m4_divert(-1) ### -*-m4-*- ### ### Failsafe prologue for firewall scripts ### ### (c) 2008 Mark Wooding ### ###----- Licensing notice --------------------------------------------------- ### ### This program is free software; you can redistribute it and/or modify ### it under the terms of the GNU General Public License as published by ### the Free Software Foundation; either version 2 of the License, or ### (at your option) any later version. ### ### This program is distributed in the hope that it will be useful, ### but WITHOUT ANY WARRANTY; without even the implied warranty of ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ### GNU General Public License for more details. ### ### You should have received a copy of the GNU General Public License ### along with this program; if not, write to the Free Software Foundation, ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. m4_changequote(<:, :>) m4_changecom(<:##:>) ###-------------------------------------------------------------------------- ### Overall structure. ### ### 0 File header: shebang, do-not-edit warning. [base] ### 4 Configuration. [config] ### 6 Local settings. [local] ### 10 Prologue: command-line parsing and failsafe. [prologue] ### 20 Function definitions. [functions] ### 24 Port numbers etc. [numbers] ### 26 Networks, hosts and interfaces. [local] ### 30 Initialization. [bookends] ### 30 Clear existing rules. [bookends] ### 32 Set safe IP options. [bookends] ### 34 Error chains. [bookends] ### 38 Utility chains. [functions] ### 40 Address classification. [classify] ### 42 Definition of address class policies. [local] ### 44 Definition of interfaces and addresses. [local] ### 46 Handling of default interface. [classify] ### 50 Packet filter. [bookends] ### 60 ICMP filtering. [icmp] ### 62 Local configuration. [local] ### 68 Finally accept ICMP, hook onto INPUT and FORWARD. [icmp] ### 80 Local configuration. [local] ### 84 Locally bound packet inspection. [local] ### 86 Per-host configuration. [HOST] ### 88 Final filtering. [local] ### 90 Finishing touches. [bookends] ### 94 Set final policies. [bookends] ### 99 File footer: do-not-edit warning. [base] ###-------------------------------------------------------------------------- ### Headers and footers. m4_divert(0)m4_dnl #! /bin/sh <:###:> Firewall script for FWHOST ### ### *** GENERATED FILE: DO NOT EDIT *** ### BEGIN INIT INFO # Provides: firewall # Required-Start: $local_fs # Required-Stop: # X-Start-Before: networking ifupdown # X-Stop-After: networking ifupdown bind9 umountnfs # Default-Start: S # Default-Stop: 0 6 # Description: Provides customized packet filter rules. ### END INIT INFO set -e PATH=/bin:/sbin:/usr/bin:/usr/sbin; export PATH fwhost=FWHOST m4_divert(99)m4_dnl ### *** GENERATED FILE: DO NOT EDIT *** m4_divert(-1) ###-------------------------------------------------------------------------- ### Unpleasant m4 hacking. ## dolist(VAR, LIST, BODY) ## ## LIST is a parenthesized list of comma-separated items. For each item, ## set VAR to expand to the item and emit the BODY. m4_define(<:dolist:>, <:m4_pushdef(<:$1:>)__loop($@)m4_popdef(<:$1:>):>) m4_define(<:__loop:>, <:m4_ifelse(<:$2:>, <:():>, ,m4_dnl <:m4_define(<:$1:>, __first$2)$3<::>__loop(<:$1:>,(m4_shift$2),<:$3:>):>):>) m4_define(<:__first:>, <:$1:>) ## split(DELIM, TEXT) ## ## Split TEXT at characters in DELIM; stash result in positional parameters. m4_define(<:split:>, <:IFS=$1; set -- $2; IFS=$STDIFS:>) ## defconf(CONF, DEFAULT) ## ## Define config variable CONF, assigning it the DEFAULT value if not ## overridden by setconf. m4_define(<:defconf:>, <:: ${$1=m4_ifdef(<:conf_$1:>, conf_$1, $2)}:>) ## setconf(CONF, VALUE) ## ## Set config variable VALUE. m4_define(<:setconf:>, <:m4_define(<:conf_$1:>, <:$2:>):>) ###----- That's all, folks --------------------------------------------------