foreach add_service "service"
+
+rm -f "${ZONE_NAME_FILE}"