Commit | Line | Data |
---|---|---|
bfdc045d | 1 | m4_divert(-1) |
1644c76a | 2 | ### -*-m4-*- |
bfdc045d MW |
3 | ### |
4 | ### Failsafe prologue for firewall scripts | |
5 | ### | |
6 | ### (c) 2008 Mark Wooding | |
7 | ### | |
8 | ||
9 | ###----- Licensing notice --------------------------------------------------- | |
10 | ### | |
11 | ### This program is free software; you can redistribute it and/or modify | |
12 | ### it under the terms of the GNU General Public License as published by | |
13 | ### the Free Software Foundation; either version 2 of the License, or | |
14 | ### (at your option) any later version. | |
15 | ### | |
16 | ### This program is distributed in the hope that it will be useful, | |
17 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 | ### GNU General Public License for more details. | |
20 | ### | |
21 | ### You should have received a copy of the GNU General Public License | |
22 | ### along with this program; if not, write to the Free Software Foundation, | |
23 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
24 | ||
25 | m4_changequote(<:, :>) | |
26 | m4_changecom(<:##:>) | |
27 | ||
28 | ###-------------------------------------------------------------------------- | |
29 | ### Overall structure. | |
30 | ### | |
31 | ### 0 File header: shebang, do-not-edit warning. [base] | |
a4d8cae3 MW |
32 | ### 4 Configuration. [config] |
33 | ### 6 Local settings. [local] | |
bfdc045d MW |
34 | ### 10 Prologue: command-line parsing and failsafe. [prologue] |
35 | ### 20 Function definitions. [functions] | |
a4d8cae3 MW |
36 | ### 24 Port numbers etc. [numbers] |
37 | ### 26 Networks, hosts and interfaces. [local] | |
bfdc045d MW |
38 | ### 30 Initialization. [bookends] |
39 | ### 30 Clear existing rules. [bookends] | |
40 | ### 32 Set safe IP options. [bookends] | |
12ac65a1 | 41 | ### 34 Error chains. [bookends] |
c70bfbbb | 42 | ### 38 Utility chains. [functions] |
12ac65a1 | 43 | ### 40 Address classification. [classify] |
bfdc045d MW |
44 | ### 42 Definition of address class policies. [local] |
45 | ### 44 Definition of interfaces and addresses. [local] | |
46 | ### 46 Handling of default interface. [classify] | |
a4d8cae3 MW |
47 | ### 50 Packet filter. [bookends] |
48 | ### 60 ICMP filtering. [icmp] | |
49 | ### 62 Local configuration. [local] | |
50 | ### 68 Finally accept ICMP, hook onto INPUT and FORWARD. [icmp] | |
51 | ### 80 Local configuration. [local] | |
52 | ### 84 Locally bound packet inspection. [local] | |
53 | ### 86 Per-host configuration. [HOST] | |
54 | ### 88 Final filtering. [local] | |
bfdc045d MW |
55 | ### 90 Finishing touches. [bookends] |
56 | ### 94 Set final policies. [bookends] | |
57 | ### 99 File footer: do-not-edit warning. [base] | |
58 | ||
59 | ###-------------------------------------------------------------------------- | |
60 | ### Headers and footers. | |
61 | ||
62 | m4_divert(0)m4_dnl | |
63 | #! /bin/sh | |
961148a5 MW |
64 | <:###:> Firewall script for FWHOST |
65 | ### | |
66 | ### *** GENERATED FILE: DO NOT EDIT *** | |
67 | ||
85f1a157 MW |
68 | ### BEGIN INIT INFO |
69 | # Provides: firewall | |
b551adaf | 70 | # Required-Start: mountkernfs |
85f1a157 MW |
71 | # Required-Stop: |
72 | # X-Start-Before: ifupdown | |
73 | # X-Stop-After: ifupdown | |
74 | # Default-Start: S | |
75 | # Default-Stop: 0 6 | |
76 | # Description: Provides customized packet filter rules. | |
77 | ### END INIT INFO | |
bfdc045d MW |
78 | |
79 | set -e | |
80 | PATH=/bin:/sbin:/usr/bin:/usr/sbin; export PATH | |
961148a5 | 81 | fwhost=FWHOST |
bfdc045d MW |
82 | |
83 | m4_divert(99)m4_dnl | |
84 | ### *** GENERATED FILE: DO NOT EDIT *** | |
85 | m4_divert(-1) | |
86 | ||
87 | ###-------------------------------------------------------------------------- | |
88 | ### Unpleasant m4 hacking. | |
89 | ||
90 | ## dolist(VAR, LIST, BODY) | |
91 | ## | |
92 | ## LIST is a parenthesized list of comma-separated items. For each item, | |
93 | ## set VAR to expand to the item and emit the BODY. | |
94 | m4_define(<:dolist:>, <:m4_pushdef(<:$1:>)__loop($@)m4_popdef(<:$1:>):>) | |
95 | m4_define(<:__loop:>, <:m4_ifelse(<:$2:>, <:():>, ,m4_dnl | |
96 | <:m4_define(<:$1:>, __first$2)$3<::>__loop(<:$1:>,(m4_shift$2),<:$3:>):>):>) | |
97 | m4_define(<:__first:>, <:$1:>) | |
98 | ||
99 | ## split(DELIM, TEXT) | |
100 | ## | |
101 | ## Split TEXT at characters in DELIM; stash result in positional parameters. | |
102 | m4_define(<:split:>, <:IFS=$1; set -- $2; IFS=$STDIFS:>) | |
103 | ||
104 | ## defconf(CONF, DEFAULT) | |
105 | ## | |
106 | ## Define config variable CONF, assigning it the DEFAULT value if not | |
107 | ## overridden by setconf. | |
108 | m4_define(<:defconf:>, <:: ${$1=m4_ifdef(<:conf_$1:>, conf_$1, $2)}:>) | |
109 | ||
110 | ## setconf(CONF, VALUE) | |
111 | ## | |
112 | ## Set config variable VALUE. | |
41f87bbc | 113 | m4_define(<:setconf:>, <:m4_define(<:conf_$1:>, <:$2:>):>) |
bfdc045d MW |
114 | |
115 | ###----- That's all, folks -------------------------------------------------- |