mirror of
https://github.com/fwbuilder/fwbuilder
synced 2025-10-16 07:28:25 +02:00
8b158c0a74
sure we print "ifconfig" commands for mtu and other parameters for all interfaces, including those with no ip addresses and bridge ports (unnumbered interfaces used to be skipped before)
103 lines
2.4 KiB
Bash
Executable File
103 lines
2.4 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# This is automatically generated file. DO NOT MODIFY !
|
|
#
|
|
# Firewall Builder fwb_pf v4.2.0.3479
|
|
#
|
|
# Generated Wed Feb 16 16:18:19 2011 PST by vadim
|
|
#
|
|
# files: * firewall13.fw /etc/fw/firewall13.fw
|
|
# files: firewall13.conf /etc/fw/firewall13.conf
|
|
#
|
|
# Compiled for pf
|
|
#
|
|
# testing detection of empty groups
|
|
|
|
# firewall13:NAT:0: warning: Empty group or address table object 'egroup'
|
|
# firewall13:NAT:0: warning: After removal of all empty groups and address table objects rule element OSrc becomes 'any' in the rule 0 (NAT)
|
|
# Dropping rule 0 (NAT) because option 'Ignore rules with empty groups' is in effect
|
|
# firewall13:NAT:1: warning: Empty group or address table object 'egroup'
|
|
# firewall13:NAT:2: warning: Empty group or address table object 'sgroup'
|
|
# firewall13:NAT:2: warning: After removal of all empty groups and address table objects rule element OSrv becomes 'any' in the rule 2 (NAT)
|
|
# Dropping rule 2 (NAT) because option 'Ignore rules with empty groups' is in effect
|
|
|
|
# firewall13:Policy:0: warning: Empty group or address table object 'egroup2'
|
|
# firewall13:Policy:1: warning: Empty group or address table object 'sgroup'
|
|
# firewall13:Policy:1: warning: After removal of all empty groups and address table objects rule element Srv becomes 'any' in the rule 1 (global)
|
|
# Dropping rule 1 (global) because option 'Ignore rules with empty groups' is in effect
|
|
|
|
|
|
|
|
FWDIR=`dirname $0`
|
|
|
|
IFCONFIG="/sbin/ifconfig"
|
|
PFCTL="/sbin/pfctl"
|
|
SYSCTL="/sbin/sysctl"
|
|
LOGGER="/usr/bin/logger"
|
|
|
|
log() {
|
|
echo "$1"
|
|
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
|
|
}
|
|
|
|
diff_intf() {
|
|
func=$1
|
|
list1=$2
|
|
list2=$3
|
|
cmd=$4
|
|
for intf in $list1
|
|
do
|
|
echo $list2 | grep -q $intf || {
|
|
# $vlan is absent in list 2
|
|
$func $intf $cmd
|
|
}
|
|
done
|
|
}
|
|
|
|
verify_interfaces() {
|
|
:
|
|
|
|
}
|
|
|
|
set_kernel_vars() {
|
|
:
|
|
$SYSCTL -w net.inet.ip.directed-broadcast=0
|
|
$SYSCTL -w net.inet.ip.forwarding=1
|
|
|
|
$SYSCTL -w net.inet.ip.sourceroute=0
|
|
$SYSCTL -w net.inet.ip.redirect=0
|
|
}
|
|
|
|
prolog_commands() {
|
|
:
|
|
|
|
}
|
|
|
|
epilog_commands() {
|
|
:
|
|
|
|
}
|
|
|
|
run_epilog_and_exit() {
|
|
epilog_commands
|
|
exit $1
|
|
}
|
|
|
|
configure_interfaces() {
|
|
:
|
|
|
|
}
|
|
|
|
log "Activating firewall script generated Wed Feb 16 16:18:19 2011 by vadim"
|
|
|
|
set_kernel_vars
|
|
configure_interfaces
|
|
prolog_commands
|
|
|
|
$PFCTL -f /etc/fw/firewall13.conf || exit 1
|
|
|
|
|
|
|
|
|
|
|
|
epilog_commands |