#!/bin/bash ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2012 IPFire Network Development Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### firewall_cli() { local protocol="${1}" assert isset protocol shift # Parse the command line while [ $# -gt 0 ]; do case "${1}" in -d|--debug) DEBUG=1 log DEBUG "Enabled debugging mode" ;; *) action=${1} ;; esac shift [ -n "${action}" ] && break done # Process the given action case "${action}" in start|restart|reload) firewall_start "${protocol}" "$@" ;; stop) firewall_stop "${protocol}" "$@" ;; show) firewall_show "${protocol}" "$@" ;; panic) firewall_cli_panic "${protocol}" "$@" ;; zone) firewall_cli_zone $@ ;; ""|help|--help|-h) cli_usage root exit ${EXIT_OK} ;; *) error "Invalid command given: ${action}" cli_usage usage exit ${EXIT_CONF_ERROR} ;; esac exit ${EXIT_OK} } firewall_cli_panic() { local protocol="${1}" assert isset protocol shift if cli_help_requested $@; then cli_show_man firewall-panic exit ${EXIT_OK} fi local admin_hosts while [ $# -gt 0 ]; do case "${1}" in *) if ip_is_valid ${1}; then admin_hosts="${admin_hosts} ${1}" else warning "Invalid IP address: ${1}" fi ;; esac shift done firewall_panic ${admin_hosts} } firewall_cli_settings() { if cli_help_requested $@; then cli_show_man firewall-settings exit ${EXIT_OK} fi if [ -n "${1}" ]; then settings_set "$@" firewall_settings_write else firewall_settings_print fi } firewall_cli_zone() { local protocol="${1}" assert isset protocol shift if cli_help_requested $@; then cli_show_man firewall-zone exit ${EXIT_OK} fi if zone_name_is_valid ${1}; then local zone=${1} local action=${2} shift 2 # Check if the given zone exists. if ! zone_exists ${zone}; then error "Zone '${zone}' does not exist." cli_run_help firewall zone exit ${EXIT_ERROR} fi # Process the given action. case "${action}" in edit) firewall_cli_zone_edit ${zone} $@ ;; status|"") firewall_cli_zone_status ${zone} $@ ;; # Print the raw configuration settings. show) firewall_zone_print ${zone} $@ exit ${EXIT_ERROR} ;; *) error "Unrecognized action: ${action}" cli_run_help firewall zone exit ${EXIT_ERROR} ;; esac else local action=${1} shift case "${action}" in reset) firewall_zone_reset $@ exit $? ;; *) error "Unrecognized action: ${action}" cli_run_help firewall zone exit ${EXIT_ERROR} ;; esac fi } # Show firewall zone conifguration. firewall_cli_zone_status() { local zone=${1} assert isset zone ( firewall_zone_read ${zone} cli_headline 1 "Zone ${zone} (policy ${POLICY})" cli_print_fmt1 1 "Masquerade" "$(cli_print_bool ${MASQUERADE})" cli_space ) exit ${EXIT_OK} } # Edit firewall zone configuration. firewall_cli_zone_edit() { firewall_zone_edit "$@" exit ${EXIT_OK} }