onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-02 07:07:32 +02:00
Code Issues Releases Wiki Activity
fwbuilder/test/pf/firewall62.fw.orig
Vadim Kurland 7a614b0908 see #2638 "When CARP password is empty the advskew value is not 
read". Should skip "pass <word>" parameter of the ifconfig command
that creates carp interface if user did not set up any password.
2011-08-11 16:55:08 -07:00

210 lines
5.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v5.0.1.3574
#
# Generated Thu Aug 11 16:51:41 2011 PDT by vadim
#
# files: * firewall62.fw /etc/firewall62.fw
# files: firewall62.conf /etc/firewall62.conf
#
# Compiled for pf 4.0
#
# testing rules using UserService object
# Note that iptables does not allow entering
# iptables command that tries to match using module 'owner' in any chain
# other than OUTPUT. This includes user defined chains too (it checks
# how control passes to user defined chain and blocks command if
# it appears that user defined chain gets control not from OUTPUT)
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '3 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '3 (global)' below it
# firewall62:Policy:3: error: Rule '3 (global)' shadows rule '4 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '4 (global)' below it
# firewall62:Policy:3: error: Rule '3 (global)' shadows rule '4 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '4 (global)' below it
# firewall62:Policy:3: error: Rule '3 (global)' shadows rule '5 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '5 (global)' below it
# firewall62:Policy:3: error: Rule '3 (global)' shadows rule '5 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '5 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '6 (global)' below it
# firewall62:Policy:8: error: Rule '8 (global)' shadows rule '9 (global)' below it
# firewall62:Policy:8: error: Rule '8 (global)' shadows rule '9 (global)' below it
# firewall62:Policy:8: error: Rule '8 (global)' shadows rule '10 (global)' below it
# firewall62:Policy:8: error: Rule '8 (global)' shadows rule '10 (global)' below it
# firewall62:Policy:1: warning: Changing rule direction due to self reference
# firewall62:Policy:2: warning: Changing rule direction due to self reference
# firewall62:Policy:4: warning: Changing rule direction due to self reference
# firewall62:Policy:8: warning: Changing rule direction due to self reference
# firewall62:Policy:9: warning: Changing rule direction due to self reference
# firewall62:Policy:12: warning: Changing rule direction due to self reference
FWDIR=`dirname $0`
IFCONFIG="/sbin/ifconfig"
PFCTL="/sbin/pfctl"
SYSCTL="/sbin/sysctl"
LOGGER="/usr/bin/logger"
log() {
echo "$1"
command -v "$LOGGER" >/dev/null 2>&1 && $LOGGER -p info "$1"
}
diff_intf() {
func=$1
list1=$2
list2=$3
cmd=$4
for intf in $list1
do
echo $list2 | grep -q $intf || {
# $vlan is absent in list 2
$func $intf $cmd
}
done
}
missing_address() {
address=$1
cmd=$2
oldIFS=$IFS
IFS="@"
set $address
addr=$1
interface=$2
IFS=$oldIFS
if echo "$addr" | grep -q ':'
then
inet="inet6"
addr=$(echo "$addr" | sed 's!/! prefixlen !')
else
inet="inet"
addr=$(echo "$addr" | sed 's!/! netmask !')
fi
parameter=""
test "$cmd" = "add" && {
echo "# Adding ip address: $interface $addr"
parameter="alias"
}
test "$cmd" = "del" && {
echo "# Removing ip address: $interface $addr"
parameter="delete"
}
$FWBDEBUG $IFCONFIG $interface $inet $addr $parameter || exit 1
$FWBDEBUG $IFCONFIG $interface up
}
list_addresses_by_scope() {
interface=$1
scope=$2
ignore_list=$3
scope_regex="1"
if test -n "$scope"; then scope_regex=" \$0 !~ \"$scope\" "; fi
$IFCONFIG $interface | sed "s/%$interface//" | \
awk -v IGNORED="$ignore_list" \
"BEGIN {
split(IGNORED,ignored_arr);
for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;}
}
(/inet |inet6 / && $scope_regex && !(\$2 in ignored_dict)) {printf \"%s/%s\n\",\$2,\$4;}" | \
while read addr; do
echo "${addr}@$interface"
done | sort
}
update_addresses_of_interface() {
ignore_list=$2
set $1
interface=$1
shift
FWB_ADDRS=$(
for addr in $*; do
echo "${addr}@$interface"
done | sort
)
CURRENT_ADDRS_ALL_SCOPES=""
CURRENT_ADDRS_GLOBAL_SCOPE=""
$IFCONFIG $interface >/dev/null 2>&1 && {
CURRENT_ADDRS_ALL_SCOPES=$(list_addresses_by_scope $interface '' "$ignore_list")
CURRENT_ADDRS_GLOBAL_SCOPE=$(list_addresses_by_scope $interface 'scopeid .*' "$ignore_list")
} || {
echo "# Interface $interface does not exist"
# Stop the script if we are not in test mode
test -z "$FWBDEBUG" && exit 1
}
echo "$interface" | grep -q carp && {
diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del
diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add
} || {
diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add
diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del
}
}
verify_interfaces() {
:
}
set_kernel_vars() {
:
$SYSCTL -w net.inet.ip.forwarding=1
}
prolog_commands() {
:
}
epilog_commands() {
:
}
run_epilog_and_exit() {
epilog_commands
exit $1
}
configure_interfaces() {
:
update_addresses_of_interface "en0 192.168.1.1/0xffffff00" ""
update_addresses_of_interface "en1 222.222.222.222/0xffffff00" ""
}
log "Activating firewall script generated Thu Aug 11 16:51:41 2011 by vadim"
set_kernel_vars
configure_interfaces
prolog_commands
$PFCTL -f /etc/firewall62.conf || exit 1
$PFCTL -F states
epilog_commands
Reference in New Issue View Git Blame Copy Permalink