59 lines
1.2 KiB
Bash
Executable File
59 lines
1.2 KiB
Bash
Executable File
#!/usr/local/bin/bash
|
|
|
|
set -o errexit
|
|
set -o pipefail
|
|
set -o nounset
|
|
|
|
PFCTL="/sbin/pfctl"
|
|
FIREWALL_DIR="/etc/firewall"
|
|
TEMPFILE="$(/usr/bin/mktemp -t fw)"
|
|
PFCONF_PATH="${FIREWALL_DIR}/pf.conf"
|
|
PFCONF_PATH_TEMPLATE="${PFCONF_PATH}.in"
|
|
CAT="/bin/cat"
|
|
MV="/bin/mv"
|
|
|
|
isok() {
|
|
if [[ $1 = 0 ]]; then
|
|
if [[ $# -gt 1 ]]; then
|
|
if [[ $2 = "-q" ]]; then
|
|
:
|
|
else
|
|
echo "Unexpected argument: ${2}"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "[ OK ]"
|
|
fi
|
|
else
|
|
rm ${TEMPFILE}
|
|
echo "[ FAIL ]"
|
|
exit $1
|
|
fi
|
|
}
|
|
|
|
echo -n "Checking out new firewall configuration to ${FIREWALL_DIR}... "
|
|
GIT_WORK_TREE="${FIREWALL_DIR}" git checkout -f
|
|
isok $?
|
|
|
|
echo -n "Generating ${PFCONF_PATH}... "
|
|
[[ -e ${PFCONF_PATH_TEMPLATE} ]]
|
|
isok $? -q
|
|
${CAT} "${PFCONF_PATH_TEMPLATE}" > ${TEMPFILE}
|
|
isok $? -q
|
|
for rulefile in /etc/firewall/rules.d/*; do
|
|
echo 'include "'${rulefile}'"' >> ${TEMPFILE}
|
|
isok $? -q
|
|
done
|
|
isok $?
|
|
|
|
echo -n "Testing if new config is sane... "
|
|
${PFCTL} -nf ${TEMPFILE}
|
|
isok $? -q
|
|
${MV} ${TEMPFILE} ${PFCONF_PATH}
|
|
isok $?
|
|
|
|
echo -n "Loading new config... "
|
|
${PFCTL} -f ${PFCONF_PATH}
|
|
isok $?
|
|
|