mirror of
https://github.com/firehol/firehol.git
synced 2024-06-30 19:02:21 +00:00
Added support for externally defined services in files under directory:
/etc/firehol/services This directory may contain files ending with .conf. Example: imap.conf Each file should *start* with a line like this: #FHVER: 1 This must be the FIRST line of the file. The number 1 is the FIREHOL_SERVICES_API version number. If the API within FireHOL changes, FireHOL will refuse to load all those services files that their API version number does not match.
This commit is contained in:
parent
f638c00a8c
commit
4ea32196d9
80
firehol.sh
80
firehol.sh
@ -10,11 +10,12 @@
|
|||||||
#
|
#
|
||||||
# config: /etc/firehol/firehol.conf
|
# config: /etc/firehol/firehol.conf
|
||||||
#
|
#
|
||||||
# $Id: firehol.sh,v 1.206 2004/10/28 22:02:43 ktsaou Exp $
|
# $Id: firehol.sh,v 1.207 2004/10/28 23:03:06 ktsaou Exp $
|
||||||
#
|
#
|
||||||
|
|
||||||
# Remember who you are.
|
# Remember who you are.
|
||||||
FIREHOL_FILE="${0}"
|
FIREHOL_FILE="${0}"
|
||||||
|
FIREHOL_DEFAULT_WORKING_DIRECTORY="${PWD}"
|
||||||
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
@ -53,9 +54,11 @@ which_cmd() {
|
|||||||
echo >&2
|
echo >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
eval $1=${cmd}
|
eval $1=${cmd}
|
||||||
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
which_cmd CAT_CMD cat
|
which_cmd CAT_CMD cat
|
||||||
@ -64,8 +67,10 @@ which_cmd CHOWN_CMD chown
|
|||||||
which_cmd CHMOD_CMD chmod
|
which_cmd CHMOD_CMD chmod
|
||||||
which_cmd DATE_CMD date
|
which_cmd DATE_CMD date
|
||||||
which_cmd EGREP_CMD egrep
|
which_cmd EGREP_CMD egrep
|
||||||
|
which_cmd EXPR_CMD expr
|
||||||
which_cmd GAWK_CMD gawk
|
which_cmd GAWK_CMD gawk
|
||||||
which_cmd GREP_CMD grep
|
which_cmd GREP_CMD grep
|
||||||
|
which_cmd HEAD_CMD head
|
||||||
which_cmd HOSTNAME_CMD hostname
|
which_cmd HOSTNAME_CMD hostname
|
||||||
which_cmd IP_CMD ip
|
which_cmd IP_CMD ip
|
||||||
which_cmd IPTABLES_CMD iptables
|
which_cmd IPTABLES_CMD iptables
|
||||||
@ -85,8 +90,7 @@ which_cmd TOUCH_CMD touch
|
|||||||
which_cmd TR_CMD tr
|
which_cmd TR_CMD tr
|
||||||
which_cmd UNAME_CMD uname
|
which_cmd UNAME_CMD uname
|
||||||
which_cmd UNIQ_CMD uniq
|
which_cmd UNIQ_CMD uniq
|
||||||
which_cmd -n WGET_CMD wget
|
which_cmd -n WGET_CMD wget || which_cmd CURL_CMD curl
|
||||||
which_cmd -n CURL_CMD curl
|
|
||||||
|
|
||||||
|
|
||||||
# Initialize iptables
|
# Initialize iptables
|
||||||
@ -241,13 +245,14 @@ ALL_SHOULD_ALSO_RUN=
|
|||||||
|
|
||||||
# The default configuration file
|
# The default configuration file
|
||||||
# It can be changed on the command line
|
# It can be changed on the command line
|
||||||
FIREHOL_CONFIG="/etc/firehol/firehol.conf"
|
FIREHOL_CONFIG_DIR="/etc/firehol"
|
||||||
|
FIREHOL_CONFIG="${FIREHOL_CONFIG_DIR}/firehol.conf"
|
||||||
|
|
||||||
if [ ! -d /etc/firehol -a -f /etc/firehol.conf ]
|
if [ ! -d "${FIREHOL_CONFIG_DIR}" -a -f /etc/firehol.conf ]
|
||||||
then
|
then
|
||||||
mkdir /etc/firehol
|
mkdir "${FIREHOL_CONFIG_DIR}"
|
||||||
${CHOWN_CMD} root:root /etc/firehol
|
${CHOWN_CMD} root:root "${FIREHOL_CONFIG_DIR}"
|
||||||
${CHMOD_CMD} 700 /etc/firehol
|
${CHMOD_CMD} 700 "${FIREHOL_CONFIG_DIR}"
|
||||||
${MV_CMD} /etc/firehol.conf "${FIREHOL_CONFIG}"
|
${MV_CMD} /etc/firehol.conf "${FIREHOL_CONFIG}"
|
||||||
|
|
||||||
echo >&2
|
echo >&2
|
||||||
@ -319,6 +324,9 @@ FIREHOL_DYNAMIC_CHAIN_COUNTER=1
|
|||||||
# This means the admin could setup a firewall on lo.
|
# This means the admin could setup a firewall on lo.
|
||||||
FIREHOL_TRUST_LOOPBACK=1
|
FIREHOL_TRUST_LOOPBACK=1
|
||||||
|
|
||||||
|
# Services API version
|
||||||
|
FIREHOL_SERVICES_API="1"
|
||||||
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
@ -1391,6 +1399,52 @@ then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
#
|
||||||
|
# SUPPORT FOR EXTERNAL DEFINITIONS OF SERVICES
|
||||||
|
#
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Externally defined services can be placed in "${FIREHOL_CONFIG_DIR}/services/"
|
||||||
|
if [ ! -d "${FIREHOL_CONFIG_DIR}/services" ]
|
||||||
|
then
|
||||||
|
"${MKDIR_CMD}" -p "${FIREHOL_CONFIG_DIR}/services"
|
||||||
|
"${CHOWN_CMD}" root:root "${FIREHOL_CONFIG_DIR}/services"
|
||||||
|
"${CHMOD_CMD}" 700 "${FIREHOL_CONFIG_DIR}/services"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Load all the services.
