[packages] miniupnpd: rework firewall integration, should be much more robust now
git-svn-id: svn://svn.openwrt.org/openwrt/packages@23065 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
jow
parent
e6a3946190
commit
79db0b36c2
@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
|
||||
|
||||
PKG_NAME:=miniupnpd
|
||||
PKG_VERSION:=1.4
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
PKG_MD5SUM:=ffa33d4ed8732c662bdb7d511e86db76
|
||||
|
||||
PKG_SOURCE_URL:=http://miniupnp.free.fr/files
|
||||
|
||||
@ -1,46 +1,50 @@
|
||||
#!/bin/sh
|
||||
|
||||
/etc/init.d/miniupnpd enabled && {
|
||||
miniupnpd_add_rules() {
|
||||
local zone="$1"
|
||||
local network="$2"
|
||||
local iface="$3"
|
||||
|
||||
local state="${ZONE}_${INTERFACE}"
|
||||
local extif initifs
|
||||
miniupnpd_remove_rules
|
||||
|
||||
config_load upnpd
|
||||
config_get extif config external_iface
|
||||
logger -t miniupnpd "adding firewall rules for $iface to zone $zone"
|
||||
|
||||
if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then
|
||||
iptables -t nat -N MINIUPNPD 2>/dev/null
|
||||
iptables -t nat -A zone_${zone}_prerouting -i $iface -j MINIUPNPD
|
||||
iptables -t filter -N MINIUPNPD 2>/dev/null
|
||||
iptables -t filter -A zone_${zone}_forward -i $iface ! -o $iface -j MINIUPNPD
|
||||
|
||||
local active
|
||||
config_get active "$state" ifname
|
||||
|
||||
[ -z "$active" ] && {
|
||||
local ipaddr
|
||||
config_get ipaddr "$extif" ipaddr
|
||||
|
||||
logger -t "upnp" "adding $INTERFACE ($DEVICE - $ipaddr) to firewall"
|
||||
|
||||
iptables -t nat -N MINIUPNPD 2>/dev/null
|
||||
iptables -t nat -A prerouting_rule -i $DEVICE -d $ipaddr -j MINIUPNPD
|
||||
iptables -t filter -N MINIUPNPD 2>/dev/null
|
||||
iptables -t filter -A forwarding_rule -i $DEVICE ! -o $DEVICE -j MINIUPNPD
|
||||
|
||||
uci_set_state upnpd "$state" "" "firewall"
|
||||
uci_set_state upnpd "$state" ifname "$DEVICE"
|
||||
uci_set_state upnpd "$state" ipaddr "$ipaddr"
|
||||
}
|
||||
|
||||
elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$extif" ]; then
|
||||
|
||||
local ifname ipaddr
|
||||
config_get ifname "$state" ifname
|
||||
config_get ipaddr "$state" ipaddr
|
||||
|
||||
[ -n "$ifname" ] && [ -n "$ipaddr" ] && {
|
||||
logger -t "upnp" "removing $INTERFACE ($ifname - $ipaddr) from firewall"
|
||||
iptables -t nat -D prerouting_rule -i $ifname -d $ipaddr -j MINIUPNPD
|
||||
iptables -t filter -D forwarding_rule -i $DEVICE ! -o $DEVICE -j MINIUPNPD
|
||||
uci_revert_state upnpd "$state"
|
||||
}
|
||||
fi
|
||||
uci_set_state upnpd state "" state
|
||||
uci_set_state upnpd state zone "$zone"
|
||||
uci_set_state upnpd state ifname "$iface"
|
||||
uci_set_state upnpd state network "$network"
|
||||
}
|
||||
|
||||
miniupnpd_remove_rules() {
|
||||
local zone="$(uci_get_state upnpd state zone)"
|
||||
local iface="$(uci_get_state upnpd state ifname)"
|
||||
|
||||
[ -n "$zone" ] && [ -n "$iface" ] && {
|
||||
logger -t miniupnpd "removing firewall rules for $iface from zone $zone"
|
||||
|
||||
while iptables -t nat -D zone_${zone}_prerouting \
|
||||
-i $iface -j MINIUPNPD 2>/dev/null; do :; done
|
||||
|
||||
while iptables -t filter -D zone_${zone}_forward \
|
||||
-i $iface ! -o $iface -j MINIUPNPD 2>/dev/null; do :; done
|
||||
}
|
||||
|
||||
uci_revert_state upnpd
|
||||
}
|
||||
|
||||
/etc/init.d/miniupnpd enabled && [ -n "`pidof miniupnpd`" ] && {
|
||||
|
||||
local extif="$(uci_get upnpd config external_iface)"
|
||||
local curif="$(uci_get_state upnpd state network)"
|
||||
|
||||
if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then
|
||||
miniupnpd_add_rules "$ZONE" "$INTERFACE" "$DEVICE"
|
||||
elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$curif" ]; then
|
||||
miniupnpd_remove_rules
|
||||
fi
|
||||
}
|
||||
|
||||
@ -2,6 +2,9 @@
|
||||
START=95
|
||||
|
||||
start() {
|
||||
type miniupnpd_add_rules >/dev/null 2>/dev/null || \
|
||||
ACTION=- . /etc/hotplug.d/firewall/50-miniupnpd
|
||||
|
||||
config_load "upnpd"
|
||||
local extiface intiface upload download logging secure enabled
|
||||
|
||||
@ -48,41 +51,23 @@ start() {
|
||||
config_load firewall
|
||||
config_get zone core "${extiface:-wan}_zone"
|
||||
[ -n "$zone" ] && \
|
||||
ACTION="add" ZONE="$zone" INTERFACE="${extiface:-wan}" DEVICE="$ifname" \
|
||||
. /etc/hotplug.d/firewall/50-miniupnpd
|
||||
miniupnpd_add_rules "$zone" "${extiface:-wan}" "$ifname"
|
||||
else
|
||||
logger -t "upnp daemon" "external interface not found, not starting"
|
||||
fi
|
||||
}
|
||||
|
||||
clear_rule() {
|
||||
local state="$1"
|
||||
local ifname ipaddr
|
||||
|
||||
config_get ifname "$state" ifname
|
||||
config_get ipaddr "$state" ipaddr
|
||||
|
||||
[ -n "$ifname" ] && [ -n "$ipaddr" ] && {
|
||||
iptables -t nat -D prerouting_rule -i $ifname -d $ipaddr -j MINIUPNPD
|
||||
iptables -t filter -D forwarding_rule -i $ifname ! -o $ifname -j MINIUPNPD
|
||||
uci_revert_state upnpd "$state"
|
||||
unset "CONFIG_${state}_ifname"
|
||||
unset "CONFIG_${state}_ipaddr"
|
||||
}
|
||||
}
|
||||
|
||||
stop() {
|
||||
start-stop-daemon -K -q -x miniupnpd -p /var/run/miniupnpd.pid
|
||||
rm -f /var/run/miniupnpd.pid
|
||||
|
||||
logger -t "upnp" "removing firewall rules"
|
||||
type miniupnpd_remove_rules >/dev/null 2>/dev/null || \
|
||||
ACTION=- . /etc/hotplug.d/firewall/50-miniupnpd
|
||||
|
||||
config_load upnpd
|
||||
config_foreach clear_rule firewall
|
||||
miniupnpd_remove_rules
|
||||
|
||||
iptables -t nat -F MINIUPNPD 2>/dev/null
|
||||
iptables -t nat -X MINIUPNPD 2>/dev/null
|
||||
iptables -t filter -F MINIUPNPD 2>/dev/null
|
||||
iptables -t filter -X MINIUPNPD 2>/dev/null
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user