~mdw / firewall / blame
| Commit | Line | Data |
|---|---|---|
| bfdc045d | 1 | m4_divert(-1) |
| 1644c76a | 2 | ### -*-m4-*- |
| bfdc045d MW |
3 | ### |
| 4 | ### Failsafe prologue for firewall scripts | |
| 5 | ### | |
| 6 | ### (c) 2008 Mark Wooding | |
| 7 | ### | |
| 8 | ||
| 9 | ###----- Licensing notice --------------------------------------------------- | |
| 10 | ### | |
| 11 | ### This program is free software; you can redistribute it and/or modify | |
| 12 | ### it under the terms of the GNU General Public License as published by | |
| 13 | ### the Free Software Foundation; either version 2 of the License, or | |
| 14 | ### (at your option) any later version. | |
| 15 | ### | |
| 16 | ### This program is distributed in the hope that it will be useful, | |
| 17 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 18 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 19 | ### GNU General Public License for more details. | |
| 20 | ### | |
| 21 | ### You should have received a copy of the GNU General Public License | |
| 22 | ### along with this program; if not, write to the Free Software Foundation, | |
| 23 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
| 24 | ||
| 25 | m4_changequote(<:, :>) | |
| 26 | m4_changecom(<:##:>) | |
| 27 | ||
| 28 | ###-------------------------------------------------------------------------- | |
| 29 | ### Overall structure. | |
| 30 | ### | |
| 31 | ### 0 File header: shebang, do-not-edit warning. [base] | |
| a4d8cae3 MW |
32 | ### 4 Configuration. [config] |
| 33 | ### 6 Local settings. [local] | |
| bfdc045d MW |
34 | ### 10 Prologue: command-line parsing and failsafe. [prologue] |
| 35 | ### 20 Function definitions. [functions] | |
| a4d8cae3 MW |
36 | ### 24 Port numbers etc. [numbers] |
| 37 | ### 26 Networks, hosts and interfaces. [local] | |
| bfdc045d MW |
38 | ### 30 Initialization. [bookends] |
| 39 | ### 30 Clear existing rules. [bookends] | |
| 40 | ### 32 Set safe IP options. [bookends] | |
| 12ac65a1 | 41 | ### 34 Error chains. [bookends] |
| c70bfbbb | 42 | ### 38 Utility chains. [functions] |
| 12ac65a1 | 43 | ### 40 Address classification. [classify] |
| bfdc045d MW |
44 | ### 42 Definition of address class policies. [local] |
| 45 | ### 44 Definition of interfaces and addresses. [local] | |
| 46 | ### 46 Handling of default interface. [classify] | |
| a4d8cae3 MW |
47 | ### 50 Packet filter. [bookends] |
| 48 | ### 60 ICMP filtering. [icmp] | |
| 49 | ### 62 Local configuration. [local] | |
| 50 | ### 68 Finally accept ICMP, hook onto INPUT and FORWARD. [icmp] | |
| 51 | ### 80 Local configuration. [local] | |
| 52 | ### 84 Locally bound packet inspection. [local] | |
| 53 | ### 86 Per-host configuration. [HOST] | |
| 54 | ### 88 Final filtering. [local] | |
| bfdc045d MW |
55 | ### 90 Finishing touches. [bookends] |
| 56 | ### 94 Set final policies. [bookends] | |
| 57 | ### 99 File footer: do-not-edit warning. [base] | |
| 58 | ||
| 59 | ###-------------------------------------------------------------------------- | |
| 60 | ### Headers and footers. | |
| 61 | ||
| 62 | m4_divert(0)m4_dnl | |
| 63 | #! /bin/sh | |
| 961148a5 MW |
64 | <:###:> Firewall script for FWHOST |
| 65 | ### | |
| 66 | ### *** GENERATED FILE: DO NOT EDIT *** | |
| 67 | ||
| 85f1a157 MW |
68 | ### BEGIN INIT INFO |
| 69 | # Provides: firewall | |
| fb2f747e | 70 | # Required-Start: $local_fs |
| 85f1a157 | 71 | # Required-Stop: |
| a0c483f3 MW |
72 | # X-Start-Before: networking ifupdown |
| 73 | # X-Stop-After: networking ifupdown bind9 umountnfs | |
| 85f1a157 MW |
74 | # Default-Start: S |
| 75 | # Default-Stop: 0 6 | |
| 76 | # Description: Provides customized packet filter rules. | |
| 77 | ### END INIT INFO | |
| bfdc045d MW |
78 | |
| 79 | set -e | |
| 80 | PATH=/bin:/sbin:/usr/bin:/usr/sbin; export PATH | |
| 961148a5 | 81 | fwhost=FWHOST |
| bfdc045d MW |
82 | |
| 83 | m4_divert(99)m4_dnl | |
| 84 | ### *** GENERATED FILE: DO NOT EDIT *** | |
| 85 | m4_divert(-1) | |
| 86 | ||
| 87 | ###-------------------------------------------------------------------------- | |
| 88 | ### Unpleasant m4 hacking. | |
| 89 | ||
| 90 | ## dolist(VAR, LIST, BODY) | |
| 91 | ## | |
| 92 | ## LIST is a parenthesized list of comma-separated items. For each item, | |
| 93 | ## set VAR to expand to the item and emit the BODY. | |
| 94 | m4_define(<:dolist:>, <:m4_pushdef(<:$1:>)__loop($@)m4_popdef(<:$1:>):>) | |
| 95 | m4_define(<:__loop:>, <:m4_ifelse(<:$2:>, <:():>, ,m4_dnl | |
| 96 | <:m4_define(<:$1:>, __first$2)$3<::>__loop(<:$1:>,(m4_shift$2),<:$3:>):>):>) | |
| 97 | m4_define(<:__first:>, <:$1:>) | |
| 98 | ||
| 99 | ## split(DELIM, TEXT) | |
| 100 | ## | |
| 101 | ## Split TEXT at characters in DELIM; stash result in positional parameters. | |
| 102 | m4_define(<:split:>, <:IFS=$1; set -- $2; IFS=$STDIFS:>) | |
| 103 | ||
| 104 | ## defconf(CONF, DEFAULT) | |
| 105 | ## | |
| 106 | ## Define config variable CONF, assigning it the DEFAULT value if not | |
| 107 | ## overridden by setconf. | |
| 108 | m4_define(<:defconf:>, <:: ${$1=m4_ifdef(<:conf_$1:>, conf_$1, $2)}:>) | |
| 109 | ||
| 110 | ## setconf(CONF, VALUE) | |
| 111 | ## | |
| 112 | ## Set config variable VALUE. | |
| 41f87bbc | 113 | m4_define(<:setconf:>, <:m4_define(<:conf_$1:>, <:$2:>):>) |
| bfdc045d MW |
114 | |
| 115 | ###----- That's all, folks -------------------------------------------------- |