miniupnpd: rearrange init and format firewall3.include

- Arrange `start_service` and main init functions first
- Format `firewall3.include` using shfmt

(to merge with prior)

Signed-off-by: Self-Hosting-Group <[email protected]>

Author: Self-Hosting-Group

net/miniupnpd/files/firewall3.include

@@ -20,36 +20,36 @@ iptables_prepend_rule() {
 	local chain="$3"
 	local target="$4"
 
-	$iptables "$IPTARGS" -t "$table" -I "$chain" $($iptables "$IPTARGS" -t "$table" --line-numbers -nL "$chain" | \
+	$iptables "$IPTARGS" -t "$table" -I "$chain" $($iptables "$IPTARGS" -t "$table" --line-numbers -nL "$chain" |
 		sed -ne '$s/[^0-9].*//p') -j "$target"
 }
 
 ADDED=0
 
 add_extzone_rules() {
-    local ext_zone="$1"
-
-    [ -z "$ext_zone" ] && return
-
-    # IPv4 - due to NAT, need to add both to nat and filter table
-    # need to insert as penultimate rule for input & forward & postrouting since final rule might be a fw3 REJECT
-    iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_input" MINIUPNPD
-    iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
-    $IPTABLES -t nat -A "zone_${ext_zone}_prerouting"  -j MINIUPNPD
-    iptables_prepend_rule "$IPTABLES" nat "zone_${ext_zone}_postrouting" MINIUPNPD-POSTROUTING
-
-    # IPv6 if available - filter only
-    [ -x $IP6TABLES ] && {
-	iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_input" MINIUPNPD
-	iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
-    }
-    ADDED=$(($ADDED + 1))
+	local ext_zone="$1"
+
+	[ -z "$ext_zone" ] && return
+
+	# IPv4 - due to NAT, need to add both to nat and filter table
+	# need to insert as penultimate rule for input & forward & postrouting since final rule might be a fw3 REJECT
+	iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_input" MINIUPNPD
+	iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
+	$IPTABLES -t nat -A "zone_${ext_zone}_prerouting" -j MINIUPNPD
+	iptables_prepend_rule "$IPTABLES" nat "zone_${ext_zone}_postrouting" MINIUPNPD-POSTROUTING
+
+	# IPv6 if available - filter only
+	[ -x $IP6TABLES ] && {
+		iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_input" MINIUPNPD
+		iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
+	}
+	ADDED=$(($ADDED + 1))
 }
 
 # By default, user configuration is king.
 
 for ext_iface in $(uci -q get upnpd.settings.external_iface); do
-    add_extzone_rules $(fw3 -q network "$ext_iface")
+	add_extzone_rules $(fw3 -q network "$ext_iface")
 done
 
 add_extzone_rules $(uci -q get upnpd.settings.external_zone)
@@ -66,7 +66,7 @@ network_find_wan wan_iface
 network_find_wan6 wan6_iface
 
 for ext_iface in $wan_iface $wan6_iface; do
-    # fw3 -q network fails on sub-interfaces => map to device first
-    network_get_device ext_device $ext_iface
-    add_extzone_rules $(fw3 -q device "$ext_device")
+	# fw3 -q network fails on sub-interfaces => map to device first
+	network_get_device ext_device $ext_iface
+	add_extzone_rules $(fw3 -q device "$ext_device")
 done

net/miniupnpd/files/miniupnpd.init

@@ -7,34 +7,56 @@ USE_PROCD=1
 PROG=/usr/sbin/miniupnpd
 [ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
 
