From: Jo-Philipp Wich <jow@openwrt.org>
Date: Tue, 20 Dec 2011 01:10:15 +0000 (+0000)
Subject: firewall: - introduce per-section "option enabled" which defaults to "1" - useful... 
X-Git-Tag: reboot~15280
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=77dda8d67ac852b73bf60c8dec0fbb958168b7ea;p=openwrt%2Fstaging%2Fchunkeey.git

firewall: - introduce per-section "option enabled" which defaults to "1" - useful to disable rules or zones without having to delete them - annotate default traffic rules with names - bump version

SVN-Revision: 29577
---

diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 6106348156..3c5e10fe9d 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=42
+PKG_RELEASE:=43
 
 include $(INCLUDE_DIR)/package.mk
 
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
index 4ba165fcc6..77832ffaca 100644
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@@ -29,6 +29,7 @@ config forwarding
 # We need to accept udp packets on port 68,
 # see https://dev.openwrt.org/ticket/4108
 config rule
+	option name		Allow-DHCP-Renew
 	option src		wan
 	option proto		udp
 	option dest_port	68
@@ -37,6 +38,7 @@ config rule
 
 # Allow IPv4 ping
 config rule
+	option name		Allow-Ping
 	option src		wan
 	option proto		icmp
 	option icmp_type	echo-request
@@ -46,6 +48,7 @@ config rule
 # Allow DHCPv6 replies
 # see https://dev.openwrt.org/ticket/10381
 config rule
+	option name		Allow-DHCPv6
 	option src		wan
 	option proto		udp
 	option src_ip		fe80::/10
@@ -57,6 +60,7 @@ config rule
 
 # Allow essential incoming IPv6 ICMP traffic
 config rule
+	option name		Allow-ICMPv6-Input
 	option src		wan
 	option proto	icmp
 	list icmp_type		echo-request
@@ -73,6 +77,7 @@ config rule
 
 # Allow essential forwarded IPv6 ICMP traffic
 config rule                                   
+	option name		Allow-ICMPv6-Forward
 	option src		wan
 	option dest		*
 	option proto		icmp
diff --git a/package/firewall/files/lib/config.sh b/package/firewall/files/lib/config.sh
index 996cef884d..8b2399fc8e 100644
--- a/package/firewall/files/lib/config.sh
+++ b/package/firewall/files/lib/config.sh
@@ -34,7 +34,11 @@ fw_config_get_section() { # <config> <prefix> <type> <name> <default> ...
 		export ${NO_EXPORT:+-n} -- "${prefix}NAME"="${config}"
 		config_get "${prefix}TYPE" "$config" TYPE
 	}
-	
+
+	local enabled
+	config_get_bool enabled "$config" enabled 1
+	[ $enabled -eq 1 ] || return 1
+
 	[ "$1" == '{' ] && shift
 	while [ $# -ge 3 ]; do
 		local type=$1