]> git.ipfire.org Git - people/stevee/network.git/blob - functions.zone
projects / people / stevee / network.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Don't use connection tracking for loopback traffic.
[people/stevee/network.git] / functions.zone
1 #!/bin/bash
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 function zone_dir() {
23 local zone=${1}
24
25 echo "${NETWORK_ZONE_DIR}/zones/${zone}"
26 }
27
28 function zone_exists() {
29 local zone=${1}
30 assert isset zone
31
32 [ -d "$(zone_dir ${zone})" ]
33 }
34
35 function zone_match() {
36 local match
37
38 local i
39 for i in ${VALID_ZONES}; do
40 match="${match}|${i}[0-9]{1,5}"
41 done
42
43 echo "${match:1:${#match}}"
44 }
45
46 function zone_name_is_valid() {
47 local zone=${1}
48
49 # Don't accept empty strings.
50 [ -z "${zone}" ] && return ${EXIT_FALSE}
51
52 [[ ${zone} =~ $(zone_match) ]]
53 }
54
55 function zone_is_local() {
56 local zone=${1}
57
58 [[ "${zone:0:${#ZONE_LOCAL}}" = "${ZONE_LOCAL}" ]]
59 }
60
61 function zone_is_nonlocal() {
62 local zone=${1}
63
64 [[ "${zone:0:${#ZONE_NONLOCAL}}" = "${ZONE_NONLOCAL}" ]]
65 }
66
67 function zone_get_hook() {
68 local zone=${1}
69 assert isset zone
70
71 config_get_hook $(zone_dir ${zone})/settings
72 }
73
74 function zone_start() {
75 # This function will bring up the zone
76 # 'asynchronously' with help of systemd.
77
78 local zone=${1}
79 assert zone_exists ${zone}
80
81 service_start "network@${zone}.service"
82 }
83
84 function zone_stop() {
85 # This function will bring down the zone
86 # 'asynchronously' with help of systemd.
87
88 local zone=${1}
89 assert zone_exists ${zone}
90
91 service_stop "network@${zone}.service"
92 }
93
94 function zone_create() {
95 local zone=${1}
96 local hook=${2}
97 shift 2
98
99 if ! zone_name_is_valid ${zone}; then
100 error "Zone name '${zone}' is not valid."
101 return ${EXIT_ERROR}
102 fi
103
104 if zone_exists ${zone}; then
105 error "Zone '${zone}' does already exist."
106 return ${EXIT_ERROR}
107 fi
108
109 if ! hook_zone_exists ${hook}; then
110 error "Hook '${hook}' does not exist."
111 return ${EXIT_ERROR}
112 fi
113
114 mkdir -p $(zone_dir ${zone})
115
116 # Create directories for configs and ports
117 mkdir -p $(zone_dir ${zone})/{configs,ports}
118
119 hook_zone_exec ${hook} create ${zone} $@
120 local ret=$?
121
122 # Maybe the zone create hook did not exit correctly.
123 # If this is the case we remove the created zone immediately.
124 if [ "${ret}" = "${EXIT_ERROR}" ]; then
125 zone_remove_now ${zone}
126 fi
127 }
128
129 function zone_edit() {
130 local zone=${1}
131 shift
132
133 if ! zone_exists ${zone}; then
134 error "Zone '${zone}' does not exist."
135 return ${EXIT_ERROR}
136 fi
137
138 # Check if the zone is tagged for removal.
139 if zone_has_remove_tag ${zone}; then
140 error "You cannot edit a zone that is tagged for removal."
141 return ${EXIT_ERROR}
142 fi
143
144 local hook=$(config_get_hook $(zone_dir ${zone})/settings)
145
146 if [ -z "${hook}" ]; then
147 error "Config file did not provide any hook."
148 return ${EXIT_ERROR}
149 fi
150
151 if ! hook_zone_exists ${hook}; then
152 error "Hook '${hook}' does not exist."
153 return ${EXIT_ERROR}
154 fi
155
156 hook_zone_exec ${hook} edit ${zone} $@
157 }
158
159
160 function zone_remove() {
161 local zone=${1}
162 assert zone_exists ${zone}
163
164 # Make the zone for removal.
165 touch $(zone_dir ${zone})/.remove
166
167 log INFO "Zone '${zone}' has been tagged for removal."
168 }
169
170 function zone_has_remove_tag() {
171 local zone=${1}
172 assert zone_exists ${zone}
173
174 [ -e "$(zone_dir ${zone})/.remove" ]
175 }
176
177 # This function will remove the given zone
178 # RIGHT NOW. Use zone_remove to remove it
179 # at the next status change.