-is_port_or_range() {
-	[ "$1" = "0" ] && return 1
-	[ "$1" -ge "1" ] 2>/dev/null && [ "$1" -le "65535" ] 2>/dev/null && return 0
-	[ "$2" = "port0inrange" ] && local minport=0 || local minport=1
-	[ "${1%%-*}" -ge "$minport" ] 2>/dev/null && [ "${1%%-*}" -le "65535" ] 2>/dev/null &&
-		[ "${1##*-}" -ge "$minport" ] 2>/dev/null && [ "${1##*-}" -le "65535" ] 2>/dev/null &&
-		[ "${1##*-}" -ge "${1%%-*}" ] 2>/dev/null && return 0 || return 1
+start_service() {
+	config_load "upnpd"
+	local enabled config_file log_output conf
+	config_get enabled settings enabled 0
+	config_get config_file settings config_file
+	config_get log_output settings log_output
+	if [ "$enabled" != "1" ]; then
+		log "Service disabled, UCI enabled is not set"
+		return 1
+	fi
+
+	if [ -n "$config_file" ]; then
+		conf="$config_file"
+	else
+		local tmpconf="/var/etc/miniupnpd.conf"
+		conf="$tmpconf"
+		mkdir -p /var/etc
+		upnpd_generate_config "$tmpconf" || return 1
+	fi
+
+	if [ "$FW" = "fw4" ]; then
+		nft -s -t -n list chain inet fw4 upnp_forward >/dev/null 2>&1 || fw4 reload
+	else
+		iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+	fi
+
+	procd_open_instance
+	procd_set_param file "$conf"
+	procd_set_param command "$PROG"
+	procd_append_param command -f "$conf"
+	[ "$log_output" = "info" ] && procd_append_param command -v
+	[ "$log_output" = "debug" ] && procd_append_param command -d
+	procd_close_instance
 }
 
-upnpd_add_custom_acl_entry() {
-	local cfg="$1"
-	local comment int_addr int_port ext_port descr_filter action
-	config_get comment "$cfg" comment "unspecified" # comment
-	config_get int_addr "$cfg" int_addr "0.0.0.0/0" # IPv4 or network and subnet mask (internal)
-	config_get int_port "$cfg" int_port "1-65535"   # internal port/range: x or x-y
-	config_get ext_port "$cfg" ext_port "1-65535"   # external port/range: x or x-y
-	config_get descr_filter "$cfg" descr_filter     # description regex filter (must be built in)
-	config_get action "$cfg" action                 # accept/reject/ignore
-	! is_port_or_range "$int_port" port0inrange &&
-		log "Custom ACL: Entry with invalid port or port range ($int_port) in int_port ignored" daemon.warn && int_port=1-65535
-	! is_port_or_range "$ext_port" port0inrange &&
-		log "Custom ACL: Entry with invalid port or port range ($ext_port) in ext_port ignored" daemon.warn && ext_port=1-65535
-	[ "$descr_filter" != "" ] && descr_filter=" \"$descr_filter\""
-	[ "$action" = "accept" ] && action=allow
-	[ "$action" = "reject" ] && action=deny
-	[ "$action" = "ignore" ] && return 0
-	[ "$action" = "" ] && log "Custom ACL: Entry with no action ignored" daemon.warn && return 0
-	echo "$action $ext_port $int_addr $int_port${descr_filter} # $comment"
+stop_service() {
+	if [ "$FW" = "fw3" ]; then
+		iptables -t filter -F MINIUPNPD 2>/dev/null
+		[ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+		iptables -t nat -F MINIUPNPD 2>/dev/null
+		iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
+	else
+		nft flush chain inet fw4 upnp_forward 2>/dev/null
+		nft flush chain inet fw4 upnp_prerouting 2>/dev/null
+		nft flush chain inet fw4 upnp_postrouting 2>/dev/null
+	fi
+}
+
+service_triggers() {
+	procd_add_reload_trigger "upnpd" "firewall"
 }
 
 upnpd_generate_config() {
@@ -166,58 +188,6 @@ upnpd_generate_config() {
 	} >"$1"
 }
 
