chiark - git - mdw - firewall/blob - base.m4

   1 m4_divert(-1)
   2 ### -*-m4-*-
   3 ###
   4 ### Failsafe prologue for firewall scripts
   5 ###
   6 ### (c) 2008 Mark Wooding
   7 ###
   8
   9 ###----- Licensing notice ---------------------------------------------------
  10 ###
  11 ### This program is free software; you can redistribute it and/or modify
  12 ### it under the terms of the GNU General Public License as published by
  13 ### the Free Software Foundation; either version 2 of the License, or
  14 ### (at your option) any later version.
  15 ###
  16 ### This program is distributed in the hope that it will be useful,
  17 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
  18 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19 ### GNU General Public License for more details.
  20 ###
  21 ### You should have received a copy of the GNU General Public License
  22 ### along with this program; if not, write to the Free Software Foundation,
  23 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  24
  25 m4_changequote(<:, :>)
  26 m4_changecom(<:##:>)
  27
  28 ###--------------------------------------------------------------------------
  29 ### Overall structure.
  30 ###
  31 ###  0  File header: shebang, do-not-edit warning.              [base]
  32 ###  4  Configuration.                                          [config]
  33 ###  6    Local settings.                                       [local]
  34 ### 10  Prologue: command-line parsing and failsafe.            [prologue]
  35 ### 20  Function definitions.                                   [functions]
  36 ### 24  Port numbers etc.                                       [numbers]
  37 ### 26  Networks, hosts and interfaces.                         [local]
  38 ### 30  Initialization.                                         [bookends]
  39 ### 30    Clear existing rules.                                 [bookends]
  40 ### 32    Set safe IP options.                                  [bookends]
  41 ### 34    Error chains.                                         [bookends]
  42 ### 38    Utility chains.                                       [functions]
  43 ### 40  Address classification.                                 [classify]
  44 ### 42    Definition of address class policies.                 [local]
  45 ### 44    Definition of interfaces and addresses.               [local]
  46 ### 46    Handling of default interface.                        [classify]
  47 ### 50  Packet filter.                                          [bookends]
  48 ### 60  ICMP filtering.                                         [icmp]
  49 ### 62    Local configuration.                                  [local]
  50 ### 68    Finally accept ICMP, hook onto INPUT and FORWARD.     [icmp]
  51 ### 80  Local configuration.                                    [local]
  52 ### 84    Locally bound packet inspection.                      [local]
  53 ### 86    Per-host configuration.                               [HOST]
  54 ### 88    Final filtering.                                      [local]
  55 ### 90  Finishing touches.                                      [bookends]
  56 ### 94    Set final policies.                                   [bookends]
  57 ### 99  File footer: do-not-edit warning.                       [base]
  58
  59 ###--------------------------------------------------------------------------
  60 ### Headers and footers.
  61
  62 m4_divert(0)m4_dnl
  63 #! /bin/sh
  64 <:###:> Firewall script for FWHOST
  65 ###
  66 ### *** GENERATED FILE: DO NOT EDIT ***
  67
  68 ### BEGIN INIT INFO
  69 # Provides:             firewall
  70 # Required-Start:       $local_fs
  71 # Required-Stop:
  72 # X-Start-Before:       networking ifupdown
  73 # X-Stop-After:         networking ifupdown bind9 umountnfs
  74 # Default-Start:        S
  75 # Default-Stop:         0 6
  76 # Description:          Provides customized packet filter rules.
  77 ### END INIT INFO
  78
  79 set -e
  80 PATH=/bin:/sbin:/usr/bin:/usr/sbin; export PATH
  81 fwhost=FWHOST
  82
  83 m4_divert(99)m4_dnl
  84 ### *** GENERATED FILE: DO NOT EDIT ***
  85 m4_divert(-1)
  86
  87 ###--------------------------------------------------------------------------
  88 ### Unpleasant m4 hacking.
  89
  90 ## dolist(VAR, LIST, BODY)
  91 ##
  92 ## LIST is a parenthesized list of comma-separated items.  For each item,
  93 ## set VAR to expand to the item and emit the BODY.
  94 m4_define(<:dolist:>, <:m4_pushdef(<:$1:>)__loop($@)m4_popdef(<:$1:>):>)
  95 m4_define(<:__loop:>, <:m4_ifelse(<:$2:>, <:():>, ,m4_dnl
  96 <:m4_define(<:$1:>, __first$2)$3<::>__loop(<:$1:>,(m4_shift$2),<:$3:>):>):>)
  97 m4_define(<:__first:>, <:$1:>)
  98
  99 ## split(DELIM, TEXT)
 100 ##
 101 ## Split TEXT at characters in DELIM; stash result in positional parameters.
 102 m4_define(<:split:>, <:IFS=$1; set -- $2; IFS=$STDIFS:>)
 103
 104 ## defconf(CONF, DEFAULT)
 105 ##
 106 ## Define config variable CONF, assigning it the DEFAULT value if not
 107 ## overridden by setconf.
 108 m4_define(<:defconf:>, <:: ${$1=m4_ifdef(<:conf_$1:>, conf_$1, $2)}:>)
 109
 110 ## setconf(CONF, VALUE)
 111 ##
 112 ## Set config variable VALUE.
 113 m4_define(<:setconf:>, <:m4_define(<:conf_$1:>, <:$2:>):>)
 114
 115 ###----- That's all, folks --------------------------------------------------