From: Stijn Tintel <stijn@linux-ipv6.be>
Date: Thu, 6 Jan 2022 09:00:52 +0000 (+0200)
Subject: treewide: move executables to /sbin
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=4ead2a6792a1b2071d037c380e87836ceb07f681;p=project%2Ffirewall4.git

treewide: move executables to /sbin

In firewall3, the fw3 executable is installed in /sbin. As
luci-app-firewall looks for the fw3 executable in /sbin, the firewall
menu is hidden when firewall4 is installed. Move both executables to
/sbin so the firewall app will show when firewall4 is installed.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/root/sbin/fw3 b/root/sbin/fw3
new file mode 120000
index 0000000..8fbcf2c
--- /dev/null
+++ b/root/sbin/fw3
@@ -0,0 +1 @@
+fw4
\ No newline at end of file
diff --git a/root/sbin/fw4 b/root/sbin/fw4
new file mode 100755
index 0000000..3e7388b
--- /dev/null
+++ b/root/sbin/fw4
@@ -0,0 +1,164 @@
+#!/bin/sh
+
+set -o pipefail
+
+MAIN=/usr/share/firewall4/main.uc
+LOCK=/var/run/fw4.lock
+STATE=/var/run/fw4.state
+VERBOSE=
+
+[ -t 2 ] && export TTY=1
+
+die() {
+	[ -n "$QUIET" ] || echo "$@" >&2
+	exit 1
+}
+
+start() {
+	{
+		flock -x 1000
+
+		case "$1" in
+			start)
+				[ -f $STATE ] && die "The fw4 firewall appears to be already loaded."
+			;;
+			reload)
+				[ ! -f $STATE ] && die "The fw4 firewall does not appear to be loaded."
+
+				# Delete state to force reloading ubus state
+				rm -f $STATE
+			;;
+		esac
+
+		ACTION=start \
+			ucode -S -i $MAIN | nft $VERBOSE -f /proc/self/fd/0
+	} 1000>$LOCK
+}
+
+print() {
+	ACTION=print \
+		ucode -S -i $MAIN
+}
+
+stop() {
+	{
+		flock -x 1000
+
+		if nft list tables inet | grep -sq "table inet fw4"; then
+			nft delete table inet fw4
+			rm -f $STATE
+		else
+			die "The fw4 firewall does not appear to be loaded, try fw4 flush to delete all rules."
+		fi
+	} 1000>$LOCK
+}
+
+flush() {
+	{
+		flock -x 1000
+
+		local dummy family table
+		nft list tables | while read dummy family table; do
+			nft delete table "$family" "$table"
+		done
+
+		rm -f $STATE
+	} 1000>$LOCK
+}
+
+reload_sets() {
+	ACTION=reload-sets \
+		flock -x $LOCK ucode -S -i $MAIN | nft $VERBOSE -f /proc/self/fd/0
+}
+
+lookup() {
+	ACTION=$1 OBJECT=$2 DEVICE=$3 \
+		flock -x $LOCK ucode -S -i $MAIN
+}
+
+while [ -n "$1" ]; do
+	case "$1" in
+		-q)
+			export QUIET=1
+			shift
+		;;
+		-v)
+			export VERBOSE=-e
+			shift
+		;;
+		*)
+			break
+		;;
+	esac
+done
+
+case "$1" in
+	start|reload)
+		start "$1"
+	;;
+	stop)
+		stop
+	;;
+	flush)
+		flush
+	;;
+	restart)
+		stop
+		start
+	;;
+	print)
+		print
+	;;
+	reload-sets)
+		reload_sets
+	;;
+	network|device|zone)
+		lookup "$@"
+	;;
+	*)
+		cat <<EOT
+Usage:
+
+  $0 [-v] [-q] start|stop|flush|restart|reload
+
+    Start, stop, flush, restart or reload the firewall respectively.
+
+
+  $0 [-v] [-q] reload-sets
+
+    Reload the contents of all declared sets but do not touch the
+    ruleset.
+
+
+  $0 [-q] print
+
+    Print the rendered ruleset.
+
+
+  $0 [-q] network {net}
+
+    Print the name of the firewall zone covering the given network.
+
+    Exits with code 1 if the network is not found or if no zone is
+    covering it.
+
+
+  $0 [-q] device {dev}
+
+    Print the name of the firewall zone covering the given device.
+
+    Exits with code 1 if the device is not found or if no zone is
+    covering it.
