diff --git a/init.d/openwrt/90-zapret b/init.d/openwrt/90-zapret index 364a6e7..2cf1811 100644 --- a/init.d/openwrt/90-zapret +++ b/init.d/openwrt/90-zapret @@ -2,6 +2,27 @@ ZAPRET=/etc/init.d/zapret +check_lan() +{ + IS_LAN= + [ -n "$OPENWRT_LAN" ] || OPENWRT_LAN=lan + for lan in $OPENWRT_LAN; do + [ "$INTERFACE" = "$lan" ] && { + IS_LAN=1 + break + } + done +} +check_need_to_reload_tpws6() +{ + # tpws6 dnat target nft map can only be reloaded within firewall apply procedure + # interface ifsets (wanif, wanif6, lanif) can be reloaded independently + check_lan + RELOAD_TPWS6= + [ "$ACTION" = "ifup" -a "$DISABLE_IPV6" != 1 -a -n "$IS_LAN" ] && [ "$MODE" = "tpws" -o "$MODE" = "custom" ] && RELOAD_TPWS6=1 +} + + [ -n "$INTERFACE" -a -n "$ACTION" -a -x "$ZAPRET" ] && "$ZAPRET" enabled && { SCRIPT=$(readlink "$ZAPRET") if [ -n "$SCRIPT" ]; then @@ -11,23 +32,24 @@ ZAPRET=/etc/init.d/zapret ZAPRET_BASE=/opt/zapret fi . "$ZAPRET_BASE/config" - [ "$ACTION" = "ifup" ] && { - [ -n "$OPENWRT_LAN" ] || OPENWRT_LAN=lan - for lan in $OPENWRT_LAN; do - [ "$INTERFACE" = "$lan" ] && { - logger -t zapret restarting daemons due to $ACTION of $INTERFACE - "$ZAPRET" restart_daemons - break - } - done + + check_need_to_reload_tpws6 + [ -n "$RELOAD_TPWS6" ] && { + logger -t zapret restarting daemons due to $ACTION of $INTERFACE to update tpws6 dnat target + "$ZAPRET" restart_daemons } . "$ZAPRET_BASE/common/base.sh" . "$ZAPRET_BASE/common/fwtype.sh" linux_fwtype case "$FWTYPE" in nftables) - logger -t zapret reloading nftables ifsets due to $ACTION of $INTERFACE - "$ZAPRET" reload_ifsets + if [ -n "$RELOAD_TPWS6" ] ; then + logger -t zapret reloading nftables due to $ACTION of $INTERFACE to update tpws6 dnat target + "$ZAPRET" restart_fw + else + logger -t zapret reloading nftables ifsets due to $ACTION of $INTERFACE + "$ZAPRET" reload_ifsets + fi ;; iptables) openwrt_fw3 || {