3 ### Makefile for firewall scripts
5 ### (c) 2008 Mark Wooding
8 ###----- Licensing notice ---------------------------------------------------
10 ### This program is free software; you can redistribute it and/or modify
11 ### it under the terms of the GNU General Public License as published by
12 ### the Free Software Foundation; either version 2 of the License, or
13 ### (at your option) any later version.
15 ### This program is distributed in the hope that it will be useful,
16 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ### GNU General Public License for more details.
20 ### You should have received a copy of the GNU General Public License
21 ### along with this program; if not, write to the Free Software Foundation,
22 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 ### Makefile for firewall scripts
25 ###--------------------------------------------------------------------------
28 ## Extend these variables in `local.mk' to match your site.
32 ## Where to install the scripts.
33 FIREWALL = /etc/init.d/firewall
35 ## How to achieve root privileges.
38 ## Throw additional scripts in here to have them installed.
40 sbindir = /usr/local/sbin
42 ## Establish the default target early, so that targets in `local.mk' don't
47 ###--------------------------------------------------------------------------
48 ### Clever silent-rules stuff.
53 ## Suppressing command output.
58 ## Replacing them with messages.
59 v_echo = $(call v_echo_$V,$1)
60 v_echo_0 = @printf " %-6s %s\n" "$1" "$@";
65 space = $(empty) $(empty)
68 V_M4 = $(call v_echo,M4)m4 -P$(space)
69 V_GEN = $(call v_echo,GEN)
71 ###--------------------------------------------------------------------------
72 ### Local configuration.
74 ## Should set up HOSTS and add stuff to MAIN_M4_SOURCES if necessary. Feel
75 ## free to define additional targets here.
78 ###--------------------------------------------------------------------------
81 ## The main m4 inputs which construct the firewall. These are read in last
82 ## to allow local configuration to change their environments.
83 MAIN_M4_SOURCES += config.m4
84 MAIN_M4_SOURCES += prologue.m4
85 MAIN_M4_SOURCES += functions.m4
86 MAIN_M4_SOURCES += numbers.m4
87 MAIN_M4_SOURCES += bookends.m4
88 MAIN_M4_SOURCES += classify.m4
89 MAIN_M4_SOURCES += icmp.m4
91 ## All of our m4 inputs. The base gets read first to set things up.
93 M4_SOURCES += $(MAIN_M4_SOURCES)
95 ###--------------------------------------------------------------------------
98 TARGETS = $(addsuffix .sh,$(HOSTS))
100 ###--------------------------------------------------------------------------
101 ### Prologue testing.
104 dummy.sh: base.m4 prologue.m4 dummy-payload.m4
105 $(V_M4)-DFWHOST=testing $^ >$@.new
106 $(V_AT)chmod +x $@.new && mv $@.new $@
108 TARGETS += dummy-inst.sh
109 dummy-inst.sh: dummy.sh
110 $(V_GEN)sed '/dummy_action=/s/lose/win/' $< >$@.new
111 $(V_AT)chmod +x $@.new && mv $@.new $@
113 ###--------------------------------------------------------------------------
119 %.sh: %.m4 $(M4_SOURCES)
120 $(V_M4)-DFWHOST=$* base.m4 $*.m4 $(MAIN_M4_SOURCES) >$@.new
121 $(V_AT)chmod +x $@.new && mv $@.new $@
123 clean:; rm -f $(TARGETS) *.new
126 ###--------------------------------------------------------------------------
129 ## The local machine doesn't want the complicated SSH stuff.
130 THISHOST = $(shell hostname)
131 OTHERHOSTS = $(filter-out $(THISHOST), $(HOSTS))
134 check: $(THISHOST).sh
135 $(ROOT) ./$(THISHOST).sh test
137 ## Installation on a local host,
138 install/$(THISHOST): $(THISHOST).sh
139 [ "x$(SCRIPTS)" = x ] || $(ROOT) install -m755 $(SCRIPTS) $(sbindir)
140 $(ROOT) ./$(THISHOST).sh replace
142 ## Installation on a remote host.
143 $(addprefix install/, $(OTHERHOSTS)): install/%: %.sh
144 if [ "x$(SCRIPTS)" != x ]; then \
145 for i in $(SCRIPTS); do \
146 $(ROOT) scp $$i root@$*:$(sbindir)/$$i.new && \
147 $(ROOT) ssh root@$* \
148 'cd $(sbindir) && chmod 755 $$i.new && mv $$i.new $i' || \
152 $(ROOT) scp $*.sh root@$*:$(FIREWALL).new
153 $(ROOT) ssh root@$* $(FIREWALL).new remote-prepare
154 $(ROOT) ssh root@$* $(FIREWALL).new remote-commit
155 $(ROOT) ssh root@$* rm -f $(FIREWALL).new
157 ## General installation target.
158 install: all install/$(THISHOST) $(addprefix install/,$(HOSTS))
159 .PHONY: install $(addprefix install/,$(HOSTS))
161 ###----- That's all, folks --------------------------------------------------