fi
}
+function cli_zone() {
+ if cli_help_requested $@; then
+ cli_show_man firewall-zone
+ exit ${EXIT_OK}
+ fi
+
+ if zone_name_is_valid ${1}; then
+ local zone=${1}
+ local action=${2}
+ shift 2
+
+ # Check if the given zone exists.
+ if ! zone_exists ${zone}; then
+ error "Zone '${zone}' does not exist."
+ cli_run_help firewall zone
+
+ exit ${EXIT_ERROR}
+ fi
+
+ # Process the given action.
+ case "${action}" in
+ edit)
+ cli_zone_edit ${zone} $@
+ ;;
+ status|"")
+ cli_zone_status ${zone} $@
+ ;;
+
+ # Print the raw configuration settings.
+ show)
+ firewall_zone_print ${zone} $@
+
+ exit ${EXIT_ERROR}
+ ;;
+ *)
+ error "Unrecognized action: ${action}"
+ cli_run_help firewall zone
+
+ exit ${EXIT_ERROR}
+ ;;
+ esac
+ else
+ local action=${1}
+ shift
+
+ case "${action}" in
+ reset)
+ firewall_zone_reset $@
+ exit $?
+ ;;
+
+ *)
+ error "Unrecognized action: ${action}"
+ cli_run_help firewall zone
+
+ exit ${EXIT_ERROR}
+ ;;
+ esac
+ fi
+}
+
+# Show firewall zone conifguration.
+function cli_zone_status() {
+ local zone=${1}
+ assert isset zone
+
+ (
+ firewall_zone_read ${zone}
+
+ cli_headline 1 "Zone ${zone} (policy ${POLICY})"
+ cli_print_fmt1 1 "Masquerade" "$(cli_print_bool ${MASQUERADE})"
+
+ cli_space
+ )
+
+ exit ${EXIT_OK}
+}
+
+# Edit firewall zone configuration.
+function cli_zone_edit() {
+ firewall_zone_edit $@
+
+ exit ${EXIT_OK}
+}
+
# Parse the command line
while [ $# -gt 0 ]; do
case "${1}" in
cli_config $@
;;
+ zone)
+ cli_zone $@
+ ;;
+
""|help|--help|-h)
cli_usage root
exit ${EXIT_OK}
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2012 IPFire Network Development Team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+#
+
+FIREWALL_ZONE_SETTINGS="MASQUERADE POLICY"
+
+function firewall_zone_create() {
+ local zone=${1}
+ assert isset zone
+
+ # Do nothing if the zone configuration already exists.
+ firewall_zone_exists ${zone} && return ${EXIT_OK}
+
+ # Write defaults to the file.
+ (
+ firewall_zone_read ${zone}
+ firewall_zone_write ${zone}
+ )
+
+ return ${EXIT_OK}
+}
+
+function firewall_zone_config() {
+ local zone=${1}
+ assert isset zone
+
+ print "$(zone_dir ${zone})/fwsettings"
+ return ${EXIT_OK}
+}
+
+function firewall_zone_exists() {
+ local file=$(firewall_zone_config $@)
+
+ [ -r "${file}" ] && return ${EXIT_TRUE} || return ${EXIT_FALSE}
+}
+
+function firewall_zone_defaults() {
+ local zone=${1}
+ assert isset zone
+
+ # Default policy.
+ POLICY="DROP"
+
+ # Don't masquerade by default (IPv4 only).
+ MASQUERADE="false"
+}
+
+function firewall_zone_read() {
+ local zone=${1}
+ assert isset zone
+
+ local file=$(firewall_zone_config ${zone})
+ assert isset file
+
+ # Load default settings.
+ firewall_zone_defaults ${zone}
+
+ config_read ${file} ${FIREWALL_ZONE_SETTINGS}
+ return ${EXIT_OK}
+}
+
+function firewall_zone_write() {
+ local zone=${1}
+ assert isset zone
+
+ local file=$(firewall_zone_config ${zone})
+ assert isset file
+
+ config_write ${file} ${FIREWALL_ZONE_SETTINGS}
+ return ${EXIT_OK}
+}
+
+function firewall_zone_print() {
+ local zone=${1}
+ assert isset zone
+
+ (
+ firewall_zone_read ${zone}
+ config_print ${FIREWALL_ZONE_SETTINGS}
+ )
+
+ return ${EXIT_OK}
+}
+
+function firewall_zone_edit() {
+ local zone=${1}
+ shift
+
+ assert firewall_zone_exists ${zone}
+
+ (
+ # Read current settings.
+ firewall_zone_read ${zone}
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+ --masquerade=*)
+ MASQUERADE=$(cli_get_val ${1})
+ ;;
+ --policy=*)
+ POLICY=$(cli_get_val ${1})
+ ;;
+ *)
+ warning "Unknown option: ${1}"
+ ;;
+ esac
+ shift
+ done
+
+ # Write updated settings.
+ firewall_zone_write ${zone}
+ )
+}
+
+function firewall_zone_reset() {
+ local zone=${1}
+ assert isset zone
+
+ local file=$(firewall_zone_config ${zone})
+ assert isset file
+
+ # Remove the configuration file.
+ rm -f ${file}
+
+ # Recreate it.
+ firewall_zone_create ${zone}
+
+ return ${EXIT_OK}
+}
projects / network.git / commitdiff
