evobackup/lib/bkctld-firewall

#!/bin/sh
#
# Update firewall rules of <jailname> or all
# Usage: firewall <jailname>|all
#

# shellcheck source=./includes
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"

jail_name="${1:?}"

if [ -z "${jail_name}" ]; then
    "${LIBDIR}/bkctld-help" && exit 1
fi
jail_path=$(jail_path "${jail_name}")

iptables_input_accept() {
    jail_name="${1}"
    port="${2}"
    ip="${3}"

    echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail_name}"
}

if [ -n "${FIREWALL_RULES}" ]; then
    # remove existing rules for this jail
    [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail_name}$/d" "${FIREWALL_RULES}"
    if [ -d "${jail_path}" ]; then
        port=$("${LIBDIR}/bkctld-port" "${jail_name}")
        # Add a rule for each IP
        for ip in $("${LIBDIR}/bkctld-ip" "${jail_name}"); do
            iptables_input_accept "${jail_name}" "${port}" "${ip}" >> "${FIREWALL_RULES}"
        done
        # Restart the firewall
        [ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
    fi
    notice "${jail_name}: firewall rules have been updated."
else
    warning "${jail_name}: skipping firewall update, FIREWALL_RULES variable is empty."
fi
Move firewall functions into bkctld-firewall script 2019-01-04 16:55:56 +01:00			`#!/bin/sh`
Move usage functions into bkctld-help script * Usage output is now auto-generated 2019-01-07 14:47:05 +01:00			`#`
			`# Update firewall rules of <jailname> or all`
			`# Usage: firewall <jailname>\|all`
			`#`
Move firewall functions into bkctld-firewall script 2019-01-04 16:55:56 +01:00
fix shecllcheck source directives 2020-04-02 13:44:13 +02:00			`# shellcheck source=./includes`
rename lib/config to lib/includes 2020-04-02 00:31:57 +02:00			`LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"`
Move firewall functions into bkctld-firewall script 2019-01-04 16:55:56 +01:00
fix shecllcheck source directives 2020-04-02 13:44:13 +02:00			`jail_name="${1:?}"`
use new conventions 2020-04-02 01:07:12 +02:00
replace "! -n" test with "-z" 2020-04-02 14:43:17 +02:00			`if [ -z "${jail_name}" ]; then`
Move usage functions into bkctld-help script * Usage output is now auto-generated 2019-01-07 14:47:05 +01:00			`"${LIBDIR}/bkctld-help" && exit 1`
			`fi`
use new conventions 2020-04-02 01:07:12 +02:00			`jail_path=$(jail_path "${jail_name}")`

			`iptables_input_accept() {`
			`jail_name="${1}"`
			`port="${2}"`
			`ip="${3}"`

			`echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail_name}"`
			`}`
Move firewall functions into bkctld-firewall script 2019-01-04 16:55:56 +01:00
			`if [ -n "${FIREWALL_RULES}" ]; then`
Emit a warning if no firewall file is configured 2020-04-08 18:35:09 +02:00			`# remove existing rules for this jail`
use new conventions 2020-04-02 01:07:12 +02:00			`[ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail_name}$/d" "${FIREWALL_RULES}"`
			`if [ -d "${jail_path}" ]; then`
			`port=$("${LIBDIR}/bkctld-port" "${jail_name}")`
Emit a warning if no firewall file is configured 2020-04-08 18:35:09 +02:00			`# Add a rule for each IP`
use new conventions 2020-04-02 01:07:12 +02:00			`for ip in $("${LIBDIR}/bkctld-ip" "${jail_name}"); do`
			`iptables_input_accept "${jail_name}" "${port}" "${ip}" >> "${FIREWALL_RULES}"`
Move firewall functions into bkctld-firewall script 2019-01-04 16:55:56 +01:00			`done`
Emit a warning if no firewall file is configured 2020-04-08 18:35:09 +02:00			`# Restart the firewall`
Move firewall functions into bkctld-firewall script 2019-01-04 16:55:56 +01:00			`[ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null`
			`fi`
use new conventions 2020-04-02 01:07:12 +02:00			`notice "${jail_name}: firewall rules have been updated."`
Emit a warning if no firewall file is configured 2020-04-08 18:35:09 +02:00			`else`
			`warning "${jail_name}: skipping firewall update, FIREWALL_RULES variable is empty."`
Move firewall functions into bkctld-firewall script 2019-01-04 16:55:56 +01:00			`fi`