mirror of
https://github.com/fwbuilder/fwbuilder
synced 2025-10-16 07:28:25 +02:00
8b158c0a74
sure we print "ifconfig" commands for mtu and other parameters for all interfaces, including those with no ip addresses and bridge ports (unnumbered interfaces used to be skipped before)
194 lines
4.9 KiB
Bash
Executable File
194 lines
4.9 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# This is automatically generated file. DO NOT MODIFY !
|
|
#
|
|
# Firewall Builder fwb_pf v4.2.0.3479
|
|
#
|
|
# Generated Wed Feb 16 16:18:55 2011 PST by vadim
|
|
#
|
|
# files: * firewall-ipv6-2.fw pf.fw
|
|
# files: firewall-ipv6-2.conf pf.conf
|
|
#
|
|
# Compiled for pf
|
|
#
|
|
# Combined ipv4/ipv6 policy ruleset
|
|
|
|
# firewall-ipv6-2:Policy:5: error: Rule '5 (global)' shadows rule '7 (global)' below it
|
|
# firewall-ipv6-2:Policy:5: error: Rule '5 (global)' shadows rule '7 (global)' below it
|
|
# firewall-ipv6-2:Policy:7: warning: Changing rule direction due to self reference
|
|
|
|
# firewall-ipv6-2:Policy:2: error: Rule '2 (global)' shadows rule '4 (global)' below it
|
|
# firewall-ipv6-2:Policy:3: error: Rule '3 (global)' shadows rule '4 (global)' below it
|
|
# firewall-ipv6-2:Policy:2: error: Rule '2 (global)' shadows rule '5 (global)' below it
|
|
# firewall-ipv6-2:Policy:3: error: Rule '3 (global)' shadows rule '5 (global)' below it
|
|
# firewall-ipv6-2:Policy:2: error: Rule '2 (global)' shadows rule '6 (global)' below it
|
|
# firewall-ipv6-2:Policy:4: error: Rule '4 (global)' shadows rule '6 (global)' below it
|
|
# firewall-ipv6-2:Policy:3: error: Rule '3 (global)' shadows rule '6 (global)' below it
|
|
# firewall-ipv6-2:Policy:2: error: Rule '2 (global)' shadows rule '7 (global)' below it
|
|
# firewall-ipv6-2:Policy:3: error: Rule '3 (global)' shadows rule '7 (global)' below it
|
|
# firewall-ipv6-2:Policy:10: error: Rule '10 (global)' shadows rule '11 (global)' below it
|
|
# firewall-ipv6-2:Policy:10: error: Rule '10 (global)' shadows rule '11 (global)' below it
|
|
# firewall-ipv6-2:Policy:3: warning: Changing rule direction due to self reference
|
|
# firewall-ipv6-2:Policy:6: warning: Changing rule direction due to self reference
|
|
# firewall-ipv6-2:Policy:7: warning: Changing rule direction due to self reference
|
|
|
|
|
|
|
|
FWDIR=`dirname $0`
|
|
|
|
IFCONFIG="/sbin/ifconfig"
|
|
PFCTL="/sbin/pfctl"
|
|
IPFW="/sbin/ipfw"
|
|
IPF="/sbin/ipf"
|
|
IPNAT="/sbin/ipnat"
|
|
SYSCTL="/sbin/sysctl"
|
|
LOGGER="/usr/bin/logger"
|
|
|
|
log() {
|
|
echo "$1"
|
|
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
|
|
}
|
|
|
|
diff_intf() {
|
|
func=$1
|
|
list1=$2
|
|
list2=$3
|
|
cmd=$4
|
|
for intf in $list1
|
|
do
|
|
echo $list2 | grep -q $intf || {
|
|
# $vlan is absent in list 2
|
|
$func $intf $cmd
|
|
}
|
|
done
|
|
}
|
|
|
|
|
|
missing_address() {
|
|
address=$1
|
|
cmd=$2
|
|
|
|
oldIFS=$IFS
|
|
IFS="@"
|
|
set $address
|
|
addr=$1
|
|
interface=$2
|
|
IFS=$oldIFS
|
|
|
|
if echo "$addr" | grep -q ':'
|
|
then
|
|
inet="inet6"
|
|
addr=$(echo "$addr" | sed 's!/! prefixlen !')
