72 lines
1.2 KiB
Bash
Executable File
72 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -o errexit
|
|
set -o pipefail
|
|
set -o nounset
|
|
|
|
export PATH="/sbin:/usr/sbin:/bin:/usr/bin"
|
|
. "$(dirname ${0})"/fw.globals
|
|
|
|
fw_usage() {
|
|
echo "${0} <apply|restore|test>"
|
|
}
|
|
|
|
fw_apply() {
|
|
fw_flush
|
|
. "$(dirname ${0})"/lib/loadrules.bash
|
|
for rule_file in $(dirname ${0})/rules/*; do
|
|
echo -n "[rules] $(basename ${rule_file}): "
|
|
loadrules ${rule_file}
|
|
echo "OK"
|
|
done
|
|
}
|
|
|
|
fw_restore() {
|
|
echo "!!! Restoring previous firewall state"
|
|
iptables-restore --counters < /var/lib/firewall-backups/latest
|
|
}
|
|
|
|
fw_test() {
|
|
for test_script in $(dirname ${0})/tests/*; do
|
|
if [[ -x ${test_script} ]]; then
|
|
echo -n "[test] $(basename ${test_script}): "
|
|
${test_script}
|
|
echo "OK"
|
|
fi
|
|
done
|
|
}
|
|
|
|
fw_flush() {
|
|
# We don't use (yet?) these tables: raw, security
|
|
for table in filter nat mangle; do
|
|
iptables --table ${table} --flush
|
|
done
|
|
}
|
|
|
|
if [[ ! $# -eq 1 ]]; then
|
|
fw_usage
|
|
exit 1
|
|
fi
|
|
|
|
case ${1} in
|
|
apply)
|
|
fw_apply
|
|
;;
|
|
flush)
|
|
fw_flush
|
|
;;
|
|
restore)
|
|
fw_restore
|
|
;;
|
|
test)
|
|
fw_test
|
|
;;
|
|
*)
|
|
fw_usage
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
exit 0
|
|
|