blob: e20b730a82f33f70f5caecceebf58853b499817b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
# vim:ft=sh:noexpandtab
# Firewall configuration (iptables on linux)
# TODO FreeBSD
FIREWALL_PREFIX="./files/firewall/$(hostname)"
firewall_check_common() {
if do_diff "./files/firewall/$2.conf" "/etc/conf.d/$2" \
"Firewall IPv$1 service config changes"; then
ops_require "ipv$1_config"
fi
if do_diff "$FIREWALL_PREFIX.ipv$1" "/etc/iptables/ipv$1" \
"Firewall IPv$1 changes"; then
ops_require "ipv$1"
fi
}
firewall_check() {
ops_set_current firewall
if ! ( which iptables && which ip6tables ) >/dev/null; then
echo_error "Firewall operation requires iptables and ip6tables."
return 0
fi
firewall_check_common 4 iptables
[ -n "$FIREWALL_NO_IPV6" ] && [ "$FIREWALL_NO_IPV6" = "true" ] || \
firewall_check_common 6 ip6tables
ops_required_any "Firewall" # return 1 fall trough
}
firewall_prepare() {
# We have nothing to do for prepare
true
}
firewall_apply_common() {
local RELOAD=false
if ops_is_required "ipv$1_config"; then
echo_trace "Updating $2 service config"
cp "./files/firewall/$2.conf" "/etc/conf.d/$2"
RELOAD=true
fi
if ops_is_required "ipv$1"; then
echo_trace "Updating ipv$1 tables"
mkdir -p /etc/iptables
cp "$FIREWALL_PREFIX.ipv$1" "/etc/iptables/ipv$1"
RELOAD=true
fi
if $RELOAD; then
echo_trace "Reloading service $2"
service "$2" reload
fi
}
firewall_apply() {
ops_set_current firewall
firewall_apply_common 4 iptables
firewall_apply_common 6 ip6tables
}
firewall_clean() {
# We have nothing to do for clean
true
}
|