180 function zone_remove_now() {
181 local zone=${1}
182 assert zone_exists ${zone}
183
184 log INFO "Removing zone '${zone}' right now."
185
186 # Force the zone down.
187 zone_is_up ${zone} && zone_set_down ${zone}
188
189 rm -rf $(zone_dir ${zone})
190 }
191
192 function zone_up() {
193 local zone=${1}
194 shift
195
196 if ! zone_exists ${zone}; then
197 error "Zone '${zone}' does not exist."
198 return ${EXIT_ERROR}
199 fi
200
201 # Check if a zone has got the remove tag.
202 if zone_has_remove_tag ${zone}; then
203 error "Cannot bring up any zone which is to be removed."
204 return ${EXIT_ERROR}
205 fi
206
207 local hook=$(config_get_hook $(zone_dir ${zone})/settings)
208
209 if [ -z "${hook}" ]; then
210 error "Config file did not provide any hook."
211 return ${EXIT_ERROR}
212 fi
213
214 if ! hook_zone_exists ${hook}; then
215 error "Hook '${hook}' does not exist."
216 return ${EXIT_ERROR}
217 fi
218
219 zone_db ${zone} starting
220
221 hook_zone_exec ${hook} up ${zone} $@
222
223 zone_db ${zone} started
224 }
225
226 function zone_down() {
227 local zone=${1}
228 shift
229
230 if ! zone_exists ${zone}; then
231 error "Zone '${zone}' does not exist."
232 return ${EXIT_ERROR}
233 fi
234
235 local hook=$(config_get_hook $(zone_dir ${zone})/settings)
236
237 if [ -z "${hook}" ]; then
238 error "Config file did not provide any hook."
239 return ${EXIT_ERROR}
240 fi
241
242 if ! hook_zone_exists ${hook}; then
243 error "Hook '${hook}' does not exist."
244 return ${EXIT_ERROR}
245 fi
246
247 zone_db ${zone} stopping
248
249 hook_zone_exec ${hook} down ${zone} $@
250
251 zone_db ${zone} stopped
252
253 # Remove the zone, if it has got a remove tag.
254 if zone_has_remove_tag ${zone}; then
255 zone_remove_now ${zone}
256 fi
257 }
258
259 function zone_status() {
260 local zone=${1}
261 shift
262
263 if ! zone_exists ${zone}; then
264 error "Zone '${zone}' does not exist."
265 return ${EXIT_ERROR}
266 fi
267
268 local hook=$(config_get_hook $(zone_dir ${zone})/settings)
269
270 if [ -z "${hook}" ]; then
271 error "Config file did not provide any hook."
272 return ${EXIT_ERROR}
273 fi
274
275 if ! hook_zone_exists ${hook}; then
276 error "Hook '${hook}' does not exist."
277 return ${EXIT_ERROR}
278 fi
279
280 hook_zone_exec ${hook} status ${zone} $@
281
282 # Show that the zone it to be removed soon.
283 if zone_has_remove_tag ${zone}; then
284 warning "This zone is tagged for removal."
285 fi
286 }
287
288 function zone_port() {
289 local zone=${1}
290 local action=${2}
291 shift 2
292
293 assert isset zone
294 assert isset action
295 assert zone_exists ${zone}
296
297 # Aliases
298 case "${action}" in
299 del|delete|remove)
300 action="rem"
301 ;;
302 esac
303
304 case "${action}" in
305 add|edit|rem)
306 zone_port_${action} ${zone} $@
307 ;;
308 *)
309 error "Unrecognized argument: ${action}"
310 cli_usage root-zone-port-subcommands
311 exit ${EXIT_ERROR}
312 ;;
313 esac
314 }
315
316 function zone_port_add() {
317 local zone=${1}
318 shift
319
320 assert isset zone
321
322 local hook=$(zone_get_hook ${zone})
323
324 assert isset hook
325
326 hook_zone_exec ${hook} port_add ${zone} $@
327 }
328
329 function zone_port_edit() {
330 zone_port_cmd edit $@
331 }
332
333 function zone_port_rem() {
334 zone_port_cmd rem $@
335 }
336
337 function zone_port_cmd() {
338 local cmd=${1}
339 local zone=${2}
340 local port=${3}
341 shift 3
342
343 assert isset zone
344 assert isset port
345
346 local hook_zone=$(zone_get_hook ${zone})
347 local hook_port=$(port_get_hook ${port})
348
349 assert isset hook_zone
350 assert isset hook_port
351
352 hook_zone_port_exec ${hook_zone} ${hook_port} ${cmd} ${zone} ${port} $@
353 }
354
355 function zone_port_up() {
356 zone_port_cmd up $@
357 }
358
359 function zone_port_down() {
360 zone_port_cmd down $@
361 }
362
363 function zone_get_ports() {
364 local zone=${1}
365
366 assert isset zone
367
368 local port
369 for port in $(zone_dir ${zone})/ports/*; do
370 port=$(basename ${port})
371
372 if port_exists ${port}; then
373 echo "${port}"
374 fi
375 done
376 }
377
378 function zone_has_port() {
379 # Check, if the given port is configured
380 # in this zone.
