mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-18 17:27:20 +01:00
15bab71f49
single object negation in "Inbound Interface" and "Outbound Interface" columns in compiler for iptables. * NATCompiler_pf.cpp (compile): see #2456 Added support for single object negation in "Interface" rule element of PF NAT rules. Now compiler can produce PF commands such as "nat on ! em0 ... " (for PF <4.7) or "match on ! em0 ..." (for PF >= 4.7) * Compiler.cpp (singleObjectNegation::processNext): moved rule processor that processes single object negation in any rule element to the base class Compiler.
98 lines
1.7 KiB
Bash
Executable File
98 lines
1.7 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# This is automatically generated file. DO NOT MODIFY !
|
|
#
|
|
# Firewall Builder fwb_pf v5.0.0.3547
|
|
#
|
|
# Generated Fri Jun 3 17:49:27 2011 PDT by vadim
|
|
#
|
|
# files: * firewall21.fw /etc/fw/firewall21.fw
|
|
# files: firewall21.conf /etc/fw/firewall21.conf
|
|
# files: firewall21-NAT_1.conf /etc/fw/firewall21-NAT_1.conf
|
|
#
|
|
# Compiled for pf 4.0
|
|
#
|
|
# branching in NAT rules
|
|
# PF v4.0-4.2
|
|
|
|
# firewall21:ftp-proxy/*:: warning: The name of the NAT ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
|
|
# firewall21:ftp-proxy/*:: warning: The name of the Policy ruleset ftp-proxy/* ends with '/*', assuming it is externally controlled and skipping it.
|
|
|
|
# firewall21:NAT:3: warning: Translated Src, Dst and Srv are ignored in the NAT rule with action 'Branch'
|
|
|
|
|
|
|
|
FWDIR=`dirname $0`
|
|
|
|
IFCONFIG="/sbin/ifconfig"
|
|
PFCTL="/usr/local/bin/pfctl"
|
|
IPFW="/sbin/ipfw"
|
|
IPF="/sbin/ipf"
|
|
IPNAT="/sbin/ipnat"
|
|
SYSCTL="/sbin/sysctl"
|
|
LOGGER="/usr/bin/logger"
|
|
|
|
log() {
|
|
echo "$1"
|
|
command -v "$LOGGER" >/dev/null 2>&1 && $LOGGER -p info "$1"
|
|
}
|
|
|
|
diff_intf() {
|
|
func=$1
|
|
list1=$2
|
|
list2=$3
|
|
cmd=$4
|
|
for intf in $list1
|
|
do
|
|
echo $list2 | grep -q $intf || {
|
|
# $vlan is absent in list 2
|
|
$func $intf $cmd
|
|
}
|
|
done
|
|
}
|
|
|
|
verify_interfaces() {
|
|
:
|
|
|
|
}
|
|
|
|
set_kernel_vars() {
|
|
:
|
|
|
|
}
|
|
|
|
prolog_commands() {
|
|
:
|
|
|
|
}
|
|
|
|
epilog_commands() {
|
|
:
|
|
|
|
}
|
|
|
|
run_epilog_and_exit() {
|
|
epilog_commands
|
|
exit $1
|
|
}
|
|
|
|
configure_interfaces() {
|
|
:
|
|
|
|
}
|
|
|
|
log "Activating firewall script generated Fri Jun 3 17:49:27 2011 by vadim"
|
|
|
|
set_kernel_vars
|
|
configure_interfaces
|
|
prolog_commands
|
|
|
|
$PFCTL -f /etc/fw/firewall21.conf || exit 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
epilog_commands |