From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 22 Jun 2019 14:11:15 +0000 (+0000)
Subject: firewall: Fix reading/writing settings
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c69adafd8ad8abf4f14b6fe110bbd8efb5eca596;p=network.git

firewall: Fix reading/writing settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.constants-firewall b/src/functions/functions.constants-firewall
index d42189aa..2ca93900 100644
--- a/src/functions/functions.constants-firewall
+++ b/src/functions/functions.constants-firewall
@@ -19,6 +19,10 @@
 #                                                                             #
 ###############################################################################
 
+# Firewall file configuration
+FIREWALL_SETTINGS_DIR="/etc/firewall"
+FIREWALL_SETTINGS_FILE="${FIREWALL_SETTINGS_DIR}/settings"
+
 # This variable is used to point to a directory
 # in which the iptables ruleset will be generated.
 IPTABLES_TMPDIR=
@@ -32,78 +36,78 @@ FIREWALL_MACROS_DIRS="${FIREWALL_CONFIG_DIR}/macros"
 FIREWALL_MACROS_DIRS="${FIREWALL_MACROS_DIRS} /usr/share/firewall/macros"
 
 # List of parameters which are saved in the configuration file.
-FIREWALL_CONFIG_PARAMS=""
+FIREWALL_SETTINGS=( "DEBUG" )
 
 # Valid arguments in the rules file.
 FIREWALL_RULES_CONFIG_PARAMS="src dst proto action sport dport in out"
 
 # Define the default logging method (nflog or syslog).
 FIREWALL_LOG_METHOD="nflog"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_METHOD"
+FIREWALL_SETTINGS+=( "FIREWALL_LOG_METHOD" )
 
 # Set the default threshold for the nflog method.
 FIREWALL_NFLOG_THRESHOLD=30
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_NFLOG_THRESHOLD"
+FIREWALL_SETTINGS+=( "FIREWALL_NFLOG_THRESHOLD" )
 
 # Enable clamping MSS for braindead ISPs which filter ICMP packets.
 FIREWALL_CLAMP_PATH_MTU="false"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_CLAMP_PATH_MTU"
+FIREWALL_SETTINGS+=( "FIREWALL_CLAMP_PATH_MTU" )
 
 # Conntrack: Max. amount of simultaneous connections.
 CONNTRACK_MAX_CONNECTIONS="16384"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} CONNTRACK_MAX_CONNECTIONS"
+FIREWALL_SETTINGS+=( "CONNTRACK_MAX_CONNECTIONS" )
 
 # Conntrack: UDP timeout
 CONNTRACK_UDP_TIMEOUT="60"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} CONNTRACK_UDP_TIMEOUT"
+FIREWALL_SETTINGS+=( "CONNTRACK_UDP_TIMEOUT" )
 
 # Use SYN cookies or not
 FIREWALL_SYN_COOKIES="true"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_SYN_COOKIES"
+FIREWALL_SETTINGS+=( "FIREWALL_SYN_COOKIES" )
 
 # rp_filter
 FIREWALL_RP_FILTER="true"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_RP_FILTER"
+FIREWALL_SETTINGS+=( "FIREWALL_RP_FILTER" )
 
 # Log martians
 FIREWALL_LOG_MARTIANS="false"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_MARTIANS"
+FIREWALL_SETTINGS+=( "FIREWALL_LOG_MARTIANS" )
 
 # Accept ICMP redirects
 FIREWALL_ACCEPT_ICMP_REDIRECTS="false"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_ACCEPT_ICMP_REDIRECTS"
+FIREWALL_SETTINGS+=( "FIREWALL_ACCEPT_ICMP_REDIRECTS" )
 
 # ECN (Explicit Congestion Notification)
 FIREWALL_USE_ECN="true"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_USE_ECN"
+FIREWALL_SETTINGS+=( "FIREWALL_USE_ECN" )
 
 # Path MTU discovery
 FIREWALL_PMTU_DISCOVERY="true"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_PMTU_DISCOVERY"
+FIREWALL_SETTINGS+=( "FIREWALL_PMTU_DISCOVERY" )
 
 # Default TTL
 FIREWALL_DEFAULT_TTL="64"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_DEFAULT_TTL"
+FIREWALL_SETTINGS+=( "FIREWALL_DEFAULT_TTL" )
 
 # Log stealth scans
 FIREWALL_LOG_STEALTH_SCANS="true"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_STEALTH_SCANS"
+FIREWALL_SETTINGS+=( "FIREWALL_LOG_STEALTH_SCANS" )
 
 # Log packets with bad TCP flags
 FIREWALL_LOG_BAD_TCP_FLAGS="true"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_BAD_TCP_FLAGS"
+FIREWALL_SETTINGS+=( "FIREWALL_LOG_BAD_TCP_FLAGS" )
 
 # Log INVALID TCP packets
 FIREWALL_LOG_INVALID_TCP="true"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_INVALID_TCP"
+FIREWALL_SETTINGS+=( "FIREWALL_LOG_INVALID_TCP" )
 
 # Log INVALID UDP packets
 FIREWALL_LOG_INVALID_UDP="true"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_INVALID_UDP"
+FIREWALL_SETTINGS+=( "FIREWALL_LOG_INVALID_UDP" )
 
 # Log INVALID ICMP packets
 FIREWALL_LOG_INVALID_ICMP="true"
-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_INVALID_ICMP"
+FIREWALL_SETTINGS+=( "FIREWALL_LOG_INVALID_ICMP" )
 
 FIREWALL_SUPPORTED_PROTOCOLS="tcp udp icmp igmp esp ah gre"
 FIREWALL_PROTOCOLS_SUPPORTING_PORTS="tcp udp"
diff --git a/src/functions/functions.settings b/src/functions/functions.settings
index 69f4c238..5728e72b 100644
--- a/src/functions/functions.settings
+++ b/src/functions/functions.settings
@@ -297,13 +297,13 @@ network_settings_list() {
 }
 
 firewall_settings_read() {
-	settings_read "${FIREWALL_SETTINGS_FILE}" "${FIREWALL_SETTINGS_PARAMS}"
+	settings_read "${FIREWALL_SETTINGS_FILE}" "${FIREWALL_SETTINGS[*]}"
 }
 
 firewall_settings_write() {
-	settings_write "${FIREWALL_SETTINGS_FILE}" "${FIREWALL_SETTINGS_PARAMS}"
+	settings_write "${FIREWALL_SETTINGS_FILE}" "${FIREWALL_SETTINGS[*]}"
 }
 
 firewall_settings_print() {
-	settings_print "${FIREWALL_SETTINGS_PARAMS}"
+	settings_print "${FIREWALL_SETTINGS[*]}"
 }