| 1 | m4_divert(-1) |
| 2 | ### -*-m4-*- |
| 3 | ### |
| 4 | ### Failsafe prologue for firewall scripts |
| 5 | ### |
| 6 | ### (c) 2008 Mark Wooding |
| 7 | ### |
| 8 | |
| 9 | ###----- Licensing notice --------------------------------------------------- |
| 10 | ### |
| 11 | ### This program is free software; you can redistribute it and/or modify |
| 12 | ### it under the terms of the GNU General Public License as published by |
| 13 | ### the Free Software Foundation; either version 2 of the License, or |
| 14 | ### (at your option) any later version. |
| 15 | ### |
| 16 | ### This program is distributed in the hope that it will be useful, |
| 17 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 18 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 19 | ### GNU General Public License for more details. |
| 20 | ### |
| 21 | ### You should have received a copy of the GNU General Public License |
| 22 | ### along with this program; if not, write to the Free Software Foundation, |
| 23 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 24 | |
| 25 | m4_changequote(<:, :>) |
| 26 | m4_changecom(<:##:>) |
| 27 | |
| 28 | ###-------------------------------------------------------------------------- |
| 29 | ### Overall structure. |
| 30 | ### |
| 31 | ### 0 File header: shebang, do-not-edit warning. [base] |
| 32 | ### 4 Configuration. [config] |
| 33 | ### 6 Local settings. [local] |
| 34 | ### 10 Prologue: command-line parsing and failsafe. [prologue] |
| 35 | ### 20 Function definitions. [functions] |
| 36 | ### 24 Port numbers etc. [numbers] |
| 37 | ### 26 Networks, hosts and interfaces. [local] |
| 38 | ### 30 Initialization. [bookends] |
| 39 | ### 30 Clear existing rules. [bookends] |
| 40 | ### 32 Set safe IP options. [bookends] |
| 41 | ### 34 Error chains. [bookends] |
| 42 | ### 38 Utility chains. [functions] |
| 43 | ### 40 Address classification. [classify] |
| 44 | ### 42 Definition of address class policies. [local] |
| 45 | ### 44 Definition of interfaces and addresses. [local] |
| 46 | ### 46 Handling of default interface. [classify] |
| 47 | ### 50 Packet filter. [bookends] |
| 48 | ### 60 ICMP filtering. [icmp] |
| 49 | ### 62 Local configuration. [local] |
| 50 | ### 68 Finally accept ICMP, hook onto INPUT and FORWARD. [icmp] |
| 51 | ### 80 Local configuration. [local] |
| 52 | ### 84 Locally bound packet inspection. [local] |
| 53 | ### 86 Per-host configuration. [HOST] |
| 54 | ### 88 Final filtering. [local] |
| 55 | ### 90 Finishing touches. [bookends] |
| 56 | ### 94 Set final policies. [bookends] |
| 57 | ### 99 File footer: do-not-edit warning. [base] |
| 58 | |
| 59 | ###-------------------------------------------------------------------------- |
| 60 | ### Headers and footers. |
| 61 | |
| 62 | m4_divert(0)m4_dnl |
| 63 | #! /bin/sh |
| 64 | <:###:> Firewall script for FWHOST |
| 65 | ### |
| 66 | ### *** GENERATED FILE: DO NOT EDIT *** |
| 67 | |
| 68 | ### BEGIN INIT INFO |
| 69 | # Provides: firewall |
| 70 | # Required-Start: $local_fs |
| 71 | # Required-Stop: |
| 72 | # X-Start-Before: ifupdown |
| 73 | # X-Stop-After: ifupdown |
| 74 | # Default-Start: S |
| 75 | # Default-Stop: 0 6 |
| 76 | # Description: Provides customized packet filter rules. |
| 77 | ### END INIT INFO |
| 78 | |
| 79 | set -e |
| 80 | PATH=/bin:/sbin:/usr/bin:/usr/sbin; export PATH |
| 81 | fwhost=FWHOST |
| 82 | |
| 83 | m4_divert(99)m4_dnl |
| 84 | ### *** GENERATED FILE: DO NOT EDIT *** |
| 85 | m4_divert(-1) |
| 86 | |
| 87 | ###-------------------------------------------------------------------------- |
| 88 | ### Unpleasant m4 hacking. |
| 89 | |
| 90 | ## dolist(VAR, LIST, BODY) |
| 91 | ## |
| 92 | ## LIST is a parenthesized list of comma-separated items. For each item, |
| 93 | ## set VAR to expand to the item and emit the BODY. |
| 94 | m4_define(<:dolist:>, <:m4_pushdef(<:$1:>)__loop($@)m4_popdef(<:$1:>):>) |
| 95 | m4_define(<:__loop:>, <:m4_ifelse(<:$2:>, <:():>, ,m4_dnl |
| 96 | <:m4_define(<:$1:>, __first$2)$3<::>__loop(<:$1:>,(m4_shift$2),<:$3:>):>):>) |
| 97 | m4_define(<:__first:>, <:$1:>) |
| 98 | |
| 99 | ## split(DELIM, TEXT) |
| 100 | ## |
| 101 | ## Split TEXT at characters in DELIM; stash result in positional parameters. |
| 102 | m4_define(<:split:>, <:IFS=$1; set -- $2; IFS=$STDIFS:>) |
| 103 | |
| 104 | ## defconf(CONF, DEFAULT) |
| 105 | ## |
| 106 | ## Define config variable CONF, assigning it the DEFAULT value if not |
| 107 | ## overridden by setconf. |
| 108 | m4_define(<:defconf:>, <:: ${$1=m4_ifdef(<:conf_$1:>, conf_$1, $2)}:>) |
| 109 | |
| 110 | ## setconf(CONF, VALUE) |
| 111 | ## |
| 112 | ## Set config variable VALUE. |
| 113 | m4_define(<:setconf:>, <:m4_define(<:conf_$1:>, <:$2:>):>) |
| 114 | |
| 115 | ###----- That's all, folks -------------------------------------------------- |