Shorewall: start and enable interfaces all in hotplug

Using shorewall-lite {en|dis}able instead of completely restarting
Shorewall is much more efficient.

But it also makes sense to move the starting of Shorewall from init
to an interface hotplug event.  The "lan" interface should be a good
indicator that networking it ready.  Besides, Shorewall won't start
until br-lan is available.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>

net/shorewall-lite/files/hotplug_iface

@@ -1,13 +1,19 @@
 #!/bin/sh
 
-# should restart shorewall when an interface comes up
+DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)}
 
 case "$ACTION" in
     ifup)
-        /etc/init.d/shorewall-lite restart
+        if [ "$INTERFACE" = "lan" ]; then
+            /usr/sbin/shorewall -l start
+	elif [ "${INTERFACE:0:3}" = "wan" ] &&
+             [ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then
+	    /etc/shorewall-lite/state/firewall enable "$DEVICE"
+	fi
         ;;
     ifdown)
-        # might need to restore some routing
-        /etc/init.d/shorewall-lite restart
+	if [ "${INTERFACE:0:3}" = "wan" ]; then
+	    /etc/shorewall-lite/state/firewall disable "$DEVICE"
+	fi
         ;;
 esac

net/shorewall/files/hotplug_iface

@@ -1,13 +1,19 @@
 #!/bin/sh
 
-# should restart shorewall when an interface comes up
+DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)}
 
 case "$ACTION" in
     ifup)
-        /etc/init.d/shorewall restart
+        if [ "$INTERFACE" = "lan" ]; then
+            /usr/sbin/shorewall start
+	elif [ "${INTERFACE:0:3}" = "wan" ] &&
+             [ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then
+	    /etc/shorewall/state/firewall enable "$DEVICE"
+	fi
         ;;
     ifdown)
-        # might need to restore some routing
-        /etc/init.d/shorewall restart
+	if [ "${INTERFACE:0:3}" = "wan" ]; then
+	    /etc/shorewall/state/firewall disable "$DEVICE"
+	fi
         ;;
 esac

net/shorewall6-lite/files/hotplug_iface

@@ -1,13 +1,19 @@
 #!/bin/sh
 
-# should restart shorewall when an interface comes up
+DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)}
 
 case "$ACTION" in
     ifup)
-        /etc/init.d/shorewall6-lite restart
+        if [ "$INTERFACE" = "lan" ]; then
+            /usr/sbin/shorewall -6 -l start
+	elif [ "${INTERFACE:0:3}" = "wan" ] &&
+             [ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then
+	    /etc/shorewall6-lite/state/firewall enable "$DEVICE"
+	fi
         ;;
     ifdown)
-        # might need to restore some routing
-        /etc/init.d/shorewall6-lite restart
+	if [ "${INTERFACE:0:3}" = "wan" ]; then
+	    /etc/shorewall6-lite/state/firewall disable "$DEVICE"
+	fi
         ;;
 esac

net/shorewall6/files/hotplug_iface

@@ -1,13 +1,19 @@
 #!/bin/sh
 
-# should restart shorewall when an interface comes up
+DEVICE=${DEVICE:-$(/sbin/uci -p /var/state get network."$INTERFACE".ifname)}
 
 case "$ACTION" in
     ifup)
-        /etc/init.d/shorewall6 restart
+        if [ "$INTERFACE" = "lan" ]; then
+            /usr/sbin/shorewall -6 start
+	elif [ "${INTERFACE:0:3}" = "wan" ] &&
+             [ "${INTERFACE:$((${#INTERFACE}-2)):2}" != "_6" ]; then
+	    /etc/shorewall6/state/firewall enable "$DEVICE"
+	fi
         ;;
     ifdown)
-        # might need to restore some routing
-        /etc/init.d/shorewall6 restart
+	if [ "${INTERFACE:0:3}" = "wan" ]; then
+	    /etc/shorewall6/state/firewall disable "$DEVICE"
+	fi
         ;;
 esac