miniupnpd: rework and simplify firewall integration by taking advantage of the new fw3 functions

git-svn-id: svn://svn.openwrt.org/openwrt/packages@36011 3c298f89-4303-0410-b956-a3cf2f4a3e73

net/miniupnpd/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=miniupnpd
 PKG_VERSION:=1.8
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=http://miniupnp.free.fr/files
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -31,6 +31,17 @@ define Package/miniupnpd/conffiles
 /etc/config/upnpd
 endef
 
+define Package/miniupnpd/postinst
+#!/bin/sh
+
+if [ -z "$$IPKG_INSTROOT" ]; then
+  . /etc/uci-defaults/99-miniupnpd
+  rm -f /etc/uci-defaults/99-miniupnpd
+fi
+
+exit 0
+endef
+
 define Build/Prepare
 	$(call Build/Prepare/Default)
 	echo "OpenWrt/$(OPENWRTVERSION)" | tr \(\)\  _ >$(PKG_BUILD_DIR)/os.openwrt
@@ -44,13 +55,13 @@ MAKE_FLAGS += \
 	miniupnpd
 
 define Package/miniupnpd/install
-	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/iface $(1)/etc/hotplug.d/firewall
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config $(1)/etc/uci-defaults $(1)/etc/hotplug.d/iface $(1)/usr/share/miniupnpd
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/sbin/miniupnpd
 	$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
 	$(INSTALL_CONF) ./files/upnpd.config $(1)/etc/config/upnpd
-	$(INSTALL_DATA) ./files/miniupnpd.iface.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
-	$(INSTALL_DATA) ./files/miniupnpd.firewall.hotplug $(1)/etc/hotplug.d/firewall/50-miniupnpd
-	$(INSTALL_DIR) $(1)/usr/share/miniupnpd
+	$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
+	$(INSTALL_DATA) ./files/miniupnpd.defaults $(1)/etc/uci-defaults/99-miniupnpd
+	$(INSTALL_DATA) ./files/firewall.include $(1)/usr/share/miniupnpd/firewall.include
 endef
 
 $(eval $(call BuildPackage,miniupnpd))

net/miniupnpd/files/firewall.include

@@ -0,0 +1,15 @@
+#!/bin/sh
+# miniupnpd integration for firewall3
+
+iptables -t filter -N MINIUPNPD 2>/dev/null
+iptables -t nat -N MINIUPNPD 2>/dev/null
+
+local ext_iface
+for ext_iface in $(uci -q get upnpd.config.external_iface); do
+	local ext_zone
+	for ext_zone in $(fw3 -q network "$ext_iface"); do
+		iptables -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
+		iptables -t nat -I zone_${ext_zone}_prerouting -j MINIUPNPD
+	done
+done
+

net/miniupnpd/files/miniupnpd.defaults

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+uci -q batch <<-EOT
+	delete firewall.miniupnpd
+	set firewall.miniupnpd=include
+	set firewall.miniupnpd.type=script
+	set firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
+	set firewall.miniupnpd.family=IPv4
+	set firewall.miniupnpd.reload=1
+	commit firewall
+EOT
+
+exit 0

net/miniupnpd/files/miniupnpd.firewall.hotplug

@@ -1,50 +0,0 @@
-#!/bin/sh
-
-miniupnpd_add_rules() {
-	local zone="$1"
-	local network="$2"
-	local iface="$3"
-
-	miniupnpd_remove_rules
-
-	logger -t miniupnpd "adding firewall rules for $iface to zone $zone"
-
-	iptables -t nat -N MINIUPNPD 2>/dev/null
-	iptables -t nat -I zone_${zone}_prerouting -i $iface -j MINIUPNPD
-	iptables -t filter -N MINIUPNPD 2>/dev/null
-	iptables -t filter -I zone_${zone}_forward -i $iface ! -o $iface -j MINIUPNPD
-
-	uci_set_state upnpd state "" state
-	uci_set_state upnpd state zone "$zone"
-	uci_set_state upnpd state ifname "$iface"
-	uci_set_state upnpd state network "$network"
-}
-
-miniupnpd_remove_rules() {
-	local zone="$(uci_get_state upnpd state zone)"
-	local iface="$(uci_get_state upnpd state ifname)"
-
-	[ -n "$zone" ] && [ -n "$iface" ] && {
-		logger -t miniupnpd "removing firewall rules for $iface from zone $zone"
-
-		while iptables -t nat -D zone_${zone}_prerouting \
-			-i $iface -j MINIUPNPD 2>/dev/null; do :; done
-
-		while iptables -t filter -D zone_${zone}_forward \
-			-i $iface ! -o $iface -j MINIUPNPD 2>/dev/null; do :; done
-	}
-
-	uci_revert_state upnpd
-}
-
-/etc/init.d/miniupnpd enabled && [ -n "`pidof miniupnpd`" ] && {
-
-	local extif="$(uci_get upnpd config external_iface)"
-	local curif="$(uci_get_state upnpd state network)"
-
-	if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then
-		miniupnpd_add_rules "$ZONE" "$INTERFACE" "$DEVICE"
-	elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$curif" ]; then
-		miniupnpd_remove_rules
-	fi
-}

net/miniupnpd/files/miniupnpd.init

@@ -62,9 +62,6 @@ boot() {
 }
 
 start() {
-	type miniupnpd_add_rules >/dev/null 2>/dev/null || \
-		ACTION=- . /etc/hotplug.d/firewall/50-miniupnpd
-
 	config_load "upnpd"
 	local extiface intiface upload download logging secure enabled natpmp
 	local extip port usesysuptime conffile serial_number model_number
@@ -165,12 +162,7 @@ start() {
 
 	if [ -n "$ifname" ]; then
 		# start firewall
-		local zone
-		config_load firewall
-		config_get zone core "${extiface:-wan}_zone"
-
-	    [ -n "$zone" ] && \
-			miniupnpd_add_rules "$zone" "${extiface:-wan}" "$ifname"
+		iptables -L MINIUPNPD >/dev/null 2>/dev/null || fw3 reload
 
 		if [ "$logging" = "1" ]; then
 			SERVICE_DAEMONIZE=1 \
@@ -187,13 +179,6 @@ start() {
 stop() {
 	service_stop /usr/sbin/miniupnpd
 
-	type miniupnpd_remove_rules >/dev/null 2>/dev/null || \
-		ACTION=- . /etc/hotplug.d/firewall/50-miniupnpd
-
-	miniupnpd_remove_rules
-
 	iptables -t nat -F MINIUPNPD 2>/dev/null
-	iptables -t nat -X MINIUPNPD 2>/dev/null
 	iptables -t filter -F MINIUPNPD 2>/dev/null
-	iptables -t filter -X MINIUPNPD 2>/dev/null
 }