]>
Commit | Line | Data |
---|---|---|
98146c00 MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2012 IPFire Network Development Team # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
fe52c5e0 MT |
22 | function firewall_cli() { |
23 | local protocol="${1}" | |
24 | assert isset protocol | |
25 | shift | |
98146c00 | 26 | |
fe52c5e0 MT |
27 | # Parse the command line |
28 | while [ $# -gt 0 ]; do | |
29 | case "${1}" in | |
30 | -d|--debug) | |
31 | DEBUG=1 | |
32 | log DEBUG "Enabled debugging mode" | |
33 | ;; | |
34 | *) | |
35 | action=${1} | |
36 | ;; | |
37 | esac | |
38 | shift | |
39 | [ -n "${action}" ] && break | |
40 | done | |
98146c00 | 41 | |
fe52c5e0 MT |
42 | # Process the given action |
43 | case "${action}" in | |
44 | start|restart|reload) | |
45 | firewall_start "${protocol}" "$@" | |
46 | ;; | |
47 | ||
48 | stop) | |
49 | firewall_stop "${protocol}" "$@" | |
50 | ;; | |
51 | ||
52 | show) | |
53 | firewall_show "${protocol}" "$@" | |
54 | ;; | |
55 | ||
56 | panic) | |
57 | firewall_cli_panic "${protocol}" "$@" | |
58 | ;; | |
59 | ||
60 | config) | |
61 | firewall_cli_config "${protocol}" $@ | |
62 | ;; | |
63 | ||
64 | zone) | |
65 | firewall_cli_zone $@ | |
66 | ;; | |
67 | ||
68 | ""|help|--help|-h) | |
69 | cli_usage root | |
70 | exit ${EXIT_OK} | |
71 | ;; | |
72 | ||
73 | *) | |
74 | error "Invalid command given: ${action}" | |
75 | cli_usage usage | |
76 | exit ${EXIT_CONF_ERROR} | |
77 | ;; | |
78 | esac | |
98146c00 | 79 | |
fe52c5e0 | 80 | exit ${EXIT_OK} |
afb7d704 MT |
81 | } |
82 | ||
fe52c5e0 MT |
83 | function firewall_cli_panic() { |
84 | local protocol="${1}" | |
85 | assert isset protocol | |
86 | shift | |
87 | ||
afb7d704 MT |
88 | if cli_help_requested $@; then |
89 | cli_show_man firewall-panic | |
90 | exit ${EXIT_OK} | |
91 | fi | |
92 | ||
93 | local admin_hosts | |
94 | while [ $# -gt 0 ]; do | |
95 | case "${1}" in | |
96 | *) | |
97 | if ip_is_valid ${1}; then | |
98 | admin_hosts="${admin_hosts} ${1}" | |
99 | else | |
100 | warning "Invalid IP address: ${1}" | |
101 | fi | |
102 | ;; | |
103 | esac | |
104 | shift | |
105 | done | |
106 | ||
107 | firewall_panic ${admin_hosts} | |
108 | } | |
109 | ||
fe52c5e0 MT |
110 | function firewall_cli_config() { |
111 | local protocol="${1}" | |
112 | assert isset protocol | |
113 | shift | |
114 | ||
3647b19f MT |
115 | if cli_help_requested $@; then |
116 | cli_usage root-config | |
117 | exit ${EXIT_OK} | |
118 | fi | |
119 | ||
120 | if [ -n "${1}" ]; then | |
fe52c5e0 MT |
121 | config_set "$@" |
122 | firewall_config_write "${protocol}" | |
3647b19f | 123 | else |
fe52c5e0 | 124 | firewall_config_print "${protocol}" |
3647b19f MT |
125 | fi |
126 | } | |
127 | ||
fe52c5e0 MT |
128 | function firewall_cli_zone() { |
129 | local protocol="${1}" | |
130 | assert isset protocol | |
131 | shift | |
132 | ||
4fedddef MT |
133 | if cli_help_requested $@; then |
134 | cli_show_man firewall-zone | |
135 | exit ${EXIT_OK} | |
136 | fi | |
137 | ||
138 | if zone_name_is_valid ${1}; then | |
139 | local zone=${1} | |
140 | local action=${2} | |
141 | shift 2 | |
142 | ||
143 | # Check if the given zone exists. | |
144 | if ! zone_exists ${zone}; then | |
145 | error "Zone '${zone}' does not exist." | |
146 | cli_run_help firewall zone | |
147 | ||
148 | exit ${EXIT_ERROR} | |
149 | fi | |
150 | ||
151 | # Process the given action. | |
152 | case "${action}" in | |
153 | edit) | |
fe52c5e0 | 154 | firewall_cli_zone_edit ${zone} $@ |
4fedddef MT |
155 | ;; |
156 | status|"") | |
fe52c5e0 | 157 | firewall_cli_zone_status ${zone} $@ |
4fedddef MT |
158 | ;; |
159 | ||
160 | # Print the raw configuration settings. | |
161 | show) | |
162 | firewall_zone_print ${zone} $@ | |
163 | ||
164 | exit ${EXIT_ERROR} | |
165 | ;; | |
166 | *) | |
167 | error "Unrecognized action: ${action}" | |
168 | cli_run_help firewall zone | |
169 | ||
170 | exit ${EXIT_ERROR} | |
171 | ;; | |
172 | esac | |
173 | else | |
174 | local action=${1} | |
175 | shift | |
176 | ||
177 | case "${action}" in | |
178 | reset) | |
179 | firewall_zone_reset $@ | |
180 | exit $? | |
181 | ;; | |
182 | ||
183 | *) | |
184 | error "Unrecognized action: ${action}" | |
185 | cli_run_help firewall zone | |
186 | ||
187 | exit ${EXIT_ERROR} | |
188 | ;; | |
189 | esac | |
190 | fi | |
191 | } | |
192 | ||
193 | # Show firewall zone conifguration. | |
fe52c5e0 | 194 | function firewall_cli_zone_status() { |
4fedddef MT |
195 | local zone=${1} |
196 | assert isset zone | |
197 | ||
198 | ( | |
199 | firewall_zone_read ${zone} | |
200 | ||
201 | cli_headline 1 "Zone ${zone} (policy ${POLICY})" | |
202 | cli_print_fmt1 1 "Masquerade" "$(cli_print_bool ${MASQUERADE})" | |
203 | ||
204 | cli_space | |
205 | ) | |
206 | ||
207 | exit ${EXIT_OK} | |
208 | } | |
209 | ||
210 | # Edit firewall zone configuration. | |
fe52c5e0 MT |
211 | function firewall_cli_zone_edit() { |
212 | firewall_zone_edit "$@" | |
4fedddef MT |
213 | |
214 | exit ${EXIT_OK} | |
215 | } |