functions.cli.firewall

   1 #!/bin/bash
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2012  IPFire Network Development Team                         #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 function firewall_cli() {
  23         local protocol="${1}"
  24         assert isset protocol
  25         shift
  26
  27         # Parse the command line
  28         while [ $# -gt 0 ]; do
  29                 case "${1}" in
  30                         -d|--debug)
  31                                 DEBUG=1
  32                                 log DEBUG "Enabled debugging mode"
  33                                 ;;
  34                         *)
  35                                 action=${1}
  36                                 ;;
  37                 esac
  38                 shift
  39                 [ -n "${action}" ] && break
  40         done
  41
  42         # Process the given action
  43         case "${action}" in
  44                 start|restart|reload)
  45                         firewall_start "${protocol}" "$@"
  46                         ;;
  47
  48                 stop)
  49                         firewall_stop "${protocol}" "$@"
  50                         ;;
  51
  52                 show)
  53                         firewall_show "${protocol}" "$@"
  54                         ;;
  55
  56                 panic)
  57                         firewall_cli_panic "${protocol}" "$@"
  58                         ;;
  59
  60                 config)
  61                         firewall_cli_config "${protocol}" $@
  62                         ;;
  63
  64                 zone)
  65                         firewall_cli_zone $@
  66                         ;;
  67
  68                 ""|help|--help|-h)
  69                         cli_usage root
  70                         exit ${EXIT_OK}
  71                         ;;
  72
  73                 *)
  74                         error "Invalid command given: ${action}"
  75                         cli_usage usage
  76                         exit ${EXIT_CONF_ERROR}
  77                         ;;
  78         esac
  79
  80         exit ${EXIT_OK}
  81 }
  82
  83 function firewall_cli_panic() {
  84         local protocol="${1}"
  85         assert isset protocol
  86         shift
  87
  88         if cli_help_requested $@; then
  89                 cli_show_man firewall-panic
  90                 exit ${EXIT_OK}
  91         fi
  92
  93         local admin_hosts
  94         while [ $# -gt 0 ]; do
  95                 case "${1}" in
  96                         *)
  97                                 if ip_is_valid ${1}; then
  98                                         admin_hosts="${admin_hosts} ${1}"
  99                                 else
 100                                         warning "Invalid IP address: ${1}"
 101                                 fi
 102                                 ;;
 103                 esac
 104                 shift
 105         done
 106
 107         firewall_panic ${admin_hosts}
 108 }
 109
 110 function firewall_cli_config() {
 111         local protocol="${1}"
 112         assert isset protocol
 113         shift
 114
 115         if cli_help_requested $@; then
 116                 cli_usage root-config
 117                 exit ${EXIT_OK}
 118         fi
 119
 120         if [ -n "${1}" ]; then
 121                 config_set "$@"
 122                 firewall_config_write "${protocol}"
 123         else
 124                 firewall_config_print "${protocol}"
 125         fi
 126 }
 127
 128 function firewall_cli_zone() {
 129         local protocol="${1}"
 130         assert isset protocol
 131         shift
 132
 133         if cli_help_requested $@; then
 134                 cli_show_man firewall-zone
 135                 exit ${EXIT_OK}
 136         fi
 137
 138         if zone_name_is_valid ${1}; then
 139                 local zone=${1}
 140                 local action=${2}
 141                 shift 2
 142
 143                 # Check if the given zone exists.
 144                 if ! zone_exists ${zone}; then
 145                         error "Zone '${zone}' does not exist."
 146                         cli_run_help firewall zone
 147
 148                         exit ${EXIT_ERROR}
 149                 fi
 150
 151                 # Process the given action.
 152                 case "${action}" in
 153                         edit)
 154                                 firewall_cli_zone_edit ${zone} $@
 155                                 ;;
 156                         status|"")
 157                                 firewall_cli_zone_status ${zone} $@
 158                                 ;;
 159
 160                         # Print the raw configuration settings.
 161                         show)
 162                                 firewall_zone_print ${zone} $@
 163
 164                                 exit ${EXIT_ERROR}
 165                                 ;;
 166                         *)
 167                                 error "Unrecognized action: ${action}"
 168                                 cli_run_help firewall zone
 169
 170                                 exit ${EXIT_ERROR}
 171                                 ;;
 172                 esac
 173         else
 174                 local action=${1}
 175                 shift
 176
 177                 case "${action}" in
 178                         reset)
 179                                 firewall_zone_reset $@
 180                                 exit $?
 181                                 ;;
 182
 183                         *)
 184                                 error "Unrecognized action: ${action}"
 185                                 cli_run_help firewall zone
 186
 187                                 exit ${EXIT_ERROR}
 188                                 ;;
 189                 esac
 190         fi
 191 }
 192
 193 # Show firewall zone conifguration.
 194 function firewall_cli_zone_status() {
 195         local zone=${1}
 196         assert isset zone
 197
 198         (
 199                 firewall_zone_read ${zone}
 200
 201                 cli_headline 1 "Zone ${zone} (policy ${POLICY})"
 202                 cli_print_fmt1 1 "Masquerade" "$(cli_print_bool ${MASQUERADE})"
 203
 204                 cli_space
 205         )
 206
 207         exit ${EXIT_OK}
 208 }
 209
 210 # Edit firewall zone configuration.
 211 function firewall_cli_zone_edit() {
 212         firewall_zone_edit "$@"
 213
 214         exit ${EXIT_OK}
 215 }