icwmp: use both ipv4 and ipv6 addresses for firewall rules

a3fd03c3 · Omar Kallel · 00594ba0 · a3fd03c3 · a3fd03c3
Commit a3fd03c3 authored Oct 06, 2021 by Omar Kallel
--- a/icwmp/Makefile
+++ b/icwmp/Makefile
@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=icwmp
-PKG_VERSION:=8.2.0-2021-10-05
+PKG_VERSION:=8.2.2-2021-10-12
 PKG_FIXUP:=autoreconf
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/icwmp.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ab875277578d851a9f8eed57883ca05c886b127d
+PKG_SOURCE_VERSION:=ecb82332ce36b54ce5376bb9ffda16c04c30a8e3
 PKG_RELEASE=$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

--- a/icwmp/files/etc/firewall.cwmp
+++ b/icwmp/files/etc/firewall.cwmp
@@ -7,7 +7,7 @@ fi
 zone_name=$(uci -c /var/state -q get cwmp.acs.zonename)
 port=$(uci -c /var/state -q get cwmp.acs.port)
 ipaddr=$(uci -c /var/state -q get cwmp.acs.ip)
-ipv6enable=$(uci -c /var/state -q get cwmp.acs.ipv6_enable)
+ip6addr=$(uci -c /var/state -q get cwmp.acs.ip6)
 incoming_rule=$(uci -q get cwmp.cpe.incoming_rule|tr [A-Z] [a-z])

 if [ "$zone_name" = "" ]; then
@@ -28,15 +28,8 @@ else
 	iptables -X zone_icwmp_input 2> /dev/null
 fi

-cmd=""
-
-if [ "${ipv6enable}" = "1" ]; then
-	cmd="ip6tables"
-else
-	cmd="iptables"
-fi
-
-cmd="${cmd} -I zone_${zone_name}_input -p tcp"
+cmd="iptables -I zone_${zone_name}_input -p tcp"
+cmd6="ip6tables -I zone_${zone_name}_input -p tcp"

 # default incoming rule is Port only
 if [ -z "${incoming_rule}" ]; then
@@ -46,26 +39,33 @@ fi
 if [ "${incoming_rule}" = "ip_only" ]; then
 	if [ -n "${ipaddr}" ]; then
 		cmd="${cmd} -s ${ipaddr}"
+		cmd6="${cmd6} -s ${ip6addr}"
 	fi
 elif [ "${incoming_rule}" = "port_only" ]; then
 	if [ -n "${port}" ]; then
 		cmd="${cmd} --dport ${port}"
+		cmd6="${cmd6} --dport ${port}"
 	fi
 else
 	if [ -n "${ipaddr}" ]; then
 		cmd="${cmd} -s ${ipaddr}"
+		cmd6="${cmd6} -s ${ip6addr}"
 	fi

 	if [ -n "${port}" ]; then
 		cmd="${cmd} --dport ${port}"
+		cmd6="${cmd6} --dport ${port}"
 	fi
 fi

 echo ${cmd}|grep -q "\-\-dport \|\-s "
-if [ "$?" -ne 0 ]; then
-	exit 0;
+if [ "$?" -eq 0 ]; then
+	cmd="${cmd} -j ACCEPT -m comment --comment=Open_ACS_port"
+	${cmd}
 fi

-cmd="${cmd} -j ACCEPT -m comment --comment=Open_ACS_port"
-
-${cmd}
+echo ${cmd6}|grep -q "\-\-dport \|\-s "
+if [ "$?" -eq 0 ]; then
+	cmd6="${cmd6} -j ACCEPT -m comment --comment=Open_ACS_port"
+	${cmd6}
+fi
\ No newline at end of file