old-firewall/fw.sh

#!/bin/bash

set -o errexit
set -o pipefail
set -o nounset

export PATH="/sbin:/usr/sbin:/bin:/usr/bin"
. "$(dirname ${0})"/fw.globals

fw_usage() {
    echo "${0} <apply|restore|test>"
}

fw_apply() {
    fw_flush
    . "$(dirname ${0})"/lib/loadrules.bash
    for rule_file in $(dirname ${0})/rules/*; do
        echo -n "[rules] $(basename ${rule_file}): "
        loadrules ${rule_file}
        echo "OK"
    done
}

fw_restore() {
    echo "!!! Restoring previous firewall state"
    iptables-restore --counters < /var/lib/firewall-backups/latest
}

fw_test() {
    for test_script in $(dirname ${0})/tests/*; do
        if [[ -x ${test_script} ]]; then
            echo -n "[test] $(basename ${test_script}): "
            ${test_script}
            echo "OK"
        fi
    done
}

fw_flush() {
    # We don't use (yet?) these tables: raw, security
    for table in filter nat mangle; do
        iptables --table ${table} --flush
    done
}

if [[ ! $# -eq 1 ]]; then
    fw_usage
    exit 1
fi

case ${1} in
    apply)
        fw_apply
        ;;
    flush)
        fw_flush
        ;;
    restore)
        fw_restore
        ;;
    test)
        fw_test
        ;;
    *)
        fw_usage
        exit 1
        ;;
esac

exit 0
1st commit - stub fw.sh, just to make hooks pass 2013-03-11 01:00:08 +00:00			`#!/bin/bash`

added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`set -o errexit`
			`set -o pipefail`
			`set -o nounset`

Make sure our $PATH is sane. 2013-03-11 08:54:58 +00:00			`export PATH="/sbin:/usr/sbin:/bin:/usr/bin"`
Added some global variables to make rule creating easier, and updated rules/tests to use them 2013-03-11 10:55:30 +00:00			`. "$(dirname ${0})"/fw.globals`
Make sure our $PATH is sane. 2013-03-11 08:54:58 +00:00
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`fw_usage() {`
Make the fw.sh script run tests 2013-03-11 02:39:18 +00:00			`echo "${0} <apply\|restore\|test>"`
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`}`

			`fw_apply() {`
First rules to be loaded! :) 2013-03-11 08:32:52 +00:00			`fw_flush`
Whoops - that was a brainfart 2013-03-11 08:34:51 +00:00			`. "$(dirname ${0})"/lib/loadrules.bash`
First rules to be loaded! :) 2013-03-11 08:32:52 +00:00			`for rule_file in $(dirname ${0})/rules/*; do`
			`echo -n "[rules] $(basename ${rule_file}): "`
Whoops - that was a brainfart 2013-03-11 08:34:51 +00:00			`loadrules ${rule_file}`
First rules to be loaded! :) 2013-03-11 08:32:52 +00:00			`echo "OK"`
			`done`
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`}`

			`fw_restore() {`
Add a bit of formating 2013-03-11 08:39:08 +00:00			`echo "!!! Restoring previous firewall state"`
Make sure our $PATH is sane. 2013-03-11 08:54:58 +00:00			`iptables-restore --counters < /var/lib/firewall-backups/latest`
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`}`

			`fw_test() {`
I really really need some sleep. Stupid brainfarts 2013-03-11 02:45:59 +00:00			`for test_script in $(dirname ${0})/tests/*; do`
First rules to be loaded! :) 2013-03-11 08:32:52 +00:00			`if [[ -x ${test_script} ]]; then`
			`echo -n "[test] $(basename ${test_script}): "`
Whoops - that was a brainfart 2013-03-11 08:34:51 +00:00			`${test_script}`
First rules to be loaded! :) 2013-03-11 08:32:52 +00:00			`echo "OK"`
			`fi`
Make the fw.sh script run tests 2013-03-11 02:39:18 +00:00			`done`
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`}`

			`fw_flush() {`
small fixes 2013-03-23 05:32:56 +00:00			`# We don't use (yet?) these tables: raw, security`
Whoops, we don't have raw or security yet. 2013-03-11 09:01:44 +00:00			`for table in filter nat mangle; do`
include all tables in flush 2013-03-11 09:00:33 +00:00			`iptables --table ${table} --flush`
			`done`
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`}`

Don't err with no parameters 2013-03-23 05:28:37 +00:00			`if [[ ! $# -eq 1 ]]; then`
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`fw_usage`
			`exit 1`
			`fi`

I really really need some sleep. Stupid brainfarts 2013-03-11 02:45:59 +00:00			`case ${1} in`
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`apply)`
			`fw_apply`
			`;;`
small fixes 2013-03-23 05:32:56 +00:00			`flush)`
			`fw_flush`
			`;;`
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`restore)`
			`fw_restore`
			`;;`
			`test)`
I really need some sleep 2013-03-11 02:41:22 +00:00			`fw_test`
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00			`;;`
			`*)`
			`fw_usage`
			`exit 1`
			`;;`
			`esac`

1st commit - stub fw.sh, just to make hooks pass 2013-03-11 01:00:08 +00:00			`exit 0`
added a bit of structure to fw.sh 2013-03-11 01:24:06 +00:00