2019-01-04 16:55:56 +01:00
|
|
|
#!/bin/sh
|
2019-01-07 14:47:05 +01:00
|
|
|
#
|
|
|
|
# Update firewall rules of <jailname> or all
|
|
|
|
# Usage: firewall <jailname>|all
|
|
|
|
#
|
2019-01-04 16:55:56 +01:00
|
|
|
|
2020-04-02 13:44:13 +02:00
|
|
|
# shellcheck source=./includes
|
2020-04-02 00:31:57 +02:00
|
|
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
2019-01-04 16:55:56 +01:00
|
|
|
|
2020-04-02 13:44:13 +02:00
|
|
|
jail_name="${1:?}"
|
2020-04-02 01:07:12 +02:00
|
|
|
|
2020-04-02 14:43:17 +02:00
|
|
|
if [ -z "${jail_name}" ]; then
|
2019-01-07 14:47:05 +01:00
|
|
|
"${LIBDIR}/bkctld-help" && exit 1
|
|
|
|
fi
|
2020-04-02 01:07:12 +02:00
|
|
|
jail_path=$(jail_path "${jail_name}")
|
|
|
|
|
|
|
|
iptables_input_accept() {
|
|
|
|
jail_name="${1}"
|
|
|
|
port="${2}"
|
|
|
|
ip="${3}"
|
2020-04-20 08:29:21 +02:00
|
|
|
debug "Accept \`${ip}:${port}' for jail \`${jail_name}'"
|
2020-04-02 01:07:12 +02:00
|
|
|
|
|
|
|
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail_name}"
|
|
|
|
}
|
2019-01-04 16:55:56 +01:00
|
|
|
|
|
|
|
if [ -n "${FIREWALL_RULES}" ]; then
|
2020-04-08 18:35:09 +02:00
|
|
|
# remove existing rules for this jail
|
2020-04-02 01:07:12 +02:00
|
|
|
[ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail_name}$/d" "${FIREWALL_RULES}"
|
|
|
|
if [ -d "${jail_path}" ]; then
|
|
|
|
port=$("${LIBDIR}/bkctld-port" "${jail_name}")
|
2020-04-08 18:35:09 +02:00
|
|
|
# Add a rule for each IP
|
2020-04-02 01:07:12 +02:00
|
|
|
for ip in $("${LIBDIR}/bkctld-ip" "${jail_name}"); do
|
|
|
|
iptables_input_accept "${jail_name}" "${port}" "${ip}" >> "${FIREWALL_RULES}"
|
2019-01-04 16:55:56 +01:00
|
|
|
done
|
2020-04-08 18:35:09 +02:00
|
|
|
# Restart the firewall
|
2019-01-04 16:55:56 +01:00
|
|
|
[ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
|
|
|
|
fi
|
2020-04-20 08:29:21 +02:00
|
|
|
notice "Firewall updated for jail \`${jail_name}'"
|
2020-04-08 18:35:09 +02:00
|
|
|
else
|
2020-04-20 08:29:21 +02:00
|
|
|
notice "Skip jail \`${jail_name}' : FIREWALL_RULES variable is empty."
|
2019-01-04 16:55:56 +01:00
|
|
|
fi
|