|
|
else
|
|
inet="inet"
|
|
addr=$(echo "$addr" | sed 's!/! netmask !')
|
|
fi
|
|
|
|
parameter=""
|
|
test "$cmd" = "add" && {
|
|
echo "# Adding ip address: $interface $addr"
|
|
parameter="alias"
|
|
}
|
|
test "$cmd" = "del" && {
|
|
echo "# Removing ip address: $interface $addr"
|
|
parameter="delete"
|
|
}
|
|
|
|
$FWBDEBUG $IFCONFIG $interface $inet $addr $parameter
|
|
$FWBDEBUG $IFCONFIG $interface up
|
|
}
|
|
|
|
list_addresses_by_scope() {
|
|
interface=$1
|
|
scope=$2
|
|
ignore_list=$3
|
|
|
|
scope_regex="1"
|
|
if test -n "$scope"; then scope_regex=" \$0 !~ \"$scope\" "; fi
|
|
|
|
$IFCONFIG $interface | sed "s/%$interface//" | \
|
|
awk -v IGNORED="$ignore_list" \
|
|
"BEGIN {
|
|
split(IGNORED,ignored_arr);
|
|
for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;}
|
|
}
|
|
(/inet |inet6 / && $scope_regex && !(\$2 in ignored_dict)) {printf \"%s/%s\n\",\$2,\$4;}" | \
|
|
while read addr; do
|
|
echo "${addr}@$interface"
|
|
done | sort
|
|
|
|
}
|
|
|
|
update_addresses_of_interface() {
|
|
ignore_list=$2
|
|
set $1
|
|
interface=$1
|
|
shift
|
|
|
|
FWB_ADDRS=$(
|
|
for addr in $*; do
|
|
echo "${addr}@$interface"
|
|
done | sort
|
|
)
|
|
|
|
CURRENT_ADDRS_ALL_SCOPES=""
|
|
CURRENT_ADDRS_GLOBAL_SCOPE=""
|
|
|
|
$IFCONFIG $interface >/dev/null 2>&1 && {
|
|
CURRENT_ADDRS_ALL_SCOPES=$(list_addresses_by_scope $interface '' "$ignore_list")
|
|
CURRENT_ADDRS_GLOBAL_SCOPE=$(list_addresses_by_scope $interface 'scopeid .*' "$ignore_list")
|
|
} || {
|
|
echo "# Interface $interface does not exist"
|
|
# Stop the script if we are not in test mode
|
|
test -z "$FWBDEBUG" && exit 1
|
|
}
|
|
|
|
diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add
|
|
diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del
|
|
}
|
|
|
|
verify_interfaces() {
|
|
:
|
|
|
|
}
|
|
|
|
set_kernel_vars() {
|
|
:
|
|
$SYSCTL -w net.inet.ip.forwarding=1
|
|
$SYSCTL -w net.inet6.ip6.forwarding=1
|
|
}
|
|
|
|
prolog_commands() {
|
|
:
|
|
|
|
}
|
|
|
|
epilog_commands() {
|
|
:
|
|
|
|
}
|
|
|
|
run_epilog_and_exit() {
|
|
epilog_commands
|
|
exit $1
|
|
}
|
|
|
|
configure_interfaces() {
|
|
:
|
|
update_addresses_of_interface "eth0 fe80::21d:9ff:fe8b:8e94/64 1.1.1.1/0xffffff00" ""
|
|
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
|
|
}
|
|
|
|
log "Activating firewall script generated Wed Feb 16 16:18:55 2011 by vadim"
|
|
|
|
set_kernel_vars
|
|
configure_interfaces
|
|
prolog_commands
|
|
|
|
$PFCTL -f pf.conf || exit 1
|
|
|
|
|
|
|
|
|
|
|
|
epilog_commands |