5 MAIN
=/usr
/share
/firewall
4/main.uc
7 STATE
=/var
/run
/fw4.state
10 [ -e /dev
/stdin
] && STDIN
=/dev
/stdin || STDIN
=/proc
/self
/fd
/0
12 [ -t 2 ] && export TTY
=1
15 [ -n "$QUIET" ] ||
echo "$@" >&2
25 [ -f $STATE ] && die
"The fw4 firewall appears to be already loaded."
28 [ ! -f $STATE ] && die
"The fw4 firewall does not appear to be loaded."
30 # Delete state to force reloading ubus state
36 utpl
-S $MAIN | nft
$VERBOSE -f $STDIN
49 if nft list tables inet |
grep -sq "table inet fw4"; then
50 nft delete table inet fw4
62 local dummy family table
63 nft list tables |
while read dummy family table
; do
64 nft delete table
"$family" "$table"
73 flock
-x $LOCK utpl
-S $MAIN | nft
$VERBOSE -f $STDIN
77 ACTION
=$1 OBJECT
=$2 DEVICE
=$3 \
78 flock
-x $LOCK utpl
-S $MAIN
102 stop || die
"The fw4 firewall does not appear to be loaded, try fw4 flush to delete all rules."
124 $0 [-v] [-q] start|stop|flush|restart|reload
126 Start, stop, flush, restart or reload the firewall respectively.
129 $0 [-v] [-q] reload-sets
131 Reload the contents of all declared sets but do not touch the
137 Print the rendered ruleset.
140 $0 [-q] network {net}
142 Print the name of the firewall zone covering the given network.
144 Exits with code 1 if the network is not found or if no zone is
150 Print the name of the firewall zone covering the given device.
152 Exits with code 1 if the device is not found or if no zone is
156 $0 [-q] zone {zone} [dev]
158 Print all covered devices of the given zone, optionally restricted
159 to only the given device name.
161 Exits with code 1 if zone is not found or if a device is specified
162 and not covered by the given zone.