firewall: fix option enabled

Currently, when the firewall.globals.enabled is set to 0, then it only sets the option input for zone wan to ACCEPT. This is not completely correct, if we truly want to disable firewall, then we should also set the defaults.input to ACCEPT.

firewall: fix option enabled
Currently, when the firewall.globals.enabled is set to 0, then it only sets the option input for zone wan to ACCEPT. This is not completely correct, if we truly want to disable firewall, then we should also set the defaults.input to ACCEPT.
c58a1042 · Rahul Thakur · 8cc021f8 · c58a1042
Commit c58a1042 authored 1 year ago by Rahul Thakur
--- a/package/network/config/firewall/files/firewall.init
+++ b/package/network/config/firewall/files/firewall.init
@@ -64,7 +64,16 @@ function rename_sec()
 	COUNT=$((COUNT + 1))
 }

-update_enabled() {
+update_enabled_defaults() {
+	if [ "$(uci -q get firewall.globals.enabled)" == "0" ]; then
+		uci -q set firewall.@defaults[0].input="ACCEPT"
+	elif [ "$(uci -q get firewall.@defaults[0].input)" == "ACCEPT" ]; then
+		uci -q set firewall.@defaults[0].input="REJECT"
+	fi
+	uci -q commit firewall
+}
+
+update_enabled_for_zone() {
 	config_get name "$1" name
 	local section=$1
 	#echo "Name: $name, section: $section";
@@ -186,7 +195,8 @@ reorder_redirect_rule_dmz()

 firewall_preconf() {
 	config_load firewall
-	config_foreach update_enabled zone
+	update_enabled_defaults
+	config_foreach update_enabled_for_zone zone
 	# Rename the unnamed sec
 	config_foreach rename_sec_option zone name
 	config_foreach rename_sec forwarding default_fwd