+
+
+  $0 [-q] zone {zone} [dev]
+
+    Print all covered devices of the given zone, optionally restricted
+    to only the given device name.
+
+    Exits with code 1 if zone is not found or if a device is specified
+    and not covered by the given zone.
+
+EOT
+	;;
+esac
diff --git a/root/usr/sbin/fw3 b/root/usr/sbin/fw3
deleted file mode 120000
index 8fbcf2c..0000000
--- a/root/usr/sbin/fw3
+++ /dev/null
@@ -1 +0,0 @@
-fw4
\ No newline at end of file
diff --git a/root/usr/sbin/fw4 b/root/usr/sbin/fw4
deleted file mode 100755
index 3e7388b..0000000
--- a/root/usr/sbin/fw4
+++ /dev/null
@@ -1,164 +0,0 @@
-#!/bin/sh
-
-set -o pipefail
-
-MAIN=/usr/share/firewall4/main.uc
-LOCK=/var/run/fw4.lock
-STATE=/var/run/fw4.state
-VERBOSE=
-
-[ -t 2 ] && export TTY=1
-
-die() {
-	[ -n "$QUIET" ] || echo "$@" >&2
-	exit 1
-}
-
-start() {
-	{
-		flock -x 1000
-
-		case "$1" in
-			start)
-				[ -f $STATE ] && die "The fw4 firewall appears to be already loaded."
-			;;
-			reload)
-				[ ! -f $STATE ] && die "The fw4 firewall does not appear to be loaded."
-
-				# Delete state to force reloading ubus state
-				rm -f $STATE
-			;;
-		esac
-
-		ACTION=start \
-			ucode -S -i $MAIN | nft $VERBOSE -f /proc/self/fd/0
-	} 1000>$LOCK
-}
-
-print() {
-	ACTION=print \
-		ucode -S -i $MAIN
-}
-
-stop() {
-	{
-		flock -x 1000
-
-		if nft list tables inet | grep -sq "table inet fw4"; then
-			nft delete table inet fw4
-			rm -f $STATE
-		else
-			die "The fw4 firewall does not appear to be loaded, try fw4 flush to delete all rules."
-		fi
-	} 1000>$LOCK
-}
-
-flush() {
-	{
-		flock -x 1000
-
-		local dummy family table
-		nft list tables | while read dummy family table; do
-			nft delete table "$family" "$table"
-		done
-
-		rm -f $STATE
-	} 1000>$LOCK
-}
-
-reload_sets() {
-	ACTION=reload-sets \
-		flock -x $LOCK ucode -S -i $MAIN | nft $VERBOSE -f /proc/self/fd/0
-}
-
-lookup() {
-	ACTION=$1 OBJECT=$2 DEVICE=$3 \
-		flock -x $LOCK ucode -S -i $MAIN
-}
-
-while [ -n "$1" ]; do
-	case "$1" in
-		-q)
-			export QUIET=1
-			shift
-		;;
-		-v)
-			export VERBOSE=-e
-			shift
-		;;
-		*)
-			break
-		;;
-	esac
-done
-
-case "$1" in
-	start|reload)
-		start "$1"
-	;;
-	stop)
-		stop
-	;;
-	flush)
-		flush
-	;;
-	restart)
-		stop
-		start
-	;;
-	print)
-		print
-	;;
-	reload-sets)
-		reload_sets
-	;;
-	network|device|zone)
-		lookup "$@"
-	;;
-	*)
-		cat <<EOT
-Usage:
-
-  $0 [-v] [-q] start|stop|flush|restart|reload
-
-    Start, stop, flush, restart or reload the firewall respectively.
-
-
-  $0 [-v] [-q] reload-sets
-
-    Reload the contents of all declared sets but do not touch the
-    ruleset.
-
-
-  $0 [-q] print
-
-    Print the rendered ruleset.
-
-
-  $0 [-q] network {net}
-
-    Print the name of the firewall zone covering the given network.
-
-    Exits with code 1 if the network is not found or if no zone is
-    covering it.
-
-
-  $0 [-q] device {dev}
-
-    Print the name of the firewall zone covering the given device.
-
-    Exits with code 1 if the device is not found or if no zone is
-    covering it.
-
-
-  $0 [-q] zone {zone} [dev]
-
-    Print all covered devices of the given zone, optionally restricted
-    to only the given device name.
-
-    Exits with code 1 if zone is not found or if a device is specified
-    and not covered by the given zone.
-
-EOT
-	;;
-esac