381
382 local zone=${1}
383 local port=${2}
384 shift 2
385
386 assert isset zone
387 assert isset port
388
389 [ -e "$(zone_dir ${zone})/ports/${port}" ]
390 }
391
392 # XXX overwritten some lines below
393 function zone_config() {
394 local zone=${1}
395 shift
396
397 if ! zone_exists ${zone}; then
398 error "Zone '${zone}' does not exist."
399 return ${EXIT_ERROR}
400 fi
401
402 local hook=$(config_get_hook $(zone_dir ${zone})/settings)
403
404 if [ -z "${hook}" ]; then
405 error "Config file did not provide any hook."
406 return ${EXIT_ERROR}
407 fi
408
409 if ! hook_zone_exists ${hook}; then
410 error "Hook '${hook}' does not exist."
411 return ${EXIT_ERROR}
412 fi
413
414 hook_zone_exec ${hook} config ${zone} $@
415 }
416
417 function zone_config() {
418 local zone=${1}
419 local action=${2}
420 shift 2
421
422 assert isset zone
423 assert isset action
424 assert zone_exists ${zone}
425
426 # Aliases
427 case "${action}" in
428 del|delete|remove)
429 action="rem"
430 ;;
431 esac
432
433 case "${action}" in
434 create|edit|rem)
435 zone_config_${action} ${zone} $@
436 ;;
437 *)
438 error "Unrecognized argument: ${action}"
439 cli_usage root-zone-config-subcommands
440 exit ${EXIT_ERROR}
441 ;;
442 esac
443 }
444
445 function zone_config_option() {
446 local zone=${1}
447 local option=${2}
448 local default=${3}
449 shift 2
450
451 assert isset zone
452 assert isset option
453
454 (
455 VALUE="${default}"
456 zone_config_read ${zone}
457
458 VALUE="${!option}"
459 echo "${VALUE}"
460 )
461 }
462
463 function zone_config_create() {
464 local zone=${1}
465 shift
466
467 assert isset zone
468
469 local hook=$(zone_get_hook ${zone})
470
471 assert isset hook
472
473 hook_zone_exec ${hook} config_create ${zone} $@
474 }
475
476 function zone_show() {
477 local zone=${1}
478
479 echo "${zone}"
480 echo " Type: $(zone_get_hook ${zone})"
481 echo
482 }
483
484 function zones_show() {
485 local zone
486
487 for zone in $(zones_get $@); do
488 zone_show ${zone}
489 done
490 }
491
492 function zones_get_all() {
493 local zone
494 for zone in $(zone_dir)/*; do
495 zone=$(basename ${zone})
496 zone_exists ${zone} || continue
497
498 echo "${zone}"
499 done
500 }
501
502 function zones_get_local() {
503 local zone
504 for zone in $(zones_get_all); do
505 zone_is_local ${zone} && echo "${zone}"
506 done
507 }
508
509 function zones_get_nonlocal() {
510 local zone
511 for zone in $(zones_get_all); do
512 zone_is_nonlocal ${zone} && echo "${zone}"
513 done
514 }
515
516 function zones_get() {
517 local local=1
518 local remote=1
519
520 local zones
521
522 while [ $# -gt 0 ]; do
523 case "${1}" in
524 --local-only)
525 local=1
526 remote=0
527 ;;
528 --remote-only)
529 local=0
530 remote=1
531 ;;
532 --all)
533 local=1
534 remote=1
535 ;;
536 *)
537 if zone_name_is_valid ${1}; then
538 zones="${zones} ${1}"
539 else
540 warning "Unrecognized argument '${1}'"
541 fi
542 ;;
543 esac
544 shift
545 done
546
547 if [ -n "${zones}" ]; then
548 local zone
549 for zone in ${zones}; do
550 zone_exists ${zone} && echo "${zone}"
551 done
552 exit ${EXIT_OK}
553 fi
554
555 if [ ${local} -eq 1 ] && [ ${remote} -eq 1 ]; then
556 zones_get_all
557 elif [ ${local} -eq 1 ]; then
558 zones_get_local
559 elif [ ${remote} -eq 1 ]; then
560 zones_get_nonlocal
561 fi
562 }
563
564 function zone_ports_list() {
