split configuration and includes

2021-09-14 12:37:04 +02:00 · 2021-09-14 12:37:04 +02:00 · a600d03ab4
parent 48983bfa2d
commit a600d03ab4
1 changed files with 23 additions and 23 deletions
--- a/46
+++ b/46
@ -35,10 +35,13 @@ NAME="minifirewall"

 set -u

-
 # Variables configuration
 #########################

+legacy_config_file="/etc/firewall.rc"
+config_file="/etc/default/minifirewall"
+includes_dir="/etc/minifirewall.d"
+
 # iptables paths
 IPT=$(command -v iptables)
 if [ -z "${IPT}" ]; then
@ -92,14 +95,6 @@ PROXYBYPASS=''
 PROXYPORT=''
 BACKUPSERVERS=''

-legacy_config_file="/etc/firewall.rc"
-config_file="/etc/default/minifirewall"
-includes_dir="/etc/minifirewall.d"
-
-IPV6=$(grep "IPV6=" "${config_file}" | awk -F '=' -F "'" '{print $2}')
-DOCKER=$(grep "DOCKER=" "${config_file}" | awk -F '='  -F "'" '{print $2}')
-INT=$(grep "INT=" "${config_file}" | awk -F '='  -F "'" '{print $2}')
-
 is_ipv6_enabled() {
    test "${IPV6}" != "off"
 }
@ -135,7 +130,7 @@ source_file_or_error() {
 }
 source_configuration() {
    if test -f ${legacy_config_file}; then
-        echo "${legacy_config_file} is deprecated, rename to ${config_file}" >&2
+        echo "${legacy_config_file} is deprecated. Rename it to ${config_file}" >&2
        exit 1
    fi

@ -144,10 +139,17 @@ source_configuration() {
        exit 1
    fi

-    source_file_or_error ${config_file}
+    if grep -e iptables -e ip6tables "${config_file}" | grep -qvE "^#"; then
+        echo "iptables/ip6tables commands found in ${config_file}." >&2
+        echo "Move them in included files (in ${includes_dir})." >&2
+        exit 1
+    fi

+    source_file_or_error ${config_file}
+}
+source_includes() {
    if [ -d "${includes_dir}" ]; then
-        include_files=$(find ${includes_dir} -type f -readable -not -name '*.*' | sort)
+        include_files=$(find ${includes_dir} -type f -readable -not -name '*.*' | sort -h)
        for include_file in ${include_files}; do
            source_file_or_error "${include_file}"
        done
@ -161,7 +163,6 @@ start() {
    set -e
    trap 'echo "ERROR in minifirewall configuration (fix it now!) or script manipulation (fix yourself)." ' INT TERM EXIT

-
    # sysctl network security settings
    ##################################

@ -217,8 +218,6 @@ start() {
        ${IPT6} -A LOG_ACCEPT -j ACCEPT
    fi

-    source_configuration
-
    # Trusted ip addresses
    ${IPT} -N ONLYTRUSTED
    ${IPT} -A ONLYTRUSTED -j LOG_DROP
@ -616,6 +615,9 @@ start() {
        ${IPT6} -A OUTPUT -p udp -j DROP
    fi

+    # Source files present in optional directory
+    source_includes
+
    trap - INT TERM EXIT

    echo "...starting IPTables rules is now finish : OK"
@ -726,37 +728,35 @@ reset() {
    echo "...reseting IPTables counters is now finish : OK"
 }

-case "$1" in
+echo "${NAME} version ${VERSION}"
+source_configuration
+
+case "${1:-''}" in
    start)
-        echo "${NAME} version ${VERSION}"
        start
    ;;

    stop)
-        echo "${NAME} version ${VERSION}"
        stop
    ;;

    status)
-        echo "${NAME} version ${VERSION}"
        status
    ;;

    reset)
-        echo "${NAME} version ${VERSION}"
        reset
    ;;

    restart)
-        echo "${NAME} version ${VERSION}"
        stop
        start
    ;;

    *)
-        echo "${NAME} version ${VERSION}"
-        echo "Usage: $0 {start|stop|restart|status|reset}"
+        echo "Usage: $0 {start|stop|restart|status|reset}" 
        exit 1
+    ;;
 esac

 exit 0