## this is for openwrt original firewall
exit 0

. /etc/functions.sh
#########??
config_clear
include /lib/network
scan_interfaces
config_load firewall
CONFIG_APPEND=1
config fw_zones
ZONE_LIST=$CONFIG_SECTION
CUSTOM_CHAINS=1
DEF_INPUT=DROP
DEF_OUTPUT=DROP
DEF_FORWARD=DROP
CONNTRACK_ZONES=
NOTRACK_DISABLED=
##########

echo "20-firwall: INTERFACE=$INTERFACE"  >>/tmp/debug.log 2>&1
echo "20-firwall: ACTION=$ACTION"  >>/tmp/debug.log 2>&1
echo "20-firwall: CONFIG_SECTION=$CONFIG_SECTION"  >>/tmp/debug.log 2>&1
#
#create_zone() {
#	local exists
#	[ "$1" == "loopback" ] && return
#	config_get exists $ZONE_LIST $1
#	[ -n "$exists" ] && return
#	config_set $ZONE_LIST $1 1 
#
#	#$IPTABLES -t raw -N zone_$1_notrack
#	[ "$6" == "1" ] && $IPTABLES -t nat -A POSTROUTING -j zone_$1_nat
#}


unset ZONE
config_get ifname $INTERFACE ifname
[ "$ifname" == "lo" ] && exit 0

load_zones() {
	local name
	local network
	echo "20-firwall: what is 1=$1"  >>/tmp/debug.log 2>&1
	config_get name $1 name
	config_get network $1 network
	[ -z "$network" ] && network=$name 
	for n in $network; do
		[ "$n" = "$INTERFACE" ] && ZONE="$ZONE $name"
	done
}

config_foreach load_zones zone
echo "20-firwall: ZONE=$ZONE"  >>/tmp/debug.log 2>&1

[ -z "$ZONE" ] && exit 0

[ ifup = "$ACTION" ] && {
	for z in $ZONE; do 
		local loaded
		#config_get loaded core loaded
		#[ -n "$loaded" ] && addif "$INTERFACE" "$ifname" "$z"
		addif "$INTERFACE" "$ifname" "$z" 2>/dev/null
	done
}

[ ifdown = "$ACTION" ] && {
	for z in $ZONE; do 
		local up
		config_get up $z status
		[ "$up" == "enable" ] && delif "$INTERFACE" "$ifname" "$z"
	done
}
