summaryrefslogtreecommitdiffstats
path: root/fw.sh
blob: 719f222513d7977b3d706af7cd3f8262077c77cd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/bash

set -o errexit
set -o pipefail
set -o nounset

export PATH="/sbin:/usr/sbin:/bin:/usr/bin"
. "$(dirname ${0})"/fw.globals

fw_usage() {
    echo "${0} <apply|restore|test>"
}

fw_apply() {
    fw_flush
    . "$(dirname ${0})"/lib/loadrules.bash
    for rule_file in $(dirname ${0})/rules/*; do
        echo -n "[rules] $(basename ${rule_file}): "
        loadrules ${rule_file}
        echo "OK"
    done
}

fw_restore() {
    echo "!!! Restoring previous firewall state"
    iptables-restore --counters < /var/lib/firewall-backups/latest
}

fw_test() {
    for test_script in $(dirname ${0})/tests/*; do
        if [[ -x ${test_script} ]]; then
            echo -n "[test] $(basename ${test_script}): "
            ${test_script}
            echo "OK"
        fi
    done
}

fw_flush() {
    # We don't use (yet?) these tables: raw, security
    for table in filter nat mangle; do
        iptables --table ${table} --flush
    done
}

if [[ ! $# -eq 1 ]]; then
    fw_usage
    exit 1
fi

case ${1} in
    apply)
        fw_apply
        ;;
    flush)
        fw_flush
        ;;
    restore)
        fw_restore
        ;;
    test)
        fw_test
        ;;
    *)
        fw_usage
        exit 1
        ;;
esac

exit 0