#!/bin/sh
#
#  This is automatically generated file. DO NOT MODIFY !
#
#  Firewall Builder  fwb_pf v5.0.0.3547
#
#  Generated Fri Jun  3 17:49:25 2011 PDT by vadim
#
# files: * firewall13.fw /etc/fw/firewall13.fw
# files:   firewall13.conf /etc/fw/firewall13.conf
#
# Compiled for pf 
#
# testing detection of empty groups

# firewall13:NAT:0: warning: Empty group or address table object 'egroup'
# firewall13:NAT:0: warning: After removal of all empty groups and address table objects rule element OSrc becomes 'any' in the rule 0 (NAT)
# Dropping rule 0 (NAT) because option 'Ignore rules with empty groups' is in effect
# firewall13:NAT:1: warning: Empty group or address table object 'egroup'
# firewall13:NAT:2: warning: Empty group or address table object 'sgroup'
# firewall13:NAT:2: warning: After removal of all empty groups and address table objects rule element OSrv becomes 'any' in the rule 2 (NAT)
# Dropping rule 2 (NAT) because option 'Ignore rules with empty groups' is in effect

# firewall13:Policy:0: warning: Empty group or address table object 'egroup2'
# firewall13:Policy:1: warning: Empty group or address table object 'sgroup'
# firewall13:Policy:1: warning: After removal of all empty groups and address table objects rule element Srv becomes 'any' in the rule 1 (global)
# Dropping rule 1 (global) because option 'Ignore rules with empty groups' is in effect



FWDIR=`dirname $0`

IFCONFIG="/sbin/ifconfig"
PFCTL="/sbin/pfctl"
SYSCTL="/sbin/sysctl"
LOGGER="/usr/bin/logger"

log() {
    echo "$1"
    command -v "$LOGGER" >/dev/null 2>&1 && $LOGGER -p info "$1"
}

diff_intf() {
    func=$1
    list1=$2
    list2=$3
    cmd=$4
    for intf in $list1
    do
        echo $list2 | grep -q $intf || {
        # $vlan is absent in list 2
            $func $intf $cmd
        }
    done
}

verify_interfaces() {
    :
    
}

set_kernel_vars() {
    :
    $SYSCTL -w net.inet.ip.directed-broadcast=0
    $SYSCTL -w net.inet.ip.forwarding=1

    $SYSCTL -w net.inet.ip.sourceroute=0
    $SYSCTL -w net.inet.ip.redirect=0
}

prolog_commands() {
    :
    
}

epilog_commands() {
    :
    
}

run_epilog_and_exit() {
    epilog_commands
    exit $1
}

configure_interfaces() {
    :
    
}

log "Activating firewall script generated Fri Jun  3 17:49:25 2011 by vadim"

set_kernel_vars
configure_interfaces
prolog_commands

$PFCTL    -f /etc/fw/firewall13.conf || exit 1





epilog_commands