3 ### Makefile for firewall scripts
5 ### (c) 2008 Mark Wooding
8 ###----- Licensing notice ---------------------------------------------------
10 ### This program is free software; you can redistribute it and/or modify
11 ### it under the terms of the GNU General Public License as published by
12 ### the Free Software Foundation; either version 2 of the License, or
13 ### (at your option) any later version.
15 ### This program is distributed in the hope that it will be useful,
16 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ### GNU General Public License for more details.
20 ### You should have received a copy of the GNU General Public License
21 ### along with this program; if not, write to the Free Software Foundation,
22 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 ### Makefile for firewall scripts
25 ###--------------------------------------------------------------------------
28 ## Extend these variables in `local.mk' to match your site.
32 ## Where to install the scripts.
33 FIREWALL = /etc/init.d/firewall
35 ## How to achieve root privileges.
38 ## Throw additional scripts in here to have them installed.
40 sbindir = /usr/local/sbin
42 ## Establish the default target early, so that targets in `local.mk' don't
47 ###--------------------------------------------------------------------------
48 ### Clever silent-rules stuff.
53 ## Suppressing command output.
58 ## Replacing them with messages.
59 v_echo = $(call v_echo_$V,$1)
60 v_echo_0 = @printf " %-6s %s\n" "$1" "$@";
65 space = $(empty) $(empty)
68 V_M4 = $(call v_echo,M4)m4 -P$(space)
69 V_GEN = $(call v_echo,GEN)
71 ###--------------------------------------------------------------------------
72 ### Local configuration.
74 ## Should set up HOSTS and add stuff to MAIN_M4_SOURCES if necessary. Feel
75 ## free to define additional targets here.
78 ###--------------------------------------------------------------------------
81 ## The main m4 inputs which construct the firewall. These are read in last
82 ## to allow local configuration to change their environments.
83 MAIN_M4_SOURCES += config.m4
84 MAIN_M4_SOURCES += prologue.m4
85 MAIN_M4_SOURCES += functions.m4
86 MAIN_M4_SOURCES += numbers.m4
87 MAIN_M4_SOURCES += bookends.m4
88 MAIN_M4_SOURCES += classify.m4
89 MAIN_M4_SOURCES += icmp.m4
91 ## All of our m4 inputs. The base gets read first to set things up.
93 M4_SOURCES += $(MAIN_M4_SOURCES)
95 ###--------------------------------------------------------------------------
98 TARGETS = $(addsuffix .sh,$(HOSTS))
100 ###--------------------------------------------------------------------------
101 ### Prologue testing.
104 dummy.sh: base.m4 prologue.m4 dummy-payload.m4
105 $(V_M4)-DFWHOST=testing $^ >$@.new
106 $(V_AT)chmod +x $@.new && mv $@.new $@
108 TARGETS += dummy-inst.sh
109 dummy-inst.sh: dummy.sh
110 $(V_GEN)sed '/dummy_action=/s/lose/win/' $< >$@.new
111 $(V_AT)chmod +x $@.new && mv $@.new $@
113 ###--------------------------------------------------------------------------
116 ## A list of diversions in ascending numerical order.
118 divs: $(M4_SOURCES) $(addsuffix .m4,$(HOSTS))
119 $(V_GEN)grep -n m4_divert $^ | \
120 grep -v 'm4_divert(-1)' | \
123 ###--------------------------------------------------------------------------
129 %.sh: %.m4 $(M4_SOURCES)
130 $(V_M4)-DFWHOST=$* base.m4 $*.m4 $(MAIN_M4_SOURCES) >$@.new
131 $(V_AT)chmod +x $@.new && mv $@.new $@
133 clean:; rm -f $(TARGETS) *.new $(CLEANFILES)
136 ###--------------------------------------------------------------------------
139 ## The local machine doesn't want the complicated SSH stuff.
140 THISHOST = $(shell hostname)
141 OTHERHOSTS = $(filter-out $(THISHOST), $(HOSTS))
144 check: $(THISHOST).sh
145 $(ROOT) ./$(THISHOST).sh test
147 ## Installation on a local host,
148 install/$(THISHOST): $(THISHOST).sh
149 [ "x$(SCRIPTS)" = x ] || $(ROOT) install -m755 $(SCRIPTS) $(sbindir)
150 $(ROOT) ./$(THISHOST).sh replace
152 ## Installation on a remote host.
153 $(addprefix install/, $(OTHERHOSTS)): install/%: %.sh
154 if [ "x$(SCRIPTS)" != x ]; then \
155 for i in $(SCRIPTS); do \
156 $(ROOT) scp $$i root@$*:$(sbindir)/$$i.new && \
157 $(ROOT) ssh root@$* \
158 'cd $(sbindir) && chmod 755 $$i.new && mv $$i.new $i' || \
162 $(ROOT) scp $*.sh root@$*:$(FIREWALL).new
163 $(ROOT) ssh root@$* $(FIREWALL).new remote-prepare
164 $(ROOT) ssh root@$* $(FIREWALL).new remote-commit
165 $(ROOT) ssh root@$* rm -f $(FIREWALL).new
167 ## General installation target.
168 install: all install/$(THISHOST) $(addprefix install/,$(HOSTS))
169 .PHONY: install $(addprefix install/,$(HOSTS))
171 ###----- That's all, folks --------------------------------------------------