xref: /aosp_15_r20/external/ot-br-posix/script/_firewall (revision 4a64e381480ef79f0532b2421e44e6ee336b8e0d)

#!/bin/bash
#
#  Copyright (c) 2021, The OpenThread Authors.
#  All rights reserved.
#
#  Redistribution and use in source and binary forms, with or without
#  modification, are permitted provided that the following conditions are met:
#  1. Redistributions of source code must retain the above copyright
#     notice, this list of conditions and the following disclaimer.
#  2. Redistributions in binary form must reproduce the above copyright
#     notice, this list of conditions and the following disclaimer in the
#     documentation and/or other materials provided with the distribution.
#  3. Neither the name of the copyright holder nor the
#     names of its contributors may be used to endorse or promote products
#     derived from this software without specific prior written permission.
#
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
#  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
#  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
#  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
#  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
#  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
#  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
#  POSSIBILITY OF SUCH DAMAGE.
#

FIREWALL_SERVICE=/etc/init.d/otbr-firewall

sudo modprobe ip6table_filter || true

FIREWALL="${FIREWALL:-1}"

firewall_uninstall()
{
    with FIREWALL || return 0

    firewall_stop
    if have systemctl; then
        sudo systemctl disable otbr-firewall || true
    fi
    # systemctl disable doesn't remove sym-links
    if have update-rc.d; then
        sudo update-rc.d otbr-firewall remove || true
    fi
    test ! -f $FIREWALL_SERVICE || sudo rm $FIREWALL_SERVICE
}

firewall_install()
{
    with FIREWALL || return 0

    sudo cp script/otbr-firewall $FIREWALL_SERVICE
    sudo chmod a+x $FIREWALL_SERVICE
    if have systemctl; then
        sudo systemctl enable otbr-firewall || die 'Failed to enable firewall service!'
        sudo systemctl start otbr-firewall || die 'Failed to start firewall service!'
    fi
}

firewall_start()
{
    with FIREWALL || return 0

    if with DOCKER; then
        service otbr-firewall start || die 'Failed to start firewall service'
    elif have systemctl; then
        sudo systemctl start otbr-firewall || die 'Failed to start firewall service'
    fi
}

firewall_stop()
{
    with FIREWALL || return 0

    if with DOCKER; then
        service otbr-firewall stop || true
    elif have systemctl; then
        sudo systemctl stop otbr-firewall || true
    fi
}