From: Michael Tremer Date: Sun, 5 May 2013 16:47:29 +0000 (+0200) Subject: firewall: Re-unity firewall6/4 configuration again. X-Git-Tag: 007~142^2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1206f44c8c0843315608fd030a742e16d7b43bd8;p=network.git firewall: Re-unity firewall6/4 configuration again. --- diff --git a/Makefile b/Makefile index 0111ad1b..ff79ad8c 100644 --- a/Makefile +++ b/Makefile @@ -104,6 +104,7 @@ install: $(MAN_PAGES) -mkdir -pv $(DESTDIR)$(tmpfilesdir) -mkdir -pv $(DESTDIR)$(datadir)/firewall + install -m 755 -v firewall-config $(DESTDIR)$(sbindir) install -m 755 -v firewall6 $(DESTDIR)$(sbindir) install -m 755 -v firewall4 $(DESTDIR)$(sbindir) install -m 755 -v network $(DESTDIR)$(sbindir) diff --git a/firewall-config b/firewall-config new file mode 100755 index 00000000..d8d8d4f2 --- /dev/null +++ b/firewall-config @@ -0,0 +1,29 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2012 IPFire Network Development Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +. /usr/lib/network/functions + +# Read firewall configuration. +firewall_config_read + +firewall_cli_config "$@" + +exit ${EXIT_ERROR} diff --git a/firewall4 b/firewall4 index 68fa8aea..5de6bfa9 100755 --- a/firewall4 +++ b/firewall4 @@ -22,7 +22,7 @@ . /usr/lib/network/functions # Read firewall configuration. -firewall_config_read "ipv4" +firewall_config_read firewall_cli "ipv4" "$@" diff --git a/firewall6 b/firewall6 index 74afeef6..70ae2ffe 100755 --- a/firewall6 +++ b/firewall6 @@ -22,7 +22,7 @@ . /usr/lib/network/functions # Read firewall configuration. -firewall_config_read "ipv6" +firewall_config_read firewall_cli "ipv6" "$@" diff --git a/functions.cli.firewall b/functions.cli.firewall index 39f0a434..7d3557d2 100755 --- a/functions.cli.firewall +++ b/functions.cli.firewall @@ -57,10 +57,6 @@ function firewall_cli() { firewall_cli_panic "${protocol}" "$@" ;; - config) - firewall_cli_config "${protocol}" $@ - ;; - zone) firewall_cli_zone $@ ;; @@ -108,20 +104,16 @@ function firewall_cli_panic() { } function firewall_cli_config() { - local protocol="${1}" - assert isset protocol - shift - if cli_help_requested $@; then - cli_usage root-config + cli_show_man firewall-config exit ${EXIT_OK} fi if [ -n "${1}" ]; then config_set "$@" - firewall_config_write "${protocol}" + firewall_config_write else - firewall_config_print "${protocol}" + firewall_config_print fi } diff --git a/functions.config b/functions.config index 11e92466..f0023580 100644 --- a/functions.config +++ b/functions.config @@ -218,60 +218,14 @@ function network_config_print() { config_print ${NETWORK_CONFIG_FILE_PARAMS} } -function firewall_config_file() { - local protocol="${1}" - assert isset protocol - - local file - case "${protocol}" in - ipv6) - file="${FIREWALL6_CONFIG_FILE}" - ;; - ipv4) - file="${FIREWALL4_CONFIG_FILE}" - ;; - esac - assert isset file - - print "${file}" - return ${EXIT_OK} -} - -function firewall_config_env() { - local protocol="${1}" - assert isset protocol - - case "${protocol}" in - ipv6) - file="${FIREWALL6_CONFIG_FILE}" - params="${FIREWALL6_CONFIG_PARAMS}" - ;; - ipv4) - file="${FIREWALL4_CONFIG_FILE}" - params="${FIREWALL4_CONFIG_PARAMS}" - ;; - esac - assert isset file - assert isset params -} - function firewall_config_read() { - local file params - firewall_config_env "$@" - - config_read "${file}" "${params}" + config_read "${FIREWALL_CONFIG_FILE}" "${FIREWALL_CONFIG_PARAMS}" } function firewall_config_write() { - local file params - firewall_config_env "$@" - - config_write "${file}" "${params}" + config_write "${FIREWALL_CONFIG_FILE}" "${FIREWALL_CONFIG_PARAMS}" } function firewall_config_print() { - local file params - firewall_config_env "$@" - - config_print "${params}" + config_print "${FIREWALL_CONFIG_PARAMS}" } diff --git a/functions.constants-firewall b/functions.constants-firewall index 365ffd23..41b1ac20 100644 --- a/functions.constants-firewall +++ b/functions.constants-firewall @@ -25,8 +25,7 @@ IPTABLES_TMPDIR= FIREWALL_CONFIG_DIR="/etc/firewall" FIREWALL_ZONES_DIR="${FIREWALL_CONFIG_DIR}/zones" -FIREWALL4_CONFIG_FILE="${FIREWALL_CONFIG_DIR}/config4" -FIREWALL6_CONFIG_FILE="${FIREWALL_CONFIG_DIR}/config6" +FIREWALL_CONFIG_FILE="${FIREWALL_CONFIG_DIR}/config" FIREWALL_CONFIG_RULES="${FIREWALL_CONFIG_DIR}/rules" FIREWALL_MACROS_DIRS="${FIREWALL_CONFIG_DIR}/macros" @@ -86,9 +85,6 @@ FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_PMTU_DISCOVERY" FIREWALL_DEFAULT_TTL="64" FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_DEFAULT_TTL" -FIREWALL4_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS}" -FIREWALL6_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS}" - FIREWALL_SUPPORTED_PROTOCOLS="tcp udp icmp igmp esp ah gre" FIREWALL_PROTOCOLS_SUPPORTING_PORTS="tcp udp" diff --git a/helpers/firewall-kernel-init b/helpers/firewall-kernel-init index 4cac4a04..dba615d3 100755 --- a/helpers/firewall-kernel-init +++ b/helpers/firewall-kernel-init @@ -21,6 +21,9 @@ . /usr/lib/network/functions +# Read firewall configuration. +firewall_config_read + # Initialize kernel parameters for the firewall. firewall_kernel_init