firewall4 icon indicating copy to clipboard operation
firewall4 copied to clipboard
verified publisher icon openwrt

20-firewall: Execute has_zone and and fw4 in background to avoid slow execution of hotplug.d/iface scripts

Open rdevshp opened this issue 1 month ago • 3 comments

This pull request fixes https://github.com/openwrt/openwrt/issues/20723

rdevshp avatar Nov 12 '25 15:11 rdevshp

Something similar by @ptpt52 (pre-dating my impromptu re-invention) ? https://github.com/x-wrt/x-wrt/blob/master/package/network/config/firewall4/patches/200-fw4-hotplug-fork.patch

brada4 avatar Nov 12 '25 16:11 brada4

What do you think would be the ideal approach here to avoid excessive reload attempts & unnecessarily accumulate background tasks? I am planning to create a new service that actually executes fw4 -q reload, and the 20-firewall script would merely send a fw4 reload notification to the new service without actually doing the reload itself. Do you think this is a good idea?

rdevshp avatar Nov 12 '25 19:11 rdevshp

It is not about clicks in the interface that go in sync with :rofl: background :rofl: activity, it is about rapidly (I tried 10hz) flipping connected ethernet with zone like wan and building up said activities. (but totally agree massive cpu time hogs should be out of hotplug)

brada4 avatar Nov 13 '25 20:11 brada4