diff options
| author | Robert Gerus <arachnist@i.am-a.cat> | 2013-08-25 23:33:34 +0200 |
|---|---|---|
| committer | Robert Gerus <arachnist@i.am-a.cat> | 2013-08-25 23:33:34 +0200 |
| commit | 98ed8fec9cbfa6f05518562440289792c62f6479 (patch) | |
| tree | 5d14d4bbf2573210250f260f4615bf3cd4d7453c | |
| parent | 3ddcb48412ce9be9cbb4d0213d894a517b23ef27 (diff) | |
| download | hs-fw-98ed8fec9cbfa6f05518562440289792c62f6479.tar.gz hs-fw-98ed8fec9cbfa6f05518562440289792c62f6479.tar.bz2 hs-fw-98ed8fec9cbfa6f05518562440289792c62f6479.tar.xz hs-fw-98ed8fec9cbfa6f05518562440289792c62f6479.zip | |
Add the post-receive hook to the repository, for reference.
| -rwxr-xr-x | hooks/post-receive | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/hooks/post-receive b/hooks/post-receive new file mode 100755 index 0000000..9c2838b --- /dev/null +++ b/hooks/post-receive @@ -0,0 +1,58 @@ +#!/usr/local/bin/bash + +set -o errexit +set -o pipefail +set -o nounset + +PFCTL="/sbin/pfctl" +FIREWALL_DIR="/etc/firewall" +TEMPFILE="$(/usr/bin/mktemp -t fw)" +PFCONF_PATH="${FIREWALL_DIR}/pf.conf" +PFCONF_PATH_TEMPLATE="${PFCONF_PATH}.in" +CAT="/bin/cat" +MV="/bin/mv" + +isok() { + if [[ $1 = 0 ]]; then + if [[ $# -gt 1 ]]; then + if [[ $2 = "-q" ]]; then + : + else + echo "Unexpected argument: ${2}" + exit 1 + fi + else + echo "[ OK ]" + fi + else + rm ${TEMPFILE} + echo "[ FAIL ]" + exit $1 + fi +} + +echo -n "Checking out new firewall configuration to ${FIREWALL_DIR}... " +GIT_WORK_TREE="${FIREWALL_DIR}" git checkout -f +isok $? + +echo -n "Generating ${PFCONF_PATH}... " +[[ -e ${PFCONF_PATH_TEMPLATE} ]] +isok $? -q +${CAT} "${PFCONF_PATH_TEMPLATE}" > ${TEMPFILE} +isok $? -q +for rulefile in /etc/firewall/rules.d/*; do + echo 'include "'${rulefile}'"' >> ${TEMPFILE} + isok $? -q +done + +${MV} ${TEMPFILE} ${PFCONF_PATH} +isok $? + +echo -n "Testing if new config is sane... " +${PFCTL} -nf ${PFCONF_PATH} +isok $? + +echo -n "Loading new config... " +${PFCTL} -f ${PFCONF_PATH} +isok $? + |