firewall: do not process rules in reverse

[openwrt-10.03/.git] / package / firewall / files / 20-firewall

diff --git a/package/firewall/files/20-firewall b/package/firewall/files/20-firewall
index 126fb9bad0381b9a9e6278cfd128a04c75c570b6..1cfc1b9c0e266a708af2dd424fbe0b83c93e6113 100644 (file)
--- a/package/firewall/files/20-firewall
+++ b/package/firewall/files/20-firewall
@@ -1,8 +1,8 @@
 . /lib/firewall/uci_firewall.sh
 unset ZONE
 config_get ifname $INTERFACE ifname
-INTERFACE=$ifname
-[ "$INTERFACE" == "lo" ] && exit 0
+[ "$ifname" == "lo" ] && exit 0
+
 load_zones() {
        local name
        local network
@@ -10,11 +10,7 @@ load_zones() {
        config_get network $1 network
        [ -z "$network" ] && network=$name 
        for n in $network; do
-               local ifname
-               config_get ifname $n ifname
-               list_contains ifname $INTERFACE && { 
-                       list_contains ZONE $name || ZONE="$ZONE $name"
-               }
+               [ "$n" = "$INTERFACE" ] && ZONE="$ZONE $name"
        done
 }
 
@@ -26,14 +22,15 @@ config_foreach load_zones zone
        for z in $ZONE; do 
                local loaded
                config_get loaded core loaded
-               [ -n "$loaded" ] && addif $INTERFACE $z
+               [ -n "$loaded" ] && addif "$INTERFACE" "$ifname" "$z"
        done
 }
 
 [ ifdown = "$ACTION" ] && {
+       local up
+       config_get up "$INTERFACE" up
+
        for z in $ZONE; do 
-               local up
-               config_get up $z up
-               [ "$up" == "1" ] && delif $INTERFACE $z
+               [ "$up" == "1" ] && delif "$INTERFACE" "$ifname" "$z"
        done
 }