]>
Commit | Line | Data |
---|---|---|
8838c71a MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2009 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | function macro() { | |
23 | local file | |
dbfeda6c MT |
24 | local line |
25 | local rules | |
26 | ||
27 | file=$1 | |
28 | if [ "${file:0:1}" != "/" ]; then | |
29 | file="/usr/share/firewall/macros/$file" | |
30 | fi | |
31 | shift | |
8838c71a MT |
32 | |
33 | if _config_is_sqlite $file; then | |
dbfeda6c | 34 | rules=$(macro_parse $@ < $file) |
8838c71a | 35 | else |
fc4f9849 | 36 | rules=$(sqlite3 -noheader -column $file | macro_parse $@) |
8838c71a | 37 | fi |
8838c71a | 38 | |
dbfeda6c MT |
39 | while read line <<< ${rules}; do |
40 | iptables ${line} | |
41 | done | |
8838c71a MT |
42 | } |
43 | ||
8838c71a MT |
44 | function macro_parse() { |
45 | local STRING | |
dbfeda6c | 46 | grep -v "^#" | while read ACTION SOURCE DESTINATION PROTOCOL LOCAL_PORT REMOTE_PORT RATE; do |
8838c71a | 47 | STRING="" |
dbfeda6c MT |
48 | |
49 | # Handle inlcudes | |
50 | if [ "$ACTION" = "INCLUDE" ]; then | |
51 | marco $SOURCE $@ | |
52 | fi | |
53 | ||
8838c71a MT |
54 | # Protocol |
55 | STRING="$STRING $(iptables_protocol $PROTOCOL)" | |
56 | # Ports | |
dbfeda6c MT |
57 | if [ -n "$PORT_SWITCH" ]; then |
58 | # Switch ports for upload rule | |
59 | STRING="$STRING $(iptables_source_port $REMOTE_PORT)" | |
60 | STRING="$STRING $(iptables_destination_port $LOCAL_PORT)" | |
61 | else | |
62 | STRING="$STRING $(iptables_source_port $LOCAL_PORT)" | |
63 | STRING="$STRING $(iptables_destination_port $REMOTE_PORT)" | |
64 | fi | |
8838c71a | 65 | |
dbfeda6c | 66 | if [ "$ACTION" = "ACCEPT" ]; then |
8838c71a MT |
67 | STRING="$STRING -j ACCEPT" |
68 | ||
dbfeda6c | 69 | elif [ "$ACTION" = "DROP" ]; then |
8838c71a MT |
70 | STRING="$STRING -j DROP" |
71 | ||
8838c71a | 72 | fi |
dbfeda6c | 73 | [ -n "$STRING" ] && echo "$STRING $@" |
2534973b MT |
74 | done |
75 | } |