565 local zone=${1}
566
567 local port
568 for port in $(zone_dir ${zone})/ports/*; do
569 [ -e "${port}" ] || continue
570
571 echo $(basename ${port})
572 done
573 }
574
575 function zone_ports_cmd() {
576 local cmd=${1}
577 local zone=${2}
578 shift 2
579
580 assert isset cmd
581 assert isset zone
582
583 assert zone_exists ${zone}
584
585 local hook=$(zone_get_hook ${zone})
586
587 local port
588 for port in $(zone_get_ports ${zone}); do
589 hook_zone_exec ${hook} ${cmd} ${zone} ${port} $@
590 done
591 }
592
593 function zone_ports_up() {
594 zone_ports_cmd port_up $@
595 }
596
597 function zone_ports_down() {
598 zone_ports_cmd port_down $@
599 }
600
601 function zone_ports_status() {
602 zone_ports_cmd port_status $@
603 }
604
605 function zone_configs_list() {
606 local zone=${1}
607
608 local config
609 for config in $(zone_dir ${zone})/configs/*; do
610 [ -e "${config}" ] || continue
611
612 basename ${config}
613 done
614 }
615
616 function zone_configs_cmd() {
617 local cmd=${1}
618 local zone=${2}
619 shift 2
620
621 local hook_zone=$(config_get_hook $(zone_dir ${zone})/settings)
622
623 local hook_config
624 local config
625 for config in $(zone_configs_list ${zone}); do
626 hook_config=$(config_get_hook $(zone_dir ${zone})/configs/${config})
627
628 hook_zone_config_exec ${hook_zone} ${hook_config} ${cmd} ${zone} ${config} $@
629 done
630 }
631
632 function zone_configs_up() {
633 zone_configs_cmd up $@
634 }
635
636 function zone_configs_down() {
637 zone_configs_cmd down $@
638 }
639
640 function zone_configs_status() {
641 zone_configs_cmd config_status $@
642 }
643
644 function zone_has_ip() {
645 device_has_ip $@
646 }
647
648 function zone_db() {
649 local zone=${1}
650 local action=${2}
651 shift 2
652
653 case "${action}" in
654 starting|started|stopping|stopped)
655 db_connection_update ${zone} ${action}
656 ;;
657 esac
658 }
659
660 function zone_is_up() {
661 local zone=${1}
662
663 device_is_up ${zone}
664 }
665
666 function zone_is_down() {
667 ! zone_is_up $@
668 }
669
670 function zone_get_supported_port_hooks() {
671 local zone=${1}
672
673 local hook=$(zone_get_hook ${zone})
674
675 hook_zone_ports_get_all ${hook}
676 }
677
678 function zone_get_supported_config_hooks() {
679 local zone=${1}
680
681 local hook=$(zone_get_hook ${zone})
682
683 hook_zone_configs_get_all ${hook}
684 }
685
686 function zone_file() {
687 local zone=${1}
688
689 assert isset zone
690
691 echo "$(zone_dir ${zone})/settings"
692 }
693
694 function zone_config_read() {
695 local zone=${1}
696
697 assert isset zone
698
699 # Save the HOOK variable.
700 local hook="${HOOK}"
701
702 config_read $(zone_file ${zone})
703
704 # Restore hook.
705 HOOK="${hook}"
706 }
707
708 function zone_config_write() {
709 local zone=${1}
710
711 assert isset zone
712
713 config_write $(zone_file ${zone}) ${HOOK_SETTINGS}
714 }
715
716 function zone_config_set() {
717 local zone=${1}
718 shift
719 local args="$@"
720
721 assert isset zone
722
723 (
724 zone_config_read ${zone}
725
726 for arg in ${args}; do
727 eval "${arg}"
728 done
729
730 zone_config_write ${zone}
731 )
732 }
733
734 function zone_config_get() {
735 local zone=${1}
736 local key=${2}
737
738 assert isset zone
739 assert isset key
740
741 (
742 zone_config_read ${zone}
743
744 echo "${!key}"
745 )
746 }
Stevee's network tree.