From 43830375890833795e02fdad34730ee437748a4c Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 14 Sep 2010 23:11:49 +0000
Subject: [PATCH] [backfire] backport r23062

git-svn-id: svn://svn.openwrt.org/openwrt/branches/backfire@23063 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/firewall/Makefile              |  2 +-
 package/firewall/files/uci_firewall.sh | 39 ++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index c8f200432..f0946656d 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=1
-PKG_RELEASE:=16
+PKG_RELEASE:=17
 
 include $(INCLUDE_DIR)/package.mk
 
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 4a0e1f7e6..55048f246 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -15,6 +15,7 @@ config_load firewall
 
 config fw_zones
 ZONE_LIST=$CONFIG_SECTION
+ZONE_NAMES=
 
 CUSTOM_CHAINS=1
 DEF_INPUT=DROP
@@ -23,6 +24,25 @@ DEF_FORWARD=DROP
 CONNTRACK_ZONES=
 NOTRACK_DISABLED=
 
+add_state() {
+	local var="$1"
+	local item="$2"
+
+	local val="$(uci_get_state firewall core $var)"
+	uci_set_state firewall core $var "${val:+$val }$item"
+}
+
+del_state() {
+	local var="$1"
+	local item="$2"
+
+	local val=" $(uci_get_state firewall core $var) "
+	val="${val// $item / }"
+	val="${val# }"
+	val="${val% }"
+	uci_set_state firewall core $var "$val"
+}
+
 find_item() {
 	local item="$1"; shift
 	for i in "$@"; do
@@ -95,6 +115,8 @@ create_zone() {
 			done
 		done
 	fi
+
+	append ZONE_NAMES "$name"
 }
 
 
@@ -132,6 +154,8 @@ addif() {
 	uci_set_state firewall core "${network}_ifname" "$ifname"
 	uci_set_state firewall core "${network}_zone" "$zone"
 
+	add_state "${zone}_networks" "$network"
+
 	ACTION=add ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall
 }
 
@@ -158,6 +182,8 @@ delif() {
 	uci_revert_state firewall core "${network}_ifname"
 	uci_revert_state firewall core "${network}_zone"
 
+	del_state "${zone}_networks" "$network"
+
 	ACTION=remove ZONE="$zone" INTERFACE="$network" DEVICE="$ifname" /sbin/hotplug-call firewall
 }
 
@@ -605,9 +631,22 @@ fw_init() {
 	for interface in $INTERFACES; do
 		fw_event ifup "$interface"
 	done
+
+	uci_set_state firewall core zones "$ZONE_NAMES"
 }
 
 fw_stop() {
+	local z n i
+	config_get z core zones
+	for z in $z; do
+		config_get n core "${z}_networks"
+		for n in $n; do
+			config_get i core "${n}_ifname"
+			[ -n "$i" ] && env -i ACTION=remove ZONE="$z" INTERFACE="$n" DEVICE="$i" \
+				/sbin/hotplug-call firewall
+		done
+	done
+
 	fw_clear
 	$IPTABLES -P INPUT ACCEPT
 	$IPTABLES -P OUTPUT ACCEPT
-- 
2.35.1