| 1 | m4_divert(-1) |
| 2 | ### -*-sh-*- |
| 3 | ### |
| 4 | ### Failsafe prologue for firewall scripts |
| 5 | ### |
| 6 | ### (c) 2008 Mark Wooding |
| 7 | ### |
| 8 | |
| 9 | ###----- Licensing notice --------------------------------------------------- |
| 10 | ### |
| 11 | ### This program is free software; you can redistribute it and/or modify |
| 12 | ### it under the terms of the GNU General Public License as published by |
| 13 | ### the Free Software Foundation; either version 2 of the License, or |
| 14 | ### (at your option) any later version. |
| 15 | ### |
| 16 | ### This program is distributed in the hope that it will be useful, |
| 17 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 18 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 19 | ### GNU General Public License for more details. |
| 20 | ### |
| 21 | ### You should have received a copy of the GNU General Public License |
| 22 | ### along with this program; if not, write to the Free Software Foundation, |
| 23 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 24 | |
| 25 | m4_changequote(<:, :>) |
| 26 | m4_changecom(<:##:>) |
| 27 | |
| 28 | ###-------------------------------------------------------------------------- |
| 29 | ### Overall structure. |
| 30 | ### |
| 31 | ### 0 File header: shebang, do-not-edit warning. [base] |
| 32 | ### 5 Configuration. [config] |
| 33 | ### 10 Prologue: command-line parsing and failsafe. [prologue] |
| 34 | ### 20 Function definitions. [functions] |
| 35 | ### 25 Port numbers etc. [numbers] |
| 36 | ### 30 Initialization. [bookends] |
| 37 | ### 30 Clear existing rules. [bookends] |
| 38 | ### 32 Set safe IP options. [bookends] |
| 39 | ### 34 Error chains. [bookends] |
| 40 | ### 36 Give loopback traffic a free pass. [bookends] |
| 41 | ### 40 Address classification. [classify] |
| 42 | ### 42 Definition of address class policies. [local] |
| 43 | ### 44 Definition of interfaces and addresses. [local] |
| 44 | ### 46 Handling of default interface. [classify] |
| 45 | ### 50 ICMP filtering. [icmp] |
| 46 | ### 52 Local configuration. [local] |
| 47 | ### 58 Finally accept ICMP, hook onto INPUT and FORWARD. [icmp] |
| 48 | ### 60 Local configuration. [local] |
| 49 | ### 90 Finishing touches. [bookends] |
| 50 | ### 94 Set final policies. [bookends] |
| 51 | ### 99 File footer: do-not-edit warning. [base] |
| 52 | |
| 53 | ###-------------------------------------------------------------------------- |
| 54 | ### Headers and footers. |
| 55 | |
| 56 | m4_divert(0)m4_dnl |
| 57 | #! /bin/sh |
| 58 | ### *** GENERATED FILE: DO NOT EDIT *** |
| 59 | |
| 60 | set -e |
| 61 | PATH=/bin:/sbin:/usr/bin:/usr/sbin; export PATH |
| 62 | |
| 63 | m4_divert(99)m4_dnl |
| 64 | ### *** GENERATED FILE: DO NOT EDIT *** |
| 65 | m4_divert(-1) |
| 66 | |
| 67 | ###-------------------------------------------------------------------------- |
| 68 | ### Unpleasant m4 hacking. |
| 69 | |
| 70 | ## dolist(VAR, LIST, BODY) |
| 71 | ## |
| 72 | ## LIST is a parenthesized list of comma-separated items. For each item, |
| 73 | ## set VAR to expand to the item and emit the BODY. |
| 74 | m4_define(<:dolist:>, <:m4_pushdef(<:$1:>)__loop($@)m4_popdef(<:$1:>):>) |
| 75 | m4_define(<:__loop:>, <:m4_ifelse(<:$2:>, <:():>, ,m4_dnl |
| 76 | <:m4_define(<:$1:>, __first$2)$3<::>__loop(<:$1:>,(m4_shift$2),<:$3:>):>):>) |
| 77 | m4_define(<:__first:>, <:$1:>) |
| 78 | |
| 79 | ## split(DELIM, TEXT) |
| 80 | ## |
| 81 | ## Split TEXT at characters in DELIM; stash result in positional parameters. |
| 82 | m4_define(<:split:>, <:IFS=$1; set -- $2; IFS=$STDIFS:>) |
| 83 | |
| 84 | ## defconf(CONF, DEFAULT) |
| 85 | ## |
| 86 | ## Define config variable CONF, assigning it the DEFAULT value if not |
| 87 | ## overridden by setconf. |
| 88 | m4_define(<:defconf:>, <:: ${$1=m4_ifdef(<:conf_$1:>, conf_$1, $2)}:>) |
| 89 | |
| 90 | ## setconf(CONF, VALUE) |
| 91 | ## |
| 92 | ## Set config variable VALUE. |
| 93 | m4_define(<:setconf:> <:m4_define(<:conf_$1:>, <:$2:>):>) |
| 94 | |
| 95 | ###----- That's all, folks -------------------------------------------------- |