summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWilly Tarreau <willy@wtap.(none)>2006-07-17 14:03:29 +0200
committerWilly Tarreau <willy@wtap.(none)>2006-07-26 12:03:50 +0200
commit1609e3b73543a855913e63e48f4a2206ae576dc5 (patch)
treefd2b436161502a309938958fe1f41662fba1ece1
parent[CLEANUP] added the .flxpkg directory (diff)
downloadinit-scripts-1609e3b73543a855913e63e48f4a2206ae576dc5.tar.gz
[RELEASE] init-scripts-0.3.36v0.3.36
added the 'new', 'gen', 'try' options to init.d/firewall
-rw-r--r--.flxpkg/ChangeLog5
-rw-r--r--ChangeLog2
-rwxr-xr-xsbin/init.d/firewall104
3 files changed, 111 insertions, 0 deletions
diff --git a/.flxpkg/ChangeLog b/.flxpkg/ChangeLog
index 13fa6ea..baa120d 100644
--- a/.flxpkg/ChangeLog
+++ b/.flxpkg/ChangeLog
@@ -1,3 +1,8 @@
+2006/07/17 14:00 root@wtap
+
+ * released init-scripts-0.3.36-flx0.1
+ * added the 'new', 'gen', 'try' options to init.d/firewall
+
2006/02/02 11:00 willy@wtap
* released init-scripts-0.3.35-flx0.1
diff --git a/ChangeLog b/ChangeLog
index e264785..ddb91ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,5 @@
+2006/07/17 : 0.3.36
+- added the 'new', 'gen', 'try' options to init.d/firewall
2006/02/02 : 0.3.35
- the network script can now set the hostname via DHCP and waits 1 second for
the link to set up when needed before the DHCP request.
diff --git a/sbin/init.d/firewall b/sbin/init.d/firewall
index 5ab51d6..4b9b947 100755
--- a/sbin/init.d/firewall
+++ b/sbin/init.d/firewall
@@ -21,6 +21,7 @@ conntrack_args=( )
function do_help {
echo "Usage: ${0##*/} <status|start|revert|maint|stop|route|block|help>"
+ echo " <new|gen|try>"
echo "List of config.rc options (name, type, default value, current value) :"
echo
echo " - confdir : dir ; def='/etc/firewall' ; cur=$opt_confdir"
@@ -479,5 +480,108 @@ function do_route {
return 0
}
+# create new test directory
+function do_new {
+ if [ -e $opt_confdir/new ] ; then
+ echo -n "A pending firewall config already exists, remove [y/N] ? "
+ read
+ if [ "$REPLY" != y -a "$REPLY" != Y ] ; then
+ echo "Operation cancelled." >&2
+ return 1
+ fi
+ rm -f $opt_confdir/new
+ fi
+
+ local NEWDATE=$(date +%Y%m%d-%H%M)
+
+ if ! mkdir $opt_confdir/$NEWDATE 2>/dev/null ; then
+ echo "A pending directory already exist for this time, " >&2
+ echo "Try in 1 minute or edit $opt_confdir/new" >&2
+ return 1
+ fi
+
+ ln -s $NEWDATE $opt_confdir/new
+
+ if [ -d $opt_confdir/current/. ] ; then
+ cp -a $opt_confdir/current/. $opt_confdir/new/.
+ elif [ -d $opt_confdir/backup/. ] ; then
+ cp -a $opt_confdir/backup/. $opt_confdir/new/.
+ elif [ -d $opt_confdir/maint/. ] ; then
+ cp -a $opt_confdir/maint/. $opt_confdir/new/.
+ fi
+
+ echo "Pending config ($NEWDATE) create in $opt_confdir/new" >&2
+
+ return 0
+}
+
+# generate ipt config file for host with genrules with pending config
+function do_gen {
+ _GENRULES=$(type -p genrules 2>/dev/null)
+ if [ $? != 0 ] ; then
+ echo "Can not find binary 'genrules' in PATH" >&2
+ return 1
+ fi
+
+ if [ ! -e $opt_confdir/new ] ; then
+ echo "The pending directory doesn't exists, run 'new' before 'gen'" >&2
+ return 1
+ fi
+
+ $_GENRULES $opt_confdir/new $(uname -n)
+
+ return $?
+}
+
+# apply new config but do not save it
+function do_try {
+ if [ ! -e $opt_confdir/new/conf-$(uname -n).ipt ] ; then
+ echo "No config in the pending directory, run 'gen' before 'try'" >&2
+ return 1
+ fi
+
+ local TEMP=/tmp/fw.try.$RANDOM.$RANDOM
+
+ /sbin/iptables-save > $TEMP
+
+ if ! /sbin/iptables-restore < $opt_confdir/new/conf-$(uname -n).ipt ; then
+ /sbin/iptables-restore < $TEMP
+ rm -f $TEMP
+ echo "Error loading pending config" >&2
+ return 1
+ fi
+
+ echo "Try succedded, run 'save' to save it as current config" >&2
+
+ rm -f $TEMP
+
+ return 0
+}
+
+# save the new config in current profile
+function do_save {
+ if [ ! -e $opt_confdir/new ] ; then
+ echo "No pending config to save" >&2
+ return 1
+ fi
+
+ if [ ! -e $opt_confdir/backup -o -L $opt_confdir/backup ] ; then
+ [ -e $opt_confdir/backup ] \
+ && rm -f $opt_confdir/backup
+ else
+ echo "$opt_confdir/backup isn't a symbolic link, can't save" >&2
+ return 1
+ fi
+ if [ ! -e $opt_confdir/current -o -L $opt_confdir/current ] ; then
+ [ -e $opt_confdir/current ] \
+ && mv $opt_confdir/current $opt_confdir/backup
+ else
+ echo "$opt_confdir/current isn't a symbolic link, can't save" >&2
+ return 1
+ fi
+ mv $opt_confdir/new $opt_confdir/current
+ return 0
+}
+
load_config