[package] firewall (#7355)

	- partially revert r21486, start firewall on init again
	- skip iface hotplug events if base fw is not up yet
	- get ifname and up state with uci_get_state() in iface setup
	  since the values gathered by scan_interfaces() may be outdated
	  when iface coldplugging happens (observed with pptp)
	- ignore up state when bringing down interfaces because ifdown
	  reverts state vars before dispatching the iface event
	- bump package revision


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21502 3c298f89-4303-0410-b956-a3cf2f4a3e73

5 files changed, 12 insertions, 27 deletions

diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 3b37c8735..1a7216ce1 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 include $(INCLUDE_DIR)/package.mk
 
diff --git a/package/firewall/files/firewall.hotplug b/package/firewall/files/firewall.hotplug
index bc75e42d1..ac8469524 100644
--- a/package/firewall/files/firewall.hotplug
+++ b/package/firewall/files/firewall.hotplug
@@ -3,26 +3,20 @@
 # HOTPLUG_TYPE=iface, triggered by various scripts when an interface
 # is configured (ACTION=ifup) or deconfigured (ACTION=ifdown).  The
 # interface is available as INTERFACE, the real device as DEVICE.
-. /etc/functions.sh
 
 [ "$DEVICE" == "lo" ] && exit 0
 
+. /etc/functions.sh
 . /lib/firewall/core.sh
-fw_init
 
-# Wait for firewall if startup is in progress
-lock -w /var/lock/firewall.start
+fw_init
+fw_is_loaded || exit 0
 
 case "$ACTION" in
 	ifup)
-		fw_is_loaded && {
-			fw_configure_interface "$INTERFACE" add "$DEVICE" &
-		} || {
-			/etc/init.d/firewall enabled && fw_start &
-		}
+		fw_configure_interface "$INTERFACE" add "$DEVICE" &
 	;;
 	ifdown)
-		fw_is_loaded && fw_configure_interface "$INTERFACE" del "$DEVICE" &
+		fw_configure_interface "$INTERFACE" del "$DEVICE" &
 	;;
 esac
-
diff --git a/package/firewall/files/firewall.init b/package/firewall/files/firewall.init
index d04804d75..a2fd0a0e9 100755
--- a/package/firewall/files/firewall.init
+++ b/package/firewall/files/firewall.init
@@ -1,5 +1,5 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2008 OpenWrt.org
+# Copyright (C) 2008-2010 OpenWrt.org
 
 START=45
 
@@ -10,8 +10,6 @@ fw() {
 	fw_$1
 }
 
-boot() { :; }
-
 start() {
 	fw start
 }
diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
index 5f06ffe3f..5880cd3ac 100644
--- a/package/firewall/files/lib/core.sh
+++ b/package/firewall/files/lib/core.sh
@@ -15,8 +15,6 @@ fw_start() {
 		exit 1
 	}
 
-	lock /var/lock/firewall.start
-
 	uci_set_state firewall core "" firewall_state
 
 	fw_clear DROP
@@ -52,8 +50,6 @@ fw_start() {
 	fw_callback post core
 
 	uci_set_state firewall core loaded 1
-
-	lock -u /var/lock/firewall.start
 }
 
 fw_stop() {
@@ -94,7 +90,6 @@ fw_die() {
 	echo "Error:" "$@" >&2
 	fw_log error "$@"
 	fw_stop
-	lock -u /var/lock/firewall.start
 	exit 1
 }
 
diff --git a/package/firewall/files/lib/core_interface.sh b/package/firewall/files/lib/core_interface.sh
index 9da6739f0..9b35c8b2b 100644
--- a/package/firewall/files/lib/core_interface.sh
+++ b/package/firewall/files/lib/core_interface.sh
@@ -5,14 +5,12 @@ fw_configure_interface() {
 	local action=$2
 	local ifname=$3
 
-	local status;
-	config_get_bool status "$iface" up "0"
-	[ "$status" == 1 ] || return 0
-
-	[ -n "$ifname" ] || {
-		config_get ifname "$iface" ifname
-		ifname=${ifname:-$iface}
+	[ "$action" == "add" ] && {
+		local status=$(uci_get_state network "$iface" up 0)
+		[ "$status" == 1 ] || return 0
 	}
+
+	[ -n "$ifname" ] || ifname=$(uci_get_state network "$iface" ifname "$iface")
 	[ "$ifname" == "lo" ] && return 0
 
 	fw_callback pre interface