From ca796b169e12d420a27ce18d75a80d689c6f3822 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Sat, 26 Sep 2020 11:21:29 +0200
Subject: Add packages for testing

---
 sentinel-fwlogs/files/sentinel-firewall.sh | 37 ++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100755 sentinel-fwlogs/files/sentinel-firewall.sh

(limited to 'sentinel-fwlogs/files/sentinel-firewall.sh')

diff --git a/sentinel-fwlogs/files/sentinel-firewall.sh b/sentinel-fwlogs/files/sentinel-firewall.sh
new file mode 100755
index 0000000..e066b16
--- /dev/null
+++ b/sentinel-fwlogs/files/sentinel-firewall.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+set -e
+. "${0%/*}/common.sh"
+. /lib/functions.sh
+. /lib/functions/sentinel.sh
+. /usr/libexec/sentinel/fwlogs-defaults.sh
+
+allowed_to_run "fwlogs" 2>/dev/null || return 0
+
+
+config_load "sentinel"
+config_get nflog_group fwlogs nflog_group "$DEFAULT_NFLOG_GROUP"
+config_get nflog_threshold fwlogs nflog_threshold "$DEFAULT_NFLOG_THRESHOLD"
+
+
+fwlogs_logging() {
+	local config_section="$1"
+	local zone enabled
+	config_get zone "$config_section" "name"
+	config_get_bool enabled "$config_section" "sentinel_fwlogs" "0"
+	[ "$enabled" = "1" ] || return 0
+
+	report_operation "Logging of zone '$zone'"
+	for fate in DROP REJECT; do
+		local chain="zone_${zone}_src_${fate}"
+		iptables_chain_exists "$chain" || continue
+		report_info "$fate"
+		iptables -I "$chain" 1 \
+			-m comment --comment "!sentinel: fwlogs" \
+			-j NFLOG \
+			--nflog-group "$nflog_group" \
+			--nflog-threshold "$nflog_threshold"
+	done
+}
+
+config_load "firewall"
+config_foreach fwlogs_logging "zone"
-- 
cgit v1.2.3