evolix/minifirewall
21
0
Fork 0
Code Issues 4 Pull requests 3 Releases 1 Activity

Extract main functions

Browse source
This commit is contained in:
Jérémy Lecour 2021-05-22 09:23:14 +02:00 committed by Jérémy Lecour
parent c48534146a
commit 72e3729a78
1 changed files with 325 additions and 311 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
minifirewall
View file

@ -51,13 +51,6 @@ BROAD='255.255.255.255'
PORTSROOT='0:1023' PORTSROOT='0:1023'
PORTSUSER='1024:65535' PORTSUSER='1024:65535'
chain_exists()
{
local chain_name="$1" ; shift
[ $# -eq 1 ] && local intable="--table $1"
iptables $intable -nL "$chain_name" >/dev/null 2>&1
}
# Configuration # Configuration
oldconfigfile="/etc/firewall.rc" oldconfigfile="/etc/firewall.rc"
configfile="/etc/default/minifirewall" configfile="/etc/default/minifirewall"
@ -67,9 +60,28 @@ IPV6=$(grep "IPV6=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
DOCKER=$(grep "DOCKER=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}') DOCKER=$(grep "DOCKER=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
INT=$(grep "INT=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}') INT=$(grep "INT=" /etc/default/minifirewall | awk -F '=' -F "'" '{print $2}')
case "$1" in chain_exists()
start) {
local chain_name="$1" ; shift
[ $# -eq 1 ] && local intable="--table $1"
iptables $intable -nL "$chain_name" >/dev/null 2>&1
}
source_file_or_error() {
file=$1
echo "...sourcing '${file}\`"
tmpfile=$(mktemp --tmpdir=/tmp minifirewall.XXX)
. ${file} 2>${tmpfile} >&2
if [ -s ${tmpfile} ]; then
echo "${file} returns standard or error output (see below). Stopping." >&2
cat ${tmpfile}
exit 1
fi
rm ${tmpfile}
}
start() {
echo "Start IPTables rules..." echo "Start IPTables rules..."
# Stop and warn if error! # Stop and warn if error!
@ -134,19 +146,8 @@ if ! test -f $configfile; then
exit 1 exit 1
fi fi
source_file_or_error() {
file=$1
echo "...sourcing '${file}\`"
tmpfile=$(mktemp --tmpdir=/tmp minifirewall.XXX)
. ${file} 2>${tmpfile} >&2
if [ -s ${tmpfile} ]; then
echo "${file} returns standard or error output (see below). Stopping." >&2
cat ${tmpfile}
exit 1
fi
rm ${tmpfile}
}
source_file_or_error ${configfile} source_file_or_error ${configfile}
if [ -d "${includesdir}" ]; then if [ -d "${includesdir}" ]; then
includefiles=$(find ${includesdir} -type f -readable -not -name '*.*') includefiles=$(find ${includesdir} -type f -readable -not -name '*.*')
for includefile in ${includefiles}; do for includefile in ${includefiles}; do
@ -416,10 +417,9 @@ $IPT -A OUTPUT -p udp -j DROP
trap - INT TERM EXIT trap - INT TERM EXIT
echo "...starting IPTables rules is now finish : OK" echo "...starting IPTables rules is now finish : OK"
;; }
stop)
stop() {
echo "Flush all rules and accept everything..." echo "Flush all rules and accept everything..."
# Delete all rules # Delete all rules
@ -465,19 +465,17 @@ trap - INT TERM EXIT
$IPT -X NEEDRESTRICT $IPT -X NEEDRESTRICT
echo "...flushing IPTables rules is now finish : OK" echo "...flushing IPTables rules is now finish : OK"
;; }
status)
status() {
$IPT -L -n -v --line-numbers $IPT -L -n -v --line-numbers
$IPT -t nat -L -n -v --line-numbers $IPT -t nat -L -n -v --line-numbers
$IPT -t mangle -L -n -v --line-numbers $IPT -t mangle -L -n -v --line-numbers
$IPT6 -L -n -v --line-numbers $IPT6 -L -n -v --line-numbers
$IPT6 -t mangle -L -n -v --line-numbers $IPT6 -t mangle -L -n -v --line-numbers
;; }
reset)
reset() {
echo "Reset all IPTables counters..." echo "Reset all IPTables counters..."
$IPT -Z $IPT -Z
@ -487,12 +485,28 @@ trap - INT TERM EXIT
[ "$IPV6" != "off" ] && $IPT6 -t mangle -Z [ "$IPV6" != "off" ] && $IPT6 -t mangle -Z
echo "...reseting IPTables counters is now finish : OK" echo "...reseting IPTables counters is now finish : OK"
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
reset)
reset
;; ;;
restart) restart)
stop
$0 stop start
$0 start
;; ;;
*) *)