-stop_service() {
-	if [ "$FW" = "fw3" ]; then
-		iptables -t filter -F MINIUPNPD 2>/dev/null
-		[ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
-		iptables -t nat -F MINIUPNPD 2>/dev/null
-		iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
-	else
-		nft flush chain inet fw4 upnp_forward 2>/dev/null
-		nft flush chain inet fw4 upnp_prerouting 2>/dev/null
-		nft flush chain inet fw4 upnp_postrouting 2>/dev/null
-	fi
-}
-
-start_service() {
-	config_load "upnpd"
-	local enabled config_file log_output conf
-	config_get enabled settings enabled 0
-	config_get config_file settings config_file
-	config_get log_output settings log_output
-	if [ "$enabled" != "1" ]; then
-		log "Service disabled, UCI enabled is not set"
-		return 1
-	fi
-
-	if [ -n "$config_file" ]; then
-		conf="$config_file"
-	else
-		local tmpconf="/var/etc/miniupnpd.conf"
-		conf="$tmpconf"
-		mkdir -p /var/etc
-		upnpd_generate_config "$tmpconf" || return 1
-	fi
-
-	if [ "$FW" = "fw4" ]; then
-		nft -s -t -n list chain inet fw4 upnp_forward >/dev/null 2>&1 || fw4 reload
-	else
-		iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
-	fi
-
-	procd_open_instance
-	procd_set_param file "$conf"
-	procd_set_param command "$PROG"
-	procd_append_param command -f "$conf"
-	[ "$log_output" = "info" ] && procd_append_param command -v
-	[ "$log_output" = "debug" ] && procd_append_param command -d
-	procd_close_instance
-}
-
-service_triggers() {
-	procd_add_reload_trigger "upnpd" "firewall"
-}
-
 log() {
 	logger -s -p "${2:-daemon.notice}" -t "upnpd" "$1" || echo "upnpd: $1" >&2
 }
@@ -227,6 +197,15 @@ xml_encode() {
 	echo "$1" | sed "s/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g"
 }
 
+is_port_or_range() {
+	[ "$1" = "0" ] && return 1
+	[ "$1" -ge "1" ] 2>/dev/null && [ "$1" -le "65535" ] 2>/dev/null && return 0
+	[ "$2" = "port0inrange" ] && local minport=0 || local minport=1
+	[ "${1%%-*}" -ge "$minport" ] 2>/dev/null && [ "${1%%-*}" -le "65535" ] 2>/dev/null &&
+		[ "${1##*-}" -ge "$minport" ] 2>/dev/null && [ "${1##*-}" -le "65535" ] 2>/dev/null &&
+		[ "${1##*-}" -ge "${1%%-*}" ] 2>/dev/null && return 0 || return 1
+}
+
 upnpd_add_int_network_and_preset() {
 	local cfg="$1"
 	local interface access_preset accept_ports reject_ports custom_acl_before
@@ -271,3 +250,24 @@ upnpd_add_int_network_and_preset() {
 		echo "deny 1-65535 $subnet 1-65535 # Reject ACL by default on $interface"
 	fi
 }
+
+upnpd_add_custom_acl_entry() {
+	local cfg="$1"
+	local comment int_addr int_port ext_port descr_filter action
+	config_get comment "$cfg" comment "unspecified" # comment
+	config_get int_addr "$cfg" int_addr "0.0.0.0/0" # IPv4 or network and subnet mask (internal)
+	config_get int_port "$cfg" int_port "1-65535"   # internal port/range: x or x-y
+	config_get ext_port "$cfg" ext_port "1-65535"   # external port/range: x or x-y
+	config_get descr_filter "$cfg" descr_filter     # description regex filter (must be built in)
+	config_get action "$cfg" action                 # accept/reject/ignore
+	! is_port_or_range "$int_port" port0inrange &&
+		log "Custom ACL: Entry with invalid port or port range ($int_port) in int_port ignored" daemon.warn && int_port=1-65535
+	! is_port_or_range "$ext_port" port0inrange &&
+		log "Custom ACL: Entry with invalid port or port range ($ext_port) in ext_port ignored" daemon.warn && ext_port=1-65535
+	[ "$descr_filter" != "" ] && descr_filter=" \"$descr_filter\""
+	[ "$action" = "accept" ] && action=allow
+	[ "$action" = "reject" ] && action=deny
+	[ "$action" = "ignore" ] && return 0
+	[ "$action" = "" ] && log "Custom ACL: Entry with no action ignored" daemon.warn && return 0
+	echo "$action $ext_port $int_addr $int_port${descr_filter} # $comment"
+}