firewall_stop
}
+function cli_config() {
+ if cli_help_requested $@; then
+ cli_usage root-config
+ exit ${EXIT_OK}
+ fi
+
+ if [ -n "${1}" ]; then
+ config_set $@
+ firewall_config_write
+ else
+ firewall_config_print
+ fi
+}
+
# Parse the command line
while [ $# -gt 0 ]; do
case "${1}" in
cli_stop $@
;;
+ config)
+ cli_config $@
+ ;;
+
""|help|--help|-h)
cli_usage root
exit ${EXIT_OK}
. ${file}
done
-# Reading in network tool configuration
-network_config_read
+# Reading in global configuration files
+config_read_globals
# Set colour mode
case "${COLOURS}" in
fi
if [ -n "${1}" ]; then
- network_config_set $@
+ config_set $@
+ network_config_write
else
network_config_print
fi
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2012 IPFire Network Development Team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+# Load all global configuration files.
+function config_read_globals() {
+ network_config_read
+ firewall_config_read
+}
+
+function config_read() {
+ local config_file=${1}
+
+ log DEBUG "Reading configuration: ${config_file}"
+
+ if [ -e "${config_file}" ]; then
+ . ${config_file}
+ config_check
+ fi
+}
+
+function config_write() {
+ local config_file=${1}
+ shift
+
+ # Check if all values to be written are sane
+ config_check
+
+ log DEBUG "Writing configuration file ${config_file}."
+
+ mkdir -p $(dirname ${config_file}) 2>/dev/null
+ > ${config_file}
+
+ local param
+ for param in $(listsort $@); do
+ echo "${param}=\"${!param}\"" >> ${config_file}
+ done
+}
+
+function config_print() {
+ local param
+
+ for param in $(listsort $@); do
+ printf "%-16s = %s\n" "${param}" "${!param}"
+ done
+}
+
+function config_check() {
+ # If there is a function defined that is called __check
+ # we call that function
+ [ -n "$(type -t _check)" ] && _check
+}
+
+function config_hostname() {
+ local hostname=${1}
+
+ if [ -n "${hostname}" ]; then
+ echo "${hostname}" > ${CONFIG_HOSTNAME}
+ else
+ echo "$(<${CONFIG_HOSTNAME})"
+ fi
+}
+
+function config_set() {
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+ *=*)
+ log INFO "Setting configuration option '${1}'".
+ eval ${1}
+ ;;
+ *)
+ warning "Invalid parameter given: ${1}"
+ ;;
+ esac
+ shift
+ done
+}
+
+function network_config_read() {
+ # Save state of DEBUG and restore it later.
+ local debug=${DEBUG}
+
+ config_read ${CONFIG_FILE}
+
+ if [ -n "${debug}" ]; then
+ DEBUG=${debug}
+ fi
+}
+
+function network_config_write() {
+ config_write ${CONFIG_FILE} ${CONFIG_FILE_PARAMS}
+}
+
+function network_config_print() {
+ config_print ${CONFIG_FILE_PARAMS}
+}
+
+function firewall_config_read() {
+ config_read ${FIREWALL_CONFIG_FILE}
+}
+
+function firewall_config_write() {
+ config_write ${FIREWALL_CONFIG_FILE} \
+ ${FIREWALL_CONFIG_PARAMS}
+}
+
+function firewall_config_print() {
+ config_print ${FIREWALL_CONFIG_PARAMS}
+}
# in which the iptables ruleset will be generated.
IPTABLES_TMPDIR=
+FIREWALL_CONFIG_DIR="/etc/firewall"
+FIREWALL_CONFIG_FILE="${FIREWALL_CONFIG_DIR}/settings"
+FIREWALL_CONFIG_PORTFW="${FIREWALL_CONFIG_DIR}/portfw"
+
+FIREWALL_CONFIG_PARAMS=""
+
FIREWALL_LOG_FACILITY="syslog"
iptables -A OUTPUT -j CONNTRACK
iptables -A FORWARD -j CONNTRACK
}
+
+function firewall_import_portfw() {
+ local zone=${1}
+ shift
+
+ local protocol="ipv6"
+ local chain="filter"
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+ --chain=*)
+ chain=$(cli_get_val ${1})
+ ;;
+ --protocol=*)
+ protocol=$(cli_get_val ${1})
+ ;;
+ esac
+ done
+
+ assert isoneof protocol ipv4 ipv6
+
+ local allowed_chains="filter"
+ if [ "${protocol}" = "ipv4" ]; then
+ allowed_chains="${allowed_chains} nat"
+ fi
+ assert isoneof chain ${allowed_chains}
+
+ # XXX TODO
+
+ local src dst proto
+ while read src dst proto; do
+ case "${chain}" in
+ filter)
+ ;;
+ nat)
+ ;;
+ esac
+ done < ${FIREWALL_CONFIG_PORTFW}
+}
echo "${length}"
}
-function config_read() {
- local config_file=${1}
-
- log DEBUG "Reading configuration: ${config_file}"
-
- if [ -e "${config_file}" ]; then
- . ${config_file}
- config_check
- fi
-}
-
-function config_write() {
- local config_file=${1}
- shift
-
- # Check if all values to be written are sane
- config_check
-
- log DEBUG "Writing configuration file ${config_file}."
-
- > ${config_file}
-
- local param
- for param in $(listsort $@); do
- echo "${param}=\"${!param}\"" >> ${config_file}
- done
-}
-
-function config_print() {
- local param
-
- for param in $(listsort $@); do
- printf "%-16s = %s\n" "${param}" "${!param}"
- done
-}
-
-function config_check() {
- # If there is a function defined that is called __check
- # we call that function
- [ -n "$(type -t _check)" ] && _check
-}
-
-function config_hostname() {
- local hostname=${1}
-
- if [ -n "${hostname}" ]; then
- echo "${hostname}" > ${CONFIG_HOSTNAME}
- else
- echo "$(<${CONFIG_HOSTNAME})"
- fi
-}
-
-function network_config_set() {
- while [ $# -gt 0 ]; do
- case "${1}" in
- *=*)
- log INFO "Setting configuration option '${1}'".
- eval ${1}
- ;;
- *)
- warning "Invalid parameter given: ${1}"
- ;;
- esac
- shift
- done
-
- # Write configuration to disk
- network_config_write
-}
-
-function network_config_read() {
- # Save state of DEBUG and restore it later.
- local debug=${DEBUG}
-
- config_read ${CONFIG_FILE}
-
- if [ -n "${debug}" ]; then
- DEBUG=${debug}
- fi
-}
-
-function network_config_write() {
- config_write ${CONFIG_FILE} ${CONFIG_FILE_PARAMS}
-}
-
-function network_config_print() {
- config_print ${CONFIG_FILE_PARAMS}
-}
-
# Speedup function to avoid a call of the basename binary
function basename() {
echo "${1##*/}"
# #
###############################################################################
-. /lib/network/functions
-
# Parse the command line
while [ $# -gt 0 ]; do
case "${1}" in
-d|--debug)
DEBUG=1
- log DEBUG "Enabled debugging mode"
;;
*)
action=${1}
[ -n "${action}" ] && break
done
+. /usr/lib/network/functions
+
# Process the given action
case "${action}" in
init)