From a8bfe6abb693150e9ee01ea6e8d672fc074d1f1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Wed, 12 Sep 2018 00:19:18 +0200 Subject: New multiconfig design --- firewall | 28 ++++++++++++++++++++++++++++ firewall/multiconfig.sh | 35 ----------------------------------- 2 files changed, 28 insertions(+), 35 deletions(-) create mode 100755 firewall delete mode 100755 firewall/multiconfig.sh (limited to 'firewall') diff --git a/firewall b/firewall new file mode 100755 index 0000000..a42f01d --- /dev/null +++ b/firewall @@ -0,0 +1,28 @@ +#!/bin/sh +MC_DESCRIPTION="Firewall configuration." +. "$(dirname "$(readlink -f "$0")")/common" || exit + +# TODO add support for Turris/OpenWRT somehow? + +restart4=false +inst ipv4 /etc/iptables/ipv4 +restart4=$change +inst ipv4-config /etc/conf.d/iptables +$restart4 || restart4=$change + +restart6=false +inst ipv6 /etc/iptables/ipv6 +restart6=$change +inst ipv6-config /etc/conf.d/ip6tables +$restart6 || restart6=$change + +apply ############################################################################ + +if $restart4; then + echo "Restarting IPv4 firewall" + rc-service iptables restart +fi +if $restart6; then + echo "Restarting IPv6 firewall" + rc-service ip6tables restart +fi diff --git a/firewall/multiconfig.sh b/firewall/multiconfig.sh deleted file mode 100755 index 0befbf1..0000000 --- a/firewall/multiconfig.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh -set -e -LPATH="$(dirname "$0")" -if [ -f "$LPATH/utils" ]; then - . "$LPATH/utils" -elif [ -f "$LPATH/../utils" ]; then - . "$LPATH/../utils" -else - echo "Can't locate utilities!" - exit 1 -fi -###################################### - -mkdir -p /etc/iptables - -configure() { - if ! grep -q "$3_SAVE=\"/etc/iptables/$1\"" "/etc/conf.d/$2"; then - echo "Reconfiguring $2 service configuration" - sed -i "s#^$3_SAVE=.*\$#$3_SAVE=\"/etc/iptables/$1\"#" "/etc/conf.d/$2" - fi -} -configure ipv4 iptables IPTABLES -configure ipv6 ip6tables IP6TABLES - -H="$(hostname)" - -if inst "firewall/$H.ipv4" /etc/iptables/ipv4; then - echo "Reloading IPv4 firewall" - service iptables reload -fi - -if inst "firewall/$H.ipv6" /etc/iptables/ipv6; then - echo "Reloading IPv6 firewall" - service ip6tables reload -fi -- cgit v1.2.3