openwrt hotplug.d removed

init.d/openwrt/99-zapret

@@ -1,35 +0,0 @@
-# copy it to /etc/hotplug.d/firewall/99-zapret
-
-# CHOOSE ISP HERE. UNCOMMENT ONLY ONE LINE.
-# if your ISP not in list then comment all lines
-ISP=domru
-
-TPPORT=1188
-TPWS_USER=daemon
-
-case "$ACTION" in
-    add)
-    case "$ISP" in
-	domru)
-	case "$INTERFACE" in
-	    wan)
-	    # BLOCK SPOOFED DNS FROM DOMRU
-	    iptables -t raw -C PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|5cfff164|" --algo bm -j DROP --from 40 --to 300 ||
-	     iptables -t raw -I PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|5cfff164|" --algo bm -j DROP --from 40 --to 300
-	    iptables -t raw -C PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|2a022698a00000000000000000000064|" --algo bm -j DROP --from 40 --to 300 ||
-	     iptables -t raw -I PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|2a022698a00000000000000000000064|" --algo bm -j DROP --from 40 --to 300
-	    # DNAT for local traffic
-	    iptables -t nat -C OUTPUT -p tcp --dport 80 -o $DEVICE -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT ||
-	     iptables -t nat -I OUTPUT -p tcp --dport 80 -o $DEVICE -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
-	    ;;
-	    
-	    lan)
-	    # DNAT for pass-thru traffic
-	    sysctl -w net.ipv4.conf.$DEVICE.route_localnet=1
-	    iptables -t nat -C prerouting_lan_rule -p tcp --dport 80 -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT ||
-	     iptables -t nat -I prerouting_lan_rule -p tcp --dport 80 -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
-	    ;;
-     	esac
-	;;
-    esac
-esac

init.d/openwrt/firewall.user.domru

@@ -0,0 +1,23 @@
+TPPORT=1188
+TPWS_USER=daemon
+
+. /lib/functions/network.sh
+
+network_find_wan wan_iface
+
+for ext_iface in $wan_iface; do
+    network_get_device DEVICE $ext_iface
+    # BLOCK SPOOFED DNS FROM DOMRU
+    iptables -t raw -C PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|5cfff164|" --algo bm -j DROP --from 40 --to 300 ||
+     iptables -t raw -I PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|5cfff164|" --algo bm -j DROP --from 40 --to 300
+    iptables -t raw -C PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|2a022698a00000000000000000000064|" --algo bm -j DROP --from 40 --to 300 ||
+     iptables -t raw -I PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|2a022698a00000000000000000000064|" --algo bm -j DROP --from 40 --to 300
+    # DNAT for local traffic
+    iptables -t nat -C OUTPUT -p tcp --dport 80 -o $DEVICE -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT ||
+     iptables -t nat -I OUTPUT -p tcp --dport 80 -o $DEVICE -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
+
+done
+
+sysctl -w net.ipv4.conf.br-lan.route_localnet=1
+iptables -t nat -C prerouting_lan_rule -p tcp --dport 80 -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT ||
+ iptables -t nat -I prerouting_lan_rule -p tcp --dport 80 -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT

init.d/openwrt/zapret

@@ -7,7 +7,7 @@
 #ISP=beeline
 ISP=domru
 
-# !!!!! in openwrt you need to add firewall rules manually to /etc/firewall.user or /etc/hotplug.d/firewall/99-zapret
+# !!!!! in openwrt you need to add firewall rules manually to /etc/firewall.user
 
 QNUM=200
 TPPORT=1188
@@ -20,6 +20,26 @@ TPWS_USER=daemon
 # start betfore firewall - we need ipset populated
 START=18
 
+
+# must execute /etc/firewall.user on every firewall reload
+set_firewall_user_reload() {
+	i=0
+	while true
+	do
+	 path=$(uci -q get firewall.@include[$i].path)
+	 [ -n "$path" ] || break
+	 [ "$path" == "/etc/firewall.user" ] && {
+	   reload=$(uci -q get firewall.@include[$i].reload)
+	   [ "$reload" = "1" ] || {
+	     echo Setting 'reload' call option to /etc/firewall.user
+	     uci set firewall.@include[$i].reload=1
+	     uci commit firewall
+	   }
+	 }
+	 i=$((i+1))
+	done
+}
+
 get_daemon() {
 	case "${ISP}" in
 	    mns)
@@ -43,6 +63,7 @@ get_daemon() {
 
 
 start() {
+	set_firewall_user_reload
 	echo "Creating ipset"
 	($IPSET_CR)