|
||||||
|
# All these files should start with: #FHVER: 1
|
||||||
|
cd "${FIREHOL_CONFIG_DIR}/services"
|
||||||
|
for f in `ls *.conf 2>/dev/null`
|
||||||
|
do
|
||||||
|
cd "${FIREHOL_CONFIG_DIR}/services"
|
||||||
|
|
||||||
|
n=`"${HEAD_CMD}" -n 1 "${f}" | "${CUT_CMD}" -d ':' -f 2`
|
||||||
|
"${EXPR_CMD}" ${n} + 0 >/dev/null 2>&1
|
||||||
|
if [ $? -ne 0 ]
|
||||||
|
then
|
||||||
|
echo >&2 " >>> Ignoring service in '${FIREHOL_CONFIG_DIR}/services/${f}' due to malformed header."
|
||||||
|
elif [ ${n} -ne ${FIREHOL_SERVICES_API} ]
|
||||||
|
then
|
||||||
|
echo >&2 " >>> Ignoring service '${FIREHOL_CONFIG_DIR}/services/${f}' due to incompatible API version."
|
||||||
|
else
|
||||||
|
source ${f}
|
||||||
|
ret=$?
|
||||||
|
if [ ${ret} -ne 0 ]
|
||||||
|
then
|
||||||
|
echo >&2 " >>> Service in '${FIREHOL_CONFIG_DIR}/services/${f}' returned code ${ret}."
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
cd "${FIREHOL_DEFAULT_WORKING_DIRECTORY}"
|
||||||
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
@ -4508,7 +4562,7 @@ case "${arg}" in
|
|||||||
else
|
else
|
||||||
|
|
||||||
${CAT_CMD} <<EOF
|
${CAT_CMD} <<EOF
|
||||||
$Id: firehol.sh,v 1.206 2004/10/28 22:02:43 ktsaou Exp $
|
$Id: firehol.sh,v 1.207 2004/10/28 23:03:06 ktsaou Exp $
|
||||||
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
FireHOL is distributed under GPL.
|
FireHOL is distributed under GPL.
|
||||||
|
|
||||||
@ -4519,7 +4573,7 @@ FireHOL supports the following command line arguments (only one of them):
|
|||||||
|
|
||||||
start to activate the firewall configuration.
|
start to activate the firewall configuration.
|
||||||
The configuration is expected to be found in
|
The configuration is expected to be found in
|
||||||
/etc/firehol/firehol.conf
|
${FIREHOL_CONFIG_DIR}/firehol.conf
|
||||||
|
|
||||||
try to activate the firewall, but wait until
|
try to activate the firewall, but wait until
|
||||||
the user types the word "commit". If this word
|
the user types the word "commit". If this word
|
||||||
@ -4694,7 +4748,7 @@ then
|
|||||||
|
|
||||||
${CAT_CMD} <<EOF
|
${CAT_CMD} <<EOF
|
||||||
|
|
||||||
$Id: firehol.sh,v 1.206 2004/10/28 22:02:43 ktsaou Exp $
|
$Id: firehol.sh,v 1.207 2004/10/28 23:03:06 ktsaou Exp $
|
||||||
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
FireHOL is distributed under GPL.
|
FireHOL is distributed under GPL.
|
||||||
Home Page: http://firehol.sourceforge.net
|
Home Page: http://firehol.sourceforge.net
|
||||||
@ -4988,7 +5042,7 @@ then
|
|||||||
|
|
||||||
${CAT_CMD} >&2 <<EOF
|
${CAT_CMD} >&2 <<EOF
|
||||||
|
|
||||||
$Id: firehol.sh,v 1.206 2004/10/28 22:02:43 ktsaou Exp $
|
$Id: firehol.sh,v 1.207 2004/10/28 23:03:06 ktsaou Exp $
|
||||||
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
FireHOL is distributed under GPL.
|
FireHOL is distributed under GPL.
|
||||||
Home Page: http://firehol.sourceforge.net
|
Home Page: http://firehol.sourceforge.net
|
||||||
@ -5071,7 +5125,7 @@ EOF
|
|||||||
echo "# "
|
echo "# "
|
||||||
|
|
||||||
${CAT_CMD} <<EOF
|
${CAT_CMD} <<EOF
|
||||||
# $Id: firehol.sh,v 1.206 2004/10/28 22:02:43 ktsaou Exp $
|
# $Id: firehol.sh,v 1.207 2004/10/28 23:03:06 ktsaou Exp $
|
||||||
# (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
# (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
# FireHOL is distributed under GPL.
|
# FireHOL is distributed under GPL.
|
||||||
# Home Page: http://firehol.sourceforge.net
|
# Home Page: http://firehol.sourceforge.net
|
||||||
|
Loading…
Reference in New Issue
Block a user