3 ### Makefile for firewall scripts
5 ### (c) 2008 Mark Wooding
8 ###----- Licensing notice ---------------------------------------------------
10 ### This program is free software; you can redistribute it and/or modify
11 ### it under the terms of the GNU General Public License as published by
12 ### the Free Software Foundation; either version 2 of the License, or
13 ### (at your option) any later version.
15 ### This program is distributed in the hope that it will be useful,
16 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ### GNU General Public License for more details.
20 ### You should have received a copy of the GNU General Public License
21 ### along with this program; if not, write to the Free Software Foundation,
22 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 ### Makefile for firewall scripts
25 ###--------------------------------------------------------------------------
28 ## Extend these variables in `local.mk' to match your site.
32 ## Where to install the scripts.
33 FIREWALL
= /etc
/init.d
/firewall
35 ## How to achieve root privileges.
38 ## Throw additional scripts in here to have them installed.
40 sbindir
= /usr
/local
/sbin
42 ## Establish the default target early, so that targets in `local.mk' don't
47 ###--------------------------------------------------------------------------
48 ### Clever silent-rules stuff.
53 ## Suppressing command output.
58 ## Replacing them with messages.
59 v_echo
= $(call v_echo_
$V,$1)
60 v_echo_0
= @printf
" %-6s %s\n" "$1" "$@";
65 space
= $(empty
) $(empty
)
68 V_M4
= $(call v_echo
,M4
)m4
-P
$(space
)
69 V_GEN
= $(call v_echo
,GEN
)
71 ###--------------------------------------------------------------------------
72 ### Local configuration.
74 ## Should set up HOSTS and add stuff to MAIN_M4_SOURCES if necessary. Feel
75 ## free to define additional targets here.
78 ###--------------------------------------------------------------------------
81 ## The main m4 inputs which construct the firewall. These are read in last
82 ## to allow local configuration to change their environments.
83 MAIN_M4_SOURCES
+= config.m4
84 MAIN_M4_SOURCES
+= prologue.m4
85 MAIN_M4_SOURCES
+= functions.m4
86 MAIN_M4_SOURCES
+= numbers.m4
87 MAIN_M4_SOURCES
+= bookends.m4
88 MAIN_M4_SOURCES
+= classify.m4
89 MAIN_M4_SOURCES
+= icmp.m4
91 ## All of our m4 inputs. The base gets read first to set things up.
93 M4_SOURCES
+= $(MAIN_M4_SOURCES
)
95 ###--------------------------------------------------------------------------
98 TARGETS
= $(addsuffix .sh
,$(HOSTS
))
100 ###--------------------------------------------------------------------------
101 ### Prologue testing.
104 dummy.sh
: base.m4 prologue.m4 dummy-payload.m4
105 $(V_M4
)-DFWHOST
=testing
$^
>$@.new
106 $(V_AT
)chmod
+x
$@.new
&& mv
$@.new
$@
108 TARGETS
+= dummy-inst.sh
109 dummy-inst.sh
: dummy.sh
110 $(V_GEN
)sed
'/dummy_action=/s/lose/win/' $< >$@.new
111 $(V_AT
)chmod
+x
$@.new
&& mv
$@.new
$@
113 ###--------------------------------------------------------------------------
116 ## A list of diversions in ascending numerical order.
118 divs
: $(M4_SOURCES
) $(addsuffix .m4
,$(HOSTS
))
119 $(V_GEN
)grep
-n m4_divert
$^ | \
120 grep
-v
'm4_divert(-1)' | \
123 ###--------------------------------------------------------------------------
129 %.sh
: %.m4
$(M4_SOURCES
)
130 $(V_M4
)-DFWHOST
=$* base.m4
$*.m4
$(MAIN_M4_SOURCES
) >$@.new
131 $(V_AT
)chmod
+x
$@.new
&& mv
$@.new
$@
133 clean:; rm -f
$(TARGETS
) *.new
$(CLEANFILES
)
136 ###--------------------------------------------------------------------------
139 ## The local machine doesn't want the complicated SSH stuff.
140 THISHOST
= $(shell hostname
)
141 OTHERHOSTS
= $(filter-out $(THISHOST
), $(HOSTS
))
144 check: $(THISHOST
).sh
145 $(ROOT
) .
/$(THISHOST
).sh
test
147 ## Installation on a local host,
148 install/$(THISHOST
): $(THISHOST
).sh
149 [ "x$(SCRIPTS)" = x
] ||
$(ROOT
) install -m755
$(SCRIPTS
) $(sbindir
)
150 $(ROOT
) .
/$(THISHOST
).sh replace
</dev
/tty
152 ## Installation on a remote host.
153 $(addprefix install/, $(OTHERHOSTS
)): install/%: %.sh
154 if
[ "x$(SCRIPTS)" != x
]; then \
155 for i in
$(SCRIPTS
); do \
156 $(ROOT
) scp
$$i root@
$*:$(sbindir
)/$$i.new
&& \
157 $(ROOT
) ssh root@
$* \
158 'cd $(sbindir) && chmod 755 $$i.new && mv $$i.new $i' || \
162 $(ROOT
) scp
$*.sh root@
$*:$(FIREWALL
).new
163 $(ROOT
) ssh root@
$* $(FIREWALL
).new remote-prepare
164 $(ROOT
) ssh root@
$* $(FIREWALL
).new remote-commit
165 $(ROOT
) ssh root@
$* rm -f
$(FIREWALL
).new
167 ## General installation target.
168 install: all $(addprefix install/,$(HOSTS
))
169 .PHONY
: install $(addprefix install/,$(HOSTS
))
171 ###----- That's all, folks --------------------------------------------------