packages/net/miniupnpd/files/miniupnpd.firewall.hotplug

#!/bin/sh

miniupnpd_add_rules() {
	local zone="$1"
	local network="$2"
	local iface="$3"

	miniupnpd_remove_rules

	logger -t miniupnpd "adding firewall rules for $iface to zone $zone"

	iptables -t nat -N MINIUPNPD 2>/dev/null
	iptables -t nat -I zone_${zone}_prerouting -i $iface -j MINIUPNPD
	iptables -t filter -N MINIUPNPD 2>/dev/null
	iptables -t filter -I zone_${zone}_forward -i $iface ! -o $iface -j MINIUPNPD

	uci_set_state upnpd state "" state
	uci_set_state upnpd state zone "$zone"
	uci_set_state upnpd state ifname "$iface"
	uci_set_state upnpd state network "$network"
}

miniupnpd_remove_rules() {
	local zone="$(uci_get_state upnpd state zone)"
	local iface="$(uci_get_state upnpd state ifname)"

	[ -n "$zone" ] && [ -n "$iface" ] && {
		logger -t miniupnpd "removing firewall rules for $iface from zone $zone"

		while iptables -t nat -D zone_${zone}_prerouting \
			-i $iface -j MINIUPNPD 2>/dev/null; do :; done

		while iptables -t filter -D zone_${zone}_forward \
			-i $iface ! -o $iface -j MINIUPNPD 2>/dev/null; do :; done
	}

	uci_revert_state upnpd
}

/etc/init.d/miniupnpd enabled && [ -n "`pidof miniupnpd`" ] && {

	local extif="$(uci_get upnpd config external_iface)"
	local curif="$(uci_get_state upnpd state network)"

	if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then
		miniupnpd_add_rules "$ZONE" "$INTERFACE" "$DEVICE"
	elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$curif" ]; then
		miniupnpd_remove_rules
	fi
}
clean up miniupnpd package and update to latest version (resync with x-wrt) git-svn-id: svn://svn.openwrt.org/openwrt/packages@5728 3c298f89-4303-0410-b956-a3cf2f4a3e73 2006-12-08 18:36:31 +00:00			`#!/bin/sh`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00
[packages] miniupnpd: rework firewall integration, should be much more robust now git-svn-id: svn://svn.openwrt.org/openwrt/packages@23065 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-09-15 02:57:50 +00:00			`miniupnpd_add_rules() {`
			`local zone="$1"`
			`local network="$2"`
			`local iface="$3"`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00
[packages] miniupnpd: rework firewall integration, should be much more robust now git-svn-id: svn://svn.openwrt.org/openwrt/packages@23065 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-09-15 02:57:50 +00:00			`miniupnpd_remove_rules`
[packages] miniupnpd: - use firewall hotplug calls to configure rules - properly clean and rebuild rules on restart - cope with ifdown/ifup events on external iface (#4669) - bump pkg revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@17680 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-09-23 00:48:24 +00:00
[packages] miniupnpd: rework firewall integration, should be much more robust now git-svn-id: svn://svn.openwrt.org/openwrt/packages@23065 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-09-15 02:57:50 +00:00			`logger -t miniupnpd "adding firewall rules for $iface to zone $zone"`
[packages] miniupnpd: - use firewall hotplug calls to configure rules - properly clean and rebuild rules on restart - cope with ifdown/ifup events on external iface (#4669) - bump pkg revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@17680 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-09-23 00:48:24 +00:00
[packages] miniupnpd: rework firewall integration, should be much more robust now git-svn-id: svn://svn.openwrt.org/openwrt/packages@23065 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-09-15 02:57:50 +00:00			`iptables -t nat -N MINIUPNPD 2>/dev/null`
[package] miniupnpd: fix iptables rule order (#7965) git-svn-id: svn://svn.openwrt.org/openwrt/packages@23096 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-09-19 15:50:48 +00:00			`iptables -t nat -I zone_${zone}_prerouting -i $iface -j MINIUPNPD`
[packages] miniupnpd: rework firewall integration, should be much more robust now git-svn-id: svn://svn.openwrt.org/openwrt/packages@23065 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-09-15 02:57:50 +00:00			`iptables -t filter -N MINIUPNPD 2>/dev/null`
[package] miniupnpd: fix iptables rule order (#7965) git-svn-id: svn://svn.openwrt.org/openwrt/packages@23096 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-09-19 15:50:48 +00:00			`iptables -t filter -I zone_${zone}_forward -i $iface ! -o $iface -j MINIUPNPD`
[packages] miniupnpd: - use firewall hotplug calls to configure rules - properly clean and rebuild rules on restart - cope with ifdown/ifup events on external iface (#4669) - bump pkg revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@17680 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-09-23 00:48:24 +00:00
[packages] miniupnpd: rework firewall integration, should be much more robust now git-svn-id: svn://svn.openwrt.org/openwrt/packages@23065 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-09-15 02:57:50 +00:00			`uci_set_state upnpd state "" state`
			`uci_set_state upnpd state zone "$zone"`
			`uci_set_state upnpd state ifname "$iface"`
			`uci_set_state upnpd state network "$network"`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00			`}`
[packages] miniupnpd: - use firewall hotplug calls to configure rules - properly clean and rebuild rules on restart - cope with ifdown/ifup events on external iface (#4669) - bump pkg revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@17680 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-09-23 00:48:24 +00:00
[packages] miniupnpd: rework firewall integration, should be much more robust now git-svn-id: svn://svn.openwrt.org/openwrt/packages@23065 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-09-15 02:57:50 +00:00			`miniupnpd_remove_rules() {`
			`local zone="$(uci_get_state upnpd state zone)"`
			`local iface="$(uci_get_state upnpd state ifname)"`

			`[ -n "$zone" ] && [ -n "$iface" ] && {`
			`logger -t miniupnpd "removing firewall rules for $iface from zone $zone"`

			`while iptables -t nat -D zone_${zone}_prerouting \`
			`-i $iface -j MINIUPNPD 2>/dev/null; do :; done`

			`while iptables -t filter -D zone_${zone}_forward \`
			`-i $iface ! -o $iface -j MINIUPNPD 2>/dev/null; do :; done`
			`}`

			`uci_revert_state upnpd`
			`}`

			/etc/init.d/miniupnpd enabled && [ -n "`pidof miniupnpd`" ] && {

			`local extif="$(uci_get upnpd config external_iface)"`
			`local curif="$(uci_get_state upnpd state network)"`

			`if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then`
			`miniupnpd_add_rules "$ZONE" "$INTERFACE" "$DEVICE"`
			`elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$curif" ]; then`
			`miniupnpd_remove_rules`
			`fi`
			`}`