firewall: implement disable_ipv6 uci option
SVN-Revision: 21503
This commit is contained in:
parent
c6fdffd932
commit
3ffd27f905
@ -16,6 +16,9 @@ FW_DEFAULT_INPUT_POLICY=REJECT
|
|||||||
FW_DEFAULT_OUTPUT_POLICY=REJECT
|
FW_DEFAULT_OUTPUT_POLICY=REJECT
|
||||||
FW_DEFAULT_FORWARD_POLICY=REJECT
|
FW_DEFAULT_FORWARD_POLICY=REJECT
|
||||||
|
|
||||||
|
FW_DISABLE_IPV4=0
|
||||||
|
FW_DISABLE_IPV6=0
|
||||||
|
|
||||||
|
|
||||||
fw_load_defaults() {
|
fw_load_defaults() {
|
||||||
fw_config_get_section "$1" defaults { \
|
fw_config_get_section "$1" defaults { \
|
||||||
@ -34,6 +37,7 @@ fw_load_defaults() {
|
|||||||
boolean accept_redirects 0 \
|
boolean accept_redirects 0 \
|
||||||
boolean accept_source_route 0 \
|
boolean accept_source_route 0 \
|
||||||
boolean custom_chains 1 \
|
boolean custom_chains 1 \
|
||||||
|
boolean disable_ipv6 0 \
|
||||||
} || return
|
} || return
|
||||||
[ -n "$FW_DEFAULTS_APPLIED" ] && {
|
[ -n "$FW_DEFAULTS_APPLIED" ] && {
|
||||||
echo "Error: multiple defaults sections detected"
|
echo "Error: multiple defaults sections detected"
|
||||||
@ -50,6 +54,8 @@ fw_load_defaults() {
|
|||||||
FW_ACCEPT_REDIRECTS=$defaults_accept_redirects
|
FW_ACCEPT_REDIRECTS=$defaults_accept_redirects
|
||||||
FW_ACCEPT_SRC_ROUTE=$defaults_accept_source_route
|
FW_ACCEPT_SRC_ROUTE=$defaults_accept_source_route
|
||||||
|
|
||||||
|
FW_DISABLE_IPV6=$defaults_disable_ipv6
|
||||||
|
|
||||||
fw_callback pre defaults
|
fw_callback pre defaults
|
||||||
|
|
||||||
# Seems like there are only one sysctl for both IP versions.
|
# Seems like there are only one sysctl for both IP versions.
|
||||||
|
@ -85,7 +85,7 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
|
|||||||
6) mod=ip6table_${tab} ;;
|
6) mod=ip6table_${tab} ;;
|
||||||
*) mod=. ;;
|
*) mod=. ;;
|
||||||
esac
|
esac
|
||||||
grep "^${mod} " /proc/modules > /dev/null
|
grep -q "^${mod} " /proc/modules
|
||||||
mod=$?
|
mod=$?
|
||||||
export FW_${fam}_${tab}=$mod
|
export FW_${fam}_${tab}=$mod
|
||||||
fw__rc $mod
|
fw__rc $mod
|
||||||
@ -100,8 +100,8 @@ fw__exec() { # <action> <family> <table> <chain> <target> <position> { <rules> }
|
|||||||
local app=
|
local app=
|
||||||
local pol=
|
local pol=
|
||||||
case "$fam" in
|
case "$fam" in
|
||||||
4) app=iptables ;;
|
4) [ $FW_DISABLE_IPV4 == 0 ] && app=iptables || return ;;
|
||||||
6) app=ip6tables ;;
|
6) [ $FW_DISABLE_IPV6 == 0 ] && app=ip6tables || return ;;
|
||||||
i) fw__dualip "$@"; return ;;
|
i) fw__dualip "$@"; return ;;
|
||||||
I) fw__autoip "$@"; return ;;
|
I) fw__autoip "$@"; return ;;
|
||||||
e) app=ebtables ;;
|
e) app=ebtables ;;
|
||||||
|
Loading…
Reference in New Issue
Block a user