| 1 | ### -*-makefile-*- |
| 2 | ### |
| 3 | ### Makefile for firewall scripts |
| 4 | ### |
| 5 | ### (c) 2008 Mark Wooding |
| 6 | ### |
| 7 | |
| 8 | ###----- Licensing notice --------------------------------------------------- |
| 9 | ### |
| 10 | ### This program is free software; you can redistribute it and/or modify |
| 11 | ### it under the terms of the GNU General Public License as published by |
| 12 | ### the Free Software Foundation; either version 2 of the License, or |
| 13 | ### (at your option) any later version. |
| 14 | ### |
| 15 | ### This program is distributed in the hope that it will be useful, |
| 16 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 17 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 18 | ### GNU General Public License for more details. |
| 19 | ### |
| 20 | ### You should have received a copy of the GNU General Public License |
| 21 | ### along with this program; if not, write to the Free Software Foundation, |
| 22 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 23 | ### Makefile for firewall scripts |
| 24 | |
| 25 | ###-------------------------------------------------------------------------- |
| 26 | ### Preamble. |
| 27 | |
| 28 | ## Extend these variables in `local.mk' to match your site. |
| 29 | MAIN_M4_SOURCES = |
| 30 | HOSTS = |
| 31 | |
| 32 | ## Where to install the scripts. |
| 33 | FIREWALL = /etc/init.d/firewall |
| 34 | |
| 35 | ## How to achieve root privileges. |
| 36 | ROOT = sudo |
| 37 | |
| 38 | ## Throw additional scripts in here to have them installed. |
| 39 | SCRIPTS = |
| 40 | sbindir = /usr/local/sbin |
| 41 | |
| 42 | ## Establish the default target early, so that targets in `local.mk' don't |
| 43 | ## override it. |
| 44 | default: all |
| 45 | .PHONY: default |
| 46 | |
| 47 | ###-------------------------------------------------------------------------- |
| 48 | ### Clever silent-rules stuff. |
| 49 | |
| 50 | ## Verbosity switch. |
| 51 | V = 0 |
| 52 | |
| 53 | ## Suppressing command output. |
| 54 | V_AT = $(V_AT_$V) |
| 55 | V_AT_0 = @ |
| 56 | V_AT_1 = |
| 57 | |
| 58 | ## Replacing them with messages. |
| 59 | v_echo = $(call v_echo_$V,$1) |
| 60 | v_echo_0 = @printf " %-6s %s\n" "$1" "$@"; |
| 61 | v_echo_1 = |
| 62 | |
| 63 | ## Hacking. |
| 64 | empty = |
| 65 | space = $(empty) $(empty) |
| 66 | |
| 67 | ## Specific commands. |
| 68 | V_M4 = $(call v_echo,M4)m4 -P$(space) |
| 69 | V_GEN = $(call v_echo,GEN) |
| 70 | |
| 71 | ###-------------------------------------------------------------------------- |
| 72 | ### Local configuration. |
| 73 | |
| 74 | ## Should set up HOSTS and add stuff to MAIN_M4_SOURCES if necessary. Feel |
| 75 | ## free to define additional targets here. |
| 76 | include local.mk |
| 77 | |
| 78 | ###-------------------------------------------------------------------------- |
| 79 | ### Configuration. |
| 80 | |
| 81 | ## The main m4 inputs which construct the firewall. These are read in last |
| 82 | ## to allow local configuration to change their environments. |
| 83 | MAIN_M4_SOURCES += config.m4 |
| 84 | MAIN_M4_SOURCES += prologue.m4 |
| 85 | MAIN_M4_SOURCES += functions.m4 |
| 86 | MAIN_M4_SOURCES += numbers.m4 |
| 87 | MAIN_M4_SOURCES += bookends.m4 |
| 88 | MAIN_M4_SOURCES += classify.m4 |
