mirror of
https://dev.iopsys.eu/feed/iopsys.git
synced 2025-12-10 07:44:50 +01:00
50 lines
1.3 KiB
Bash
50 lines
1.3 KiB
Bash
#!/bin/sh
|
|
|
|
. /lib/functions.sh
|
|
#created by the icwmp package
|
|
log() {
|
|
echo "${@}"|logger -t firewall.twamp -p info
|
|
}
|
|
|
|
if [ ! -f "/etc/config/twamp" ]; then
|
|
exit 0;
|
|
fi
|
|
|
|
function configure_firewall()
|
|
{
|
|
local enable port interface
|
|
|
|
config_get enable ${1} enable "1"
|
|
config_get port ${1} port
|
|
config_get interface ${1} interface
|
|
if [ "$enable" -eq 0 -o -z "${port}" -o -z "${interface}" ]; then
|
|
return 0;
|
|
fi
|
|
|
|
iptables -w 1 -nL zone_${interface}_input 2>/dev/null 1>&2
|
|
if [ "$?" -eq 0 ]; then
|
|
iptables -w 1 -I zone_${interface}_input -p udp --dport "${port}" -j ACCEPT -m comment --comment "TWAMP reflector port"
|
|
fi
|
|
}
|
|
|
|
function delete_rule()
|
|
{
|
|
while iptables -w 1 -nL zone_${1}_input --line-numbers 2>/dev/null | grep "TWAMP reflector port"; do
|
|
rule_num="$(iptables -w 1 -nL zone_${1}_input --line-numbers | grep "TWAMP reflector port" | head -1|awk '{print $1}')"
|
|
if [ -n "${rule_num}" ]; then
|
|
iptables -w 1 -D zone_${1}_input ${rule_num};
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Loop through all interfaces and delete the twamp reflector rule from interface's input chain
|
|
config_load network
|
|
config_foreach delete_rule interface
|
|
|
|
config_load twamp
|
|
config_get twamp_enable twamp enable "0"
|
|
if [ "${twamp_enable}" -eq "0" ]; then
|
|
exit 0;
|
|
fi
|
|
|
|
config_foreach configure_firewall twamp_reflector
|