IPsec: Rename ipsec-block script to ipsec-policy
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 29 Nov 2018 15:04:28 +0000 (15:04 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 4 Feb 2019 18:20:36 +0000 (18:20 +0000)
This is a more general name for a script that will be extended
soon to do more than just add blocking rules.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/firewall/ipsec-policy [moved from config/firewall/ipsec-block with 88% similarity]
config/rootfiles/common/aarch64/stage2
config/rootfiles/common/stage2
config/rootfiles/common/x86_64/stage2
lfs/stage2
src/initscripts/system/firewall
src/misc-progs/ipsecctrl.c

similarity index 88%
rename from config/firewall/ipsec-block
rename to config/firewall/ipsec-policy
index 96682b8..4544a44 100644 (file)
 
 VPN_CONFIG="/var/ipfire/vpn/config"
 
+VARS=(
+       id status name lefthost type ctype x1 x2 x3 leftsubnets
+       x4 righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12
+       x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24
+       route rest
+)
+
 block_subnet() {
        local subnet="${1}"
        local action="${2}"
@@ -45,21 +52,15 @@ block_subnet() {
        return 0
 }
 
-block_ipsec() {
+install_policy() {
        # Flush all exists rules
        iptables -F IPSECBLOCK
 
-       local action
-
-       local vars="id status name lefthost type ctype x1 x2 x3 leftsubnets"
-       vars="${vars} x4 righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12"
-       vars="${vars} x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24"
-       vars="${vars} route rest"
-
        # Register local variables
-       local ${vars}
+       local "${VARS[@]}"
+       local action
 
-       while IFS="," read -r ${vars}; do
+       while IFS="," read -r "${VARS[@]}"; do
                # Check if the connection is enabled
                [ "${status}" = "on" ] || continue
 
@@ -85,4 +86,4 @@ block_ipsec() {
        done < "${VPN_CONFIG}"
 }
 
-block_ipsec || exit $?
+install_policy || exit $?
index 110114c..0c2552f 100644 (file)
@@ -76,7 +76,7 @@ usr/bin/captive-cleanup
 #usr/lib
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
 usr/lib/firewall/rules.pl
 #usr/lib/libgcc_s.so
 usr/lib/libgcc_s.so.1
index 5665f23..7b4dbaa 100644 (file)
@@ -75,7 +75,7 @@ usr/bin/captive-cleanup
 #usr/lib
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
 usr/lib/firewall/rules.pl
 #usr/lib/libgcc_s.so
 usr/lib/libgcc_s.so.1
index 110114c..0c2552f 100644 (file)
@@ -76,7 +76,7 @@ usr/bin/captive-cleanup
 #usr/lib
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
 usr/lib/firewall/rules.pl
 #usr/lib/libgcc_s.so
 usr/lib/libgcc_s.so.1
index 7e8dfe3..4b8f0bc 100644 (file)
@@ -115,8 +115,8 @@ endif
                /usr/lib/firewall/rules.pl
        install -m 644 $(DIR_SRC)/config/firewall/firewall-lib.pl \
                /usr/lib/firewall/firewall-lib.pl
-       install -m 755 $(DIR_SRC)/config/firewall/ipsec-block \
-               /usr/lib/firewall/ipsec-block
+       install -m 755 $(DIR_SRC)/config/firewall/ipsec-policy \
+               /usr/lib/firewall/ipsec-policy
 
        # Nobody user
        -mkdir -p /home/nobody
index 7072099..1ffeda9 100644 (file)
@@ -360,8 +360,8 @@ iptables_init() {
        iptables -t nat -N REDNAT
        iptables -t nat -A POSTROUTING -j REDNAT
 
-       # Populate IPsec block chain
-       /usr/lib/firewall/ipsec-block
+       # Populate IPsec chains
+       /usr/lib/firewall/ipsec-policy
 
        # Apply OpenVPN firewall rules
        /usr/local/bin/openvpnctrl --firewall-rules
index 9afc409..53c8767 100644 (file)
@@ -152,8 +152,8 @@ void turn_connection_on(char *name, char *type) {
                 "/usr/sbin/ipsec down %s >/dev/null", name);
         safe_system(command);
 
-       // Reload the IPsec block chain
-       safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+       // Reload the IPsec firewall policy
+       safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
 
        // Reload the configuration into the daemon (#10339).
        ipsec_reload();
@@ -182,8 +182,8 @@ void turn_connection_off (char *name) {
        // Reload, so the connection is dropped.
        ipsec_reload();
 
-       // Reload the IPsec block chain
-       safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+       // Reload the IPsec firewall policy
+       safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
 }
 
 int main(int argc, char *argv[]) {
@@ -316,7 +316,7 @@ int main(int argc, char *argv[]) {
 
         // start the system
         if ((argc == 2) && strcmp(argv[1], "S") == 0) {
-               safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+               safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
                safe_system("/usr/sbin/ipsec restart >/dev/null");
                 exit(0);
         }