| 89 | MAIN_M4_SOURCES += icmp.m4 |
| 90 | |
| 91 | ## All of our m4 inputs. The base gets read first to set things up. |
| 92 | M4_SOURCES = base.m4 |
| 93 | M4_SOURCES += $(MAIN_M4_SOURCES) |
| 94 | |
| 95 | ###-------------------------------------------------------------------------- |
| 96 | ### Hosts. |
| 97 | |
| 98 | TARGETS = $(addsuffix .sh,$(HOSTS)) |
| 99 | |
| 100 | ###-------------------------------------------------------------------------- |
| 101 | ### Prologue testing. |
| 102 | |
| 103 | TARGETS += dummy.sh |
| 104 | dummy.sh: base.m4 prologue.m4 dummy-payload.m4 |
| 105 | $(V_M4)-DFWHOST=testing $^ >$@.new |
| 106 | $(V_AT)chmod +x $@.new && mv $@.new $@ |
| 107 | |
| 108 | TARGETS += dummy-inst.sh |
| 109 | dummy-inst.sh: dummy.sh |
| 110 | $(V_GEN)sed '/dummy_action=/s/lose/win/' $< >$@.new |
| 111 | $(V_AT)chmod +x $@.new && mv $@.new $@ |
| 112 | |
| 113 | ###-------------------------------------------------------------------------- |
| 114 | ### Other utilities. |
| 115 | |
| 116 | ## A list of diversions in ascending numerical order. |
| 117 | CLEANFILES += divs |
| 118 | divs: $(M4_SOURCES) $(addsuffix .m4,$(HOSTS)) |
| 119 | $(V_GEN)grep -n m4_divert $^ | \ |
| 120 | grep -v 'm4_divert(-1)' | \ |
| 121 | sort -t\( -k2n >$@ |
| 122 | |
| 123 | ###-------------------------------------------------------------------------- |
| 124 | ### Building. |
| 125 | |
| 126 | all: $(TARGETS) |
| 127 | .PHONY: all |
| 128 | |
| 129 | %.sh: %.m4 $(M4_SOURCES) |
| 130 | $(V_M4)-DFWHOST=$* base.m4 $*.m4 $(MAIN_M4_SOURCES) >$@.new |
| 131 | $(V_AT)chmod +x $@.new && mv $@.new $@ |
| 132 | |
| 133 | clean:; rm -f $(TARGETS) *.new $(CLEANFILES) |
| 134 | .PHONY: clean |
| 135 | |
| 136 | ###-------------------------------------------------------------------------- |
| 137 | ### Installation. |
| 138 | |
| 139 | ## The local machine doesn't want the complicated SSH stuff. |
| 140 | THISHOST = $(shell hostname) |
| 141 | OTHERHOSTS = $(filter-out $(THISHOST), $(HOSTS)) |
| 142 | |
| 143 | ## Testing. |
| 144 | check: $(THISHOST).sh |
| 145 | $(ROOT) ./$(THISHOST).sh test |
| 146 | |
| 147 | ## Installation on a local host, |
| 148 | install/$(THISHOST): $(THISHOST).sh |
| 149 | [ "x$(SCRIPTS)" = x ] || $(ROOT) install -m755 $(SCRIPTS) $(sbindir) |
| 150 | $(ROOT) ./$(THISHOST).sh replace |
| 151 | |
| 152 | ## Installation on a remote host. |
| 153 | $(addprefix install/, $(OTHERHOSTS)): install/%: %.sh |
| 154 | if [ "x$(SCRIPTS)" != x ]; then \ |
| 155 | for i in $(SCRIPTS); do \ |
| 156 | $(ROOT) scp $$i root@$*:$(sbindir)/$$i.new && \ |
| 157 | $(ROOT) ssh root@$* \ |
| 158 | 'cd $(sbindir) && chmod 755 $$i.new && mv $$i.new $i' || \ |
| 159 | exit 1; \ |
| 160 | done; \ |
| 161 | fi |
| 162 | $(ROOT) scp $*.sh root@$*:$(FIREWALL).new |
| 163 | $(ROOT) ssh root@$* $(FIREWALL).new remote-prepare |
| 164 | $(ROOT) ssh root@$* $(FIREWALL).new remote-commit |
| 165 | $(ROOT) ssh root@$* rm -f $(FIREWALL).new |
| 166 | |
| 167 | ## General installation target. |
| 168 | install: all install/$(THISHOST) $(addprefix install/,$(HOSTS)) |
| 169 | .PHONY: install $(addprefix install/,$(HOSTS)) |
| 170 | |
| 171 | ###----- That's all, folks -------------------------------------------------- |