firewall: implement disable_ipv6 uci option

SVN-Revision: 21503
This commit is contained in:
Jo-Philipp Wich 2010-05-19 01:55:46 +00:00
parent c6fdffd932
commit 3ffd27f905
2 changed files with 11 additions and 5 deletions

View File

@ -16,6 +16,9 @@ FW_DEFAULT_INPUT_POLICY=REJECT
FW_DEFAULT_OUTPUT_POLICY=REJECT FW_DEFAULT_OUTPUT_POLICY=REJECT
FW_DEFAULT_FORWARD_POLICY=REJECT FW_DEFAULT_FORWARD_POLICY=REJECT
FW_DISABLE_IPV4=0
FW_DISABLE_IPV6=0
fw_load_defaults() { fw_load_defaults() {
fw_config_get_section "$1" defaults { \ fw_config_get_section "$1" defaults { \
@ -34,6 +37,7 @@ fw_load_defaults() {
boolean accept_redirects 0 \ boolean accept_redirects 0 \
boolean accept_source_route 0 \ boolean accept_source_route 0 \
boolean custom_chains 1 \ boolean custom_chains 1 \
boolean disable_ipv6 0 \
} || return } || return
[ -n "$FW_DEFAULTS_APPLIED" ] && { [ -n "$FW_DEFAULTS_APPLIED" ] && {
echo "Error: multiple defaults sections detected" echo "Error: multiple defaults sections detected"
@ -50,6 +54,8 @@ fw_load_defaults() {
FW_ACCEPT_REDIRECTS=$defaults_accept_redirects FW_ACCEPT_REDIRECTS=$defaults_accept_redirects
FW_ACCEPT_SRC_ROUTE=$defaults_accept_source_route FW_ACCEPT_SRC_ROUTE=$defaults_accept_source_route
FW_DISABLE_IPV6=$defaults_disable_ipv6
fw_callback pre defaults fw_callback pre defaults
# Seems like there are only one sysctl for both IP versions. # Seems like there are only one sysctl for both IP versions.

View File

@ -85,7 +85,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
6) mod=ip6table_${tab} ;; 6) mod=ip6table_${tab} ;;
*) mod=. ;; *) mod=. ;;
esac esac
grep "^${mod} " /proc/modules > /dev/null grep -q "^${mod} " /proc/modules
mod=$? mod=$?
export FW_${fam}_${tab}=$mod export FW_${fam}_${tab}=$mod
fw__rc $mod fw__rc $mod
@ -100,8 +100,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
local app= local app=
local pol= local pol=
case "$fam" in case "$fam" in
4) app=iptables ;; 4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables || return ;;
6) app=ip6tables ;; 6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
i) fw__dualip "$@"; return ;; i) fw__dualip "$@"; return ;;
I) fw__autoip "$@"; return ;; I) fw__autoip "$@"; return ;;
e) app=ebtables ;; e) app=ebtables ;;