Commit | Line | Data |
---|---|---|
bfdc045d | 1 | m4_divert(-1) |
1644c76a | 2 | ### -*-m4-*- |
bfdc045d MW |
3 | ### |
4 | ### Failsafe prologue for firewall scripts | |
5 | ### | |
6 | ### (c) 2008 Mark Wooding | |
7 | ### | |
8 | ||
9 | ###----- Licensing notice --------------------------------------------------- | |
10 | ### | |
11 | ### This program is free software; you can redistribute it and/or modify | |
12 | ### it under the terms of the GNU General Public License as published by | |
13 | ### the Free Software Foundation; either version 2 of the License, or | |
14 | ### (at your option) any later version. | |
15 | ### | |
16 | ### This program is distributed in the hope that it will be useful, | |
17 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 | ### GNU General Public License for more details. | |
20 | ### | |
21 | ### You should have received a copy of the GNU General Public License | |
22 | ### along with this program; if not, write to the Free Software Foundation, | |
23 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
24 | ||
25 | m4_changequote(<:, :>) | |
26 | m4_changecom(<:##:>) | |
27 | ||
28 | ###-------------------------------------------------------------------------- | |
29 | ### Overall structure. | |
30 | ### | |
31 | ### 0 File header: shebang, do-not-edit warning. [base] | |
32 | ### 5 Configuration. [config] | |
33 | ### 10 Prologue: command-line parsing and failsafe. [prologue] | |
34 | ### 20 Function definitions. [functions] | |
35 | ### 25 Port numbers etc. [numbers] | |
36 | ### 30 Initialization. [bookends] | |
37 | ### 30 Clear existing rules. [bookends] | |
38 | ### 32 Set safe IP options. [bookends] | |
12ac65a1 | 39 | ### 34 Error chains. [bookends] |
bfdc045d | 40 | ### 36 Give loopback traffic a free pass. [bookends] |
12ac65a1 | 41 | ### 40 Address classification. [classify] |
bfdc045d MW |
42 | ### 42 Definition of address class policies. [local] |
43 | ### 44 Definition of interfaces and addresses. [local] | |
44 | ### 46 Handling of default interface. [classify] | |
12ac65a1 MW |
45 | ### 50 ICMP filtering. [icmp] |
46 | ### 52 Local configuration. [local] | |
47 | ### 58 Finally accept ICMP, hook onto INPUT and FORWARD. [icmp] | |
48 | ### 60 Local configuration. [local] | |
bfdc045d MW |
49 | ### 90 Finishing touches. [bookends] |
50 | ### 94 Set final policies. [bookends] | |
51 | ### 99 File footer: do-not-edit warning. [base] | |
52 | ||
53 | ###-------------------------------------------------------------------------- | |
54 | ### Headers and footers. | |
55 | ||
56 | m4_divert(0)m4_dnl | |
57 | #! /bin/sh | |
85f1a157 MW |
58 | ### BEGIN INIT INFO |
59 | # Provides: firewall | |
60 | # Required-Start: | |
61 | # Required-Stop: | |
62 | # X-Start-Before: ifupdown | |
63 | # X-Stop-After: ifupdown | |
64 | # Default-Start: S | |
65 | # Default-Stop: 0 6 | |
66 | # Description: Provides customized packet filter rules. | |
67 | ### END INIT INFO | |
bfdc045d MW |
68 | ### *** GENERATED FILE: DO NOT EDIT *** |
69 | ||
70 | set -e | |
71 | PATH=/bin:/sbin:/usr/bin:/usr/sbin; export PATH | |
72 | ||
73 | m4_divert(99)m4_dnl | |
74 | ### *** GENERATED FILE: DO NOT EDIT *** | |
75 | m4_divert(-1) | |
76 | ||
77 | ###-------------------------------------------------------------------------- | |
78 | ### Unpleasant m4 hacking. | |
79 | ||
80 | ## dolist(VAR, LIST, BODY) | |
81 | ## | |
82 | ## LIST is a parenthesized list of comma-separated items. For each item, | |
83 | ## set VAR to expand to the item and emit the BODY. | |
84 | m4_define(<:dolist:>, <:m4_pushdef(<:$1:>)__loop($@)m4_popdef(<:$1:>):>) | |
85 | m4_define(<:__loop:>, <:m4_ifelse(<:$2:>, <:():>, ,m4_dnl | |
86 | <:m4_define(<:$1:>, __first$2)$3<::>__loop(<:$1:>,(m4_shift$2),<:$3:>):>):>) | |
87 | m4_define(<:__first:>, <:$1:>) | |
88 | ||
89 | ## split(DELIM, TEXT) | |
90 | ## | |
91 | ## Split TEXT at characters in DELIM; stash result in positional parameters. | |
92 | m4_define(<:split:>, <:IFS=$1; set -- $2; IFS=$STDIFS:>) | |
93 | ||
94 | ## defconf(CONF, DEFAULT) | |
95 | ## | |
96 | ## Define config variable CONF, assigning it the DEFAULT value if not | |
97 | ## overridden by setconf. | |
98 | m4_define(<:defconf:>, <:: ${$1=m4_ifdef(<:conf_$1:>, conf_$1, $2)}:>) | |
99 | ||
100 | ## setconf(CONF, VALUE) | |
101 | ## | |
102 | ## Set config variable VALUE. | |
41f87bbc | 103 | m4_define(<:setconf:>, <:m4_define(<:conf_$1:>, <:$2:>):>) |
bfdc045d MW |
104 | |
105 | ###----- That's all, folks -------------------------------------------------- |