Merge pull request #282 from ktsaou/master

added postprocess2 to execute commands, after firewall activation
2024-06-25 16:38:22 +00:00 · 2017-11-14 00:40:49 +02:00 · 2017-11-14 00:40:49 +02:00 · adfe489a2f
commit adfe489a2f
parent 9506a9edd8 bf6556aa23
1 changed files with 58 additions and 0 deletions
--- a/sbin/firehol
+++ b/sbin/firehol
@ -1419,6 +1419,9 @@ source "${FIREHOL_DIR}/firewall_restore_commands.sh"
 # when FAST_ACTIVATION is zero
 file open 21 "${FIREHOL_OUTPUT}" w || exit 1

+# prepare the file that will host postprocess2 commands
+file open 22 "${FIREHOL_OUTPUT}.postprocess2" w || exit 1
+
 # Make sure we have a directory for our data.
 if [ ! -d "${FIREHOL_SPOOL_DIR}" ]
 then
@ -5791,6 +5794,53 @@ postprocess() {
 	return 0
 }

+postprocess2() {
+	# if the caller is not from the program file, get the config line calling us
+	[ ! "${BASH_SOURCE[1]}" = "${PROGRAM_FILE}" ] && work_realcmd_helper ${FUNCNAME} "${@}"
+	
+	local check="error" save=1
+	while [ ! "A${1}" = "A" ]
+	do
+		case "A${1}" in
+			A-ne) shift; check="none";;
+			A-warn) shift; check="warn";;
+			A-ns) shift; save=0;;
+			*) break;;
+		esac
+	done
+
+	if [ "${FIREHOL_MODE}" = "EXPLAIN" ]
+	then
+		printf "%q " "${@}"
+		printf "\n"
+		return 0
+	elif [ "${FIREHOL_MODE}" = "DEBUG" ]
+	then
+		check="debug"
+	fi
+	
+	printf "%q " "${@}" >&22
+	case "${check}" in
+		debug)	printf "\n" >&22
+			;;
+
+		none)	printf " >/dev/null 2>&1 || echo >/dev/null\n" >&22
+			;;
+
+		warn|error)
+			# do not run config_line here, it is very slow
+			# config_line -ne
+			printf " >${FIREHOL_OUTPUT}.log 2>&1 || runtime_error ${check} \$? '${LAST_CONFIG_LINE}' " >&22
+			printf "%q " "${@}" >&22
+			printf "\n" >&22
+			;;
+	esac
+	
+	test $save -eq 1 && save_for_restore ${check} "${@}"
+
+	return 0
+}
+

 # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 # fast activation
@ -12468,6 +12518,14 @@ then
 fi
 success # "Activating new firewall (${FIREHOL_COMMAND_COUNTER} rules)"

+file close 22
+if [ -s "${FIREHOL_OUTPUT}.postprocess2" ]
+then
+	progress "Executing postprocess2 commands"
+	${SH_CMD} "${FIREHOL_OUTPUT}.postprocess2"
+	success
+fi
+
 if [ ${FIREHOL_TRY} -eq 1 ]
 then
 	syslog info "Waiting user to commit the new firewall."