onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2025-10-16 07:28:25 +02:00
Code Issues Releases Wiki Activity
fwbuilder/test/pf/firewall62.fw.orig
Vadim Kurland 8b158c0a74 * OSConfigurator_bsd_interfaces.cpp (configureInterfaces): make 
sure we print "ifconfig" commands for mtu and other parameters for
all interfaces, including those with no ip addresses and bridge
ports (unnumbered interfaces used to be skipped before)
2011-02-16 16:23:54 -08:00

204 lines
5.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3479
#
# Generated Wed Feb 16 16:18:41 2011 PST by vadim
#
# files: * firewall62.fw /etc/firewall62.fw
# files: firewall62.conf /etc/firewall62.conf
#
# Compiled for pf 4.x
#
# testing rules using UserService object
# Note that iptables does not allow entering
# iptables command that tries to match using module 'owner' in any chain
# other than OUTPUT. This includes user defined chains too (it checks
# how control passes to user defined chain and blocks command if
# it appears that user defined chain gets control not from OUTPUT)
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '3 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '3 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '4 (global)' below it
# firewall62:Policy:3: error: Rule '3 (global)' shadows rule '4 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '4 (global)' below it
# firewall62:Policy:3: error: Rule '3 (global)' shadows rule '4 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '5 (global)' below it
# firewall62:Policy:3: error: Rule '3 (global)' shadows rule '5 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '5 (global)' below it
# firewall62:Policy:3: error: Rule '3 (global)' shadows rule '5 (global)' below it
# firewall62:Policy:1: error: Rule '1 (global)' shadows rule '6 (global)' below it
# firewall62:Policy:8: error: Rule '8 (global)' shadows rule '9 (global)' below it
# firewall62:Policy:8: error: Rule '8 (global)' shadows rule '9 (global)' below it
# firewall62:Policy:8: error: Rule '8 (global)' shadows rule '10 (global)' below it
# firewall62:Policy:8: error: Rule '8 (global)' shadows rule '10 (global)' below it
# firewall62:Policy:1: warning: Changing rule direction due to self reference
# firewall62:Policy:2: warning: Changing rule direction due to self reference
# firewall62:Policy:4: warning: Changing rule direction due to self reference
# firewall62:Policy:8: warning: Changing rule direction due to self reference
# firewall62:Policy:9: warning: Changing rule direction due to self reference
# firewall62:Policy:12: warning: Changing rule direction due to self reference
FWDIR=`dirname $0`
IFCONFIG="/sbin/ifconfig"
PFCTL="/sbin/pfctl"
SYSCTL="/sbin/sysctl"
LOGGER="/usr/bin/logger"
log() {
echo "$1"
command -v "$LOGGER" &>/dev/null && $LOGGER -p info "$1"
}
diff_intf() {
func=$1
list1=$2
list2=$3
cmd=$4
for intf in $list1
do
echo $list2 | grep -q $intf || {
# $vlan is absent in list 2
$func $intf $cmd
}
done
}
missing_address() {
address=$1
cmd=$2
oldIFS=$IFS
IFS="@"
set $address
addr=$1
interface=$2
IFS=$oldIFS
if echo "$addr" | grep -q ':'
then
inet="inet6"
addr=$(echo "$addr" | sed 's!/! prefixlen !')
else
inet="inet"
addr=$(echo "$addr" | sed 's!/! netmask !')
fi
parameter=""
test "$cmd" = "add" && {
echo "# Adding ip address: $interface $addr"
parameter="alias"
}
test "$cmd" = "del" && {
echo "# Removing ip address: $interface $addr"
parameter="delete"
}
$FWBDEBUG $IFCONFIG $interface $inet $addr $parameter
$FWBDEBUG $IFCONFIG $interface up
}
list_addresses_by_scope() {
interface=$1
scope=$2
ignore_list=$3
scope_regex="1"
if test -n "$scope"; then scope_regex=" \$0 !~ \"$scope\" "; fi
$IFCONFIG $interface | sed "s/%$interface//" | \
awk -v IGNORED="$ignore_list" \
"BEGIN {
split(IGNORED,ignored_arr);
for (a in ignored_arr) {ignored_dict[ignored_arr[a]]=1;}
}
(/inet |inet6 / && $scope_regex && !(\$2 in ignored_dict)) {printf \"%s/%s\n\",\$2,\$4;}" | \
while read addr; do
echo "${addr}@$interface"
done | sort
}
update_addresses_of_interface() {
ignore_list=$2
set $1
interface=$1
shift
FWB_ADDRS=$(
for addr in $*; do
echo "${addr}@$interface"
done | sort
)
CURRENT_ADDRS_ALL_SCOPES=""
CURRENT_ADDRS_GLOBAL_SCOPE=""
$IFCONFIG $interface >/dev/null 2>&1 && {
CURRENT_ADDRS_ALL_SCOPES=$(list_addresses_by_scope $interface '' "$ignore_list")
CURRENT_ADDRS_GLOBAL_SCOPE=$(list_addresses_by_scope $interface 'scopeid .*' "$ignore_list")
} || {
echo "# Interface $interface does not exist"
# Stop the script if we are not in test mode
test -z "$FWBDEBUG" && exit 1
}
diff_intf missing_address "$FWB_ADDRS" "$CURRENT_ADDRS_ALL_SCOPES" add
diff_intf missing_address "$CURRENT_ADDRS_GLOBAL_SCOPE" "$FWB_ADDRS" del
}
verify_interfaces() {
:
}
set_kernel_vars() {
:
$SYSCTL -w net.inet.ip.forwarding=1
}
prolog_commands() {
:
}
epilog_commands() {
:
}
run_epilog_and_exit() {
epilog_commands
exit $1
}
configure_interfaces() {
:
update_addresses_of_interface "en0 192.168.1.1/0xffffff00" ""
update_addresses_of_interface "en1 222.222.222.222/0xffffff00" ""
}
log "Activating firewall script generated Wed Feb 16 16:18:41 2011 by vadim"
set_kernel_vars
configure_interfaces
prolog_commands
$PFCTL -f /etc/firewall62.conf || exit 1
$PFCTL -F states
epilog_commands
Reference in New Issue View Git Blame Copy Permalink