firewall

   1 #!/bin/bash
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2012  IPFire Network Development Team                         #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 . /usr/lib/network/functions
  23
  24 function cli_start() {
  25         firewall_start $@
  26 }
  27
  28 function cli_stop() {
  29         firewall_stop
  30 }
  31
  32 function cli_show() {
  33         firewall_show $@
  34 }
  35
  36 function cli_panic() {
  37         if cli_help_requested $@; then
  38                 cli_show_man firewall-panic
  39                 exit ${EXIT_OK}
  40         fi
  41
  42         local admin_hosts
  43         while [ $# -gt 0 ]; do
  44                 case "${1}" in
  45                         *)
  46                                 if ip_is_valid ${1}; then
  47                                         admin_hosts="${admin_hosts} ${1}"
  48                                 else
  49                                         warning "Invalid IP address: ${1}"
  50                                 fi
  51                                 ;;
  52                 esac
  53                 shift
  54         done
  55
  56         firewall_panic ${admin_hosts}
  57 }
  58
  59 function cli_config() {
  60         if cli_help_requested $@; then
  61                 cli_usage root-config
  62                 exit ${EXIT_OK}
  63         fi
  64
  65         if [ -n "${1}" ]; then
  66                 config_set $@
  67                 firewall_config_write
  68         else
  69                 firewall_config_print
  70         fi
  71 }
  72
  73 function cli_zone() {
  74         if cli_help_requested $@; then
  75                 cli_show_man firewall-zone
  76                 exit ${EXIT_OK}
  77         fi
  78
  79         if zone_name_is_valid ${1}; then
  80                 local zone=${1}
  81                 local action=${2}
  82                 shift 2
  83
  84                 # Check if the given zone exists.
  85                 if ! zone_exists ${zone}; then
  86                         error "Zone '${zone}' does not exist."
  87                         cli_run_help firewall zone
  88
  89                         exit ${EXIT_ERROR}
  90                 fi
  91
  92                 # Process the given action.
  93                 case "${action}" in
  94                         edit)
  95                                 cli_zone_edit ${zone} $@
  96                                 ;;
  97                         status|"")
  98                                 cli_zone_status ${zone} $@
  99                                 ;;
 100
 101                         # Print the raw configuration settings.
 102                         show)
 103                                 firewall_zone_print ${zone} $@
 104
 105                                 exit ${EXIT_ERROR}
 106                                 ;;
 107                         *)
 108                                 error "Unrecognized action: ${action}"
 109                                 cli_run_help firewall zone
 110
 111                                 exit ${EXIT_ERROR}
 112                                 ;;
 113                 esac
 114         else
 115                 local action=${1}
 116                 shift
 117
 118                 case "${action}" in
 119                         reset)
 120                                 firewall_zone_reset $@
 121                                 exit $?
 122                                 ;;
 123
 124                         *)
 125                                 error "Unrecognized action: ${action}"
 126                                 cli_run_help firewall zone
 127
 128                                 exit ${EXIT_ERROR}
 129                                 ;;
 130                 esac
 131         fi
 132 }
 133
 134 # Show firewall zone conifguration.
 135 function cli_zone_status() {
 136         local zone=${1}
 137         assert isset zone
 138
 139         (
 140                 firewall_zone_read ${zone}
 141
 142                 cli_headline 1 "Zone ${zone} (policy ${POLICY})"
 143                 cli_print_fmt1 1 "Masquerade" "$(cli_print_bool ${MASQUERADE})"
 144
 145                 cli_space
 146         )
 147
 148         exit ${EXIT_OK}
 149 }
 150
 151 # Edit firewall zone configuration.
 152 function cli_zone_edit() {
 153         firewall_zone_edit $@
 154
 155         exit ${EXIT_OK}
 156 }
 157
 158 # Parse the command line
 159 while [ $# -gt 0 ]; do
 160         case "${1}" in
 161                 -d|--debug)
 162                         DEBUG=1
 163                         log DEBUG "Enabled debugging mode"
 164                         ;;
 165                 *)
 166                         action=${1}
 167                         ;;
 168         esac
 169         shift
 170         [ -n "${action}" ] && break
 171 done
 172
 173 # Process the given action
 174 case "${action}" in
 175         start|restart|reload)
 176                 cli_start $@
 177                 ;;
 178
 179         stop)
 180                 cli_stop $@
 181                 ;;
 182
 183         show)
 184                 cli_show $@
 185                 ;;
 186
 187         panic)
 188                 cli_panic $@
 189                 ;;
 190
 191         config)
 192                 cli_config $@
 193                 ;;
 194
 195         zone)
 196                 cli_zone $@
 197                 ;;
 198
 199         ""|help|--help|-h)
 200                 cli_usage root
 201                 exit ${EXIT_OK}
 202                 ;;
 203
 204         *)
 205                 error "Invalid command given: ${action}"
 206                 cli_usage usage
 207                 exit ${EXIT_CONF_ERROR}
 208                 ;;
 209 esac
 210
 211 exit ${EXIT_OK}