]> git.ipfire.org Git - people/stevee/network.git/blob - functions.firewall-zones
projects / people / stevee / network.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vlan: Rewrite VLAN stuff.
[people/stevee/network.git] / functions.firewall-zones
1 #!/bin/bash
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2012 IPFire Network Development Team #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21 #
22
23 FIREWALL_ZONE_SETTINGS="MASQUERADE POLICY"
24
25 function firewall_zone_create() {
26 local zone=${1}
27 assert isset zone
28
29 # Do nothing if the zone configuration already exists.
30 firewall_zone_exists ${zone} && return ${EXIT_OK}
31
32 # Write defaults to the file.
33 (
34 firewall_zone_read ${zone}
35 firewall_zone_write ${zone}
36 )
37
38 return ${EXIT_OK}
39 }
40
41 function firewall_zone_config() {
42 local zone=${1}
43 assert isset zone
44
45 print "$(zone_dir ${zone})/fwsettings"
46 return ${EXIT_OK}
47 }
48
49 function firewall_zone_exists() {
50 local file=$(firewall_zone_config $@)
51
52 [ -r "${file}" ] && return ${EXIT_TRUE} || return ${EXIT_FALSE}
53 }
54
55 function firewall_zone_defaults() {
56 local zone=${1}
57 assert isset zone
58
59 # Default policy.
60 POLICY="DROP"
61
62 # Don't masquerade by default (IPv4 only).
63 MASQUERADE="false"
64 }
65
66 function firewall_zone_read() {
67 local zone=${1}
68 assert isset zone
69
70 local file=$(firewall_zone_config ${zone})
71 assert isset file
72
73 # Load default settings.
74 firewall_zone_defaults ${zone}
75
76 config_read ${file} ${FIREWALL_ZONE_SETTINGS}
77 return ${EXIT_OK}
78 }
79
80 function firewall_zone_write() {
81 local zone=${1}
82 assert isset zone
83
84 local file=$(firewall_zone_config ${zone})
85 assert isset file
86
87 config_write ${file} ${FIREWALL_ZONE_SETTINGS}
88 return ${EXIT_OK}
89 }
90
91 function firewall_zone_print() {
92 local zone=${1}
93 assert isset zone
94
95 (
96 firewall_zone_read ${zone}
97 config_print ${FIREWALL_ZONE_SETTINGS}
98 )
99
100 return ${EXIT_OK}
101 }
102
103 function firewall_zone_edit() {
104 local zone=${1}
105 shift
106
107 assert firewall_zone_exists ${zone}
108
109 (
110 # Read current settings.
111 firewall_zone_read ${zone}
112
113 while [ $# -gt 0 ]; do
114 case "${1}" in
115 --masquerade=*)
116 MASQUERADE=$(cli_get_val ${1})
117 ;;
118 --policy=*)
119 POLICY=$(cli_get_val ${1})
120 ;;
121 *)
122 warning "Unknown option: ${1}"
123 ;;
124 esac
125 shift
126 done
127
128 # Write updated settings.
129 firewall_zone_write ${zone}
130 )
131 }
132
133 function firewall_zone_reset() {
134 local zone=${1}
135 assert isset zone
136
137 local file=$(firewall_zone_config ${zone})
138 assert isset file
139
140 # Remove the configuration file.
141 rm -f ${file}
142
143 # Recreate it.
144 firewall_zone_create ${zone}
145
146 return ${EXIT_OK}
147 }
Stevee's network tree.