miniupnpd: rework and simplify firewall integration by taking advantage of the new fw3 functions

git-svn-id: svn://svn.openwrt.org/openwrt/packages@36011 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-03-14 15:30:58 +00:00 · 2013-03-14 15:30:58 +00:00 · 9170d59796
commit 9170d59796
parent 01f172e4aa
6 changed files with 45 additions and 71 deletions
--- a/net/miniupnpd/Makefile
+++ b/net/miniupnpd/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=miniupnpd
 PKG_VERSION:=1.8
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE_URL:=http://miniupnp.free.fr/files
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@ -31,6 +31,17 @@ define Package/miniupnpd/conffiles
 /etc/config/upnpd
 endef
 define Package/miniupnpd/postinst
 #!/bin/sh
 if [ -z "$$IPKG_INSTROOT" ]; then
  . /etc/uci-defaults/99-miniupnpd
  rm -f /etc/uci-defaults/99-miniupnpd
 fi
 exit 0
 endef
 define Build/Prepare
 	$(call Build/Prepare/Default)
 	echo "OpenWrt/$(OPENWRTVERSION)" | tr \(\)\  _ >$(PKG_BUILD_DIR)/os.openwrt
@ -44,13 +55,13 @@ MAKE_FLAGS += \
 	miniupnpd
 define Package/miniupnpd/install
-	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/iface $(1)/etc/hotplug.d/firewall
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config $(1)/etc/uci-defaults $(1)/etc/hotplug.d/iface $(1)/usr/share/miniupnpd
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/sbin/miniupnpd
 	$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
 	$(INSTALL_CONF) ./files/upnpd.config $(1)/etc/config/upnpd
-	$(INSTALL_DATA) ./files/miniupnpd.iface.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
+	$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
-	$(INSTALL_DATA) ./files/miniupnpd.firewall.hotplug $(1)/etc/hotplug.d/firewall/50-miniupnpd
+	$(INSTALL_DATA) ./files/miniupnpd.defaults $(1)/etc/uci-defaults/99-miniupnpd
-	$(INSTALL_DIR) $(1)/usr/share/miniupnpd
+	$(INSTALL_DATA) ./files/firewall.include $(1)/usr/share/miniupnpd/firewall.include
 endef
 $(eval $(call BuildPackage,miniupnpd))
--- a/net/miniupnpd/files/firewall.include
+++ b/net/miniupnpd/files/firewall.include
@ -0,0 +1,15 @@
 #!/bin/sh
 # miniupnpd integration for firewall3
 iptables -t filter -N MINIUPNPD 2>/dev/null
 iptables -t nat -N MINIUPNPD 2>/dev/null
 local ext_iface
 for ext_iface in $(uci -q get upnpd.config.external_iface); do
 	local ext_zone
 	for ext_zone in $(fw3 -q network "$ext_iface"); do
 		iptables -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
 		iptables -t nat -I zone_${ext_zone}_prerouting -j MINIUPNPD
 	done
 done
--- a/net/miniupnpd/files/miniupnpd.defaults
+++ b/net/miniupnpd/files/miniupnpd.defaults
@ -0,0 +1,13 @@
 #!/bin/sh
 uci -q batch <<-EOT
 	delete firewall.miniupnpd
 	set firewall.miniupnpd=include
 	set firewall.miniupnpd.type=script
 	set firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
 	set firewall.miniupnpd.family=IPv4
 	set firewall.miniupnpd.reload=1
 	commit firewall
 EOT
 exit 0
--- a/net/miniupnpd/files/miniupnpd.firewall.hotplug
+++ b/net/miniupnpd/files/miniupnpd.firewall.hotplug
@ -1,50 +0,0 @@
 #!/bin/sh
 miniupnpd_add_rules() {
 	local zone="$1"
 	local network="$2"
 	local iface="$3"
 	miniupnpd_remove_rules
 	logger -t miniupnpd "adding firewall rules for $iface to zone $zone"
 	iptables -t nat -N MINIUPNPD 2>/dev/null
 	iptables -t nat -I zone_${zone}_prerouting -i $iface -j MINIUPNPD
 	iptables -t filter -N MINIUPNPD 2>/dev/null
 	iptables -t filter -I zone_${zone}_forward -i $iface ! -o $iface -j MINIUPNPD
 	uci_set_state upnpd state "" state
 	uci_set_state upnpd state zone "$zone"
 	uci_set_state upnpd state ifname "$iface"
 	uci_set_state upnpd state network "$network"
 }
 miniupnpd_remove_rules() {
 	local zone="$(uci_get_state upnpd state zone)"
 	local iface="$(uci_get_state upnpd state ifname)"
 	[ -n "$zone" ] && [ -n "$iface" ] && {
 		logger -t miniupnpd "removing firewall rules for $iface from zone $zone"
 		while iptables -t nat -D zone_${zone}_prerouting \
 			-i $iface -j MINIUPNPD 2>/dev/null; do :; done
 		while iptables -t filter -D zone_${zone}_forward \
 			-i $iface ! -o $iface -j MINIUPNPD 2>/dev/null; do :; done
 	}
 	uci_revert_state upnpd
 }
 /etc/init.d/miniupnpd enabled && [ -n "`pidof miniupnpd`" ] && {
 	local extif="$(uci_get upnpd config external_iface)"
 	local curif="$(uci_get_state upnpd state network)"
 	if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then
 		miniupnpd_add_rules "$ZONE" "$INTERFACE" "$DEVICE"
 	elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$curif" ]; then
 		miniupnpd_remove_rules
 	fi
 }
--- a/net/miniupnpd/files/miniupnpd.iface.hotplug
+++ b/net/miniupnpd/files/miniupnpd.iface.hotplug
--- a/net/miniupnpd/files/miniupnpd.init
+++ b/net/miniupnpd/files/miniupnpd.init
@ -62,9 +62,6 @@ boot() {
 }
 start() {
 	type miniupnpd_add_rules >/dev/null 2>/dev/null || \
 		ACTION=- . /etc/hotplug.d/firewall/50-miniupnpd
 	config_load "upnpd"
 	local extiface intiface upload download logging secure enabled natpmp
 	local extip port usesysuptime conffile serial_number model_number
@ -165,12 +162,7 @@ start() {
 	if [ -n "$ifname" ]; then
 		# start firewall
-		local zone
+		iptables -L MINIUPNPD >/dev/null 2>/dev/null || fw3 reload
 		config_load firewall
 		config_get zone core "${extiface:-wan}_zone"
 	    [ -n "$zone" ] && \
 			miniupnpd_add_rules "$zone" "${extiface:-wan}" "$ifname"
 		if [ "$logging" = "1" ]; then
 			SERVICE_DAEMONIZE=1 \
@ -187,13 +179,6 @@ start() {
 stop() {
 	service_stop /usr/sbin/miniupnpd
 	type miniupnpd_remove_rules >/dev/null 2>/dev/null || \
 		ACTION=- . /etc/hotplug.d/firewall/50-miniupnpd
 	miniupnpd_remove_rules
 	iptables -t nat -F MINIUPNPD 2>/dev/null
 	iptables -t nat -X MINIUPNPD 2>/dev/null
 	iptables -t filter -F MINIUPNPD 2>/dev/null
 	iptables -t filter -X MINIUPNPD 2>/dev/null
 }