hooks_portsdir = $(hooksdir)/ports
hooks_zonesdir = $(hooksdir)/zones
+triggersdir = $(networkdir)/triggers
+
CLEANFILES =
DISTCLEANFILES =
EXTRA_DIST =
src/functions/functions.settings \
src/functions/functions.stp \
src/functions/functions.sysctl \
+ src/functions/functions.triggers \
src/functions/functions.usb \
src/functions/functions.util \
src/functions/functions.vlan \
# ------------------------------------------------------------------------------
+INSTALL_DIRS = \
+ $(triggersdir)
+
+# ------------------------------------------------------------------------------
+
MANPAGES = \
man/firewall-settings.8 \
man/network.8 \
NETWORK_DB_DIR="${RUN_DIR}/db"
NETWORK_ZONE_DIR="${NETWORK_CONFIG_DIR}"
NETWORK_HOOKS_DIR=/usr/lib/network/hooks
+NETWORK_TRIGGERS_DIR=/usr/lib/network/triggers
# Network file configuration.
NETWORK_SETTINGS_FILE=${NETWORK_CONFIG_DIR}/config
for init in ${INIT_FUNCTIONS}; do
${init}
done
+
+ # Also execute all triggers
+ triggers_execute_all "init"
}
VERSION="@PACKAGE_VERSION@"
routes=$(echo ${routes})
# Remove all default routes.
- while ${cmd} | grep -q "^default"; do
- ${cmd} del default
- done
-
if [ -z "${routes}" ]; then
+ cmd ${cmd} del default
log INFO "Removed default route for ${proto}."
return ${EXIT_OK}
fi
log INFO "Setting default route for ${proto}: ${routes}"
- cmd ${cmd} add default ${routes}
+ cmd ${cmd} replace default ${routes}
assert [ $? -eq 0 ]
case "${proto}" in
radvd_update
;;
esac
+
+ triggers_execute_all "online"
done
}
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2015 IPFire Network Development Team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+TRIGGER_ACTIONS="init up down online"
+
+trigger_execute() {
+ local trigger="$1"
+ shift
+
+ local environment=$@
+
+ if [ ! -x "${trigger}" ]; then
+ log WARNING "Trigger is not executable: ${trigger}"
+ return ${EXIT_ERROR}
+ fi
+
+ log DEBUG "Executing trigger ${trigger}..."
+ cmd_clean_environment ${environment} "${trigger}" &>/dev/null
+ local ret=${?}
+
+ if [ ${ret} -ne ${EXIT_OK} ]; then
+ log WARNING "Trigger ${trigger} exited with exit code: ${ret}"
+ log WARNING " Environment: ${environment}"
+ fi
+
+ return ${ret}
+}
+
+triggers_execute_all() {
+ local action="${1}"
+ shift
+
+ # Check if the action is valid
+ assert list_match "${action}" ${TRIGGER_ACTIONS}
+
+ local environment=$@
+
+ # Check if the directory exists
+ [ -d "${NETWORK_TRIGGERS_DIR}" ] || return ${EXIT_ERROR}
+
+ local trigger
+ for trigger in ${NETWORK_TRIGGERS_DIR}/*; do
+ # Check if the trigger can be executed
+ if [ ! -x "${trigger}" ]; then
+ log DEBUG "Trigger is not executable: ${trigger}"
+ continue
+ fi
+
+ # Execute the trigger
+ trigger_execute "${trigger}" ${environment} ACTION="${action}"
+ done
+
+ return ${EXIT_OK}
+}
assert false "not implemented"
}
+# Runs a command in a clean environment so that no confidential information
+# is leaked to any untrusted commands.
+cmd_clean_environment() {
+ local cmd=$@
+
+ log DEBUG "Running command in a clean environment: ${cmd}"
+ env -i -- ${cmd}
+ local ret=${?}
+
+ log DEBUG "Returned with code '${ret}'"
+ return ${ret}
+}
+
# Increase security of the read command
read() {
builtin read -r $@
hook_zone_exec ${hook} up ${zone} $@
zone_db ${zone} started
+
+ # Execute all triggers after the zone got up
+ triggers_execute_all "up" ZONE="${zone}"
}
zone_down() {
zone_db ${zone} stopped
+ # Execute all triggers after the zone went down
+ triggers_execute_all "down" ZONE="${zone}"
+
# Remove the zone, if it has got a remove tag.
if zone_has_destroy_tag "${zone}"; then
zone_destroy_now "${zone}"