~mdw / firewall / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
base.m4: Fix LSB init-script ordering.
[firewall] / base.m4
1 m4_divert(-1)
2 ### -*-m4-*-
3 ###
4 ### Failsafe prologue for firewall scripts
5 ###
6 ### (c) 2008 Mark Wooding
7 ###
8
9 ###----- Licensing notice ---------------------------------------------------
10 ###
11 ### This program is free software; you can redistribute it and/or modify
12 ### it under the terms of the GNU General Public License as published by
13 ### the Free Software Foundation; either version 2 of the License, or
14 ### (at your option) any later version.
15 ###
16 ### This program is distributed in the hope that it will be useful,
17 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
18 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 ### GNU General Public License for more details.
20 ###
21 ### You should have received a copy of the GNU General Public License
22 ### along with this program; if not, write to the Free Software Foundation,
23 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24
25 m4_changequote(<:, :>)
26 m4_changecom(<:##:>)
27
28 ###--------------------------------------------------------------------------
29 ### Overall structure.
30 ###
31 ### 0 File header: shebang, do-not-edit warning. [base]
32 ### 5 Configuration. [config]
33 ### 10 Prologue: command-line parsing and failsafe. [prologue]
34 ### 20 Function definitions. [functions]
35 ### 25 Port numbers etc. [numbers]
36 ### 30 Initialization. [bookends]
37 ### 30 Clear existing rules. [bookends]
38 ### 32 Set safe IP options. [bookends]
39 ### 34 Error chains. [bookends]
40 ### 36 Give loopback traffic a free pass. [bookends]
41 ### 40 Address classification. [classify]
42 ### 42 Definition of address class policies. [local]
43 ### 44 Definition of interfaces and addresses. [local]
44 ### 46 Handling of default interface. [classify]
45 ### 50 ICMP filtering. [icmp]
46 ### 52 Local configuration. [local]
47 ### 58 Finally accept ICMP, hook onto INPUT and FORWARD. [icmp]
48 ### 60 Local configuration. [local]
49 ### 90 Finishing touches. [bookends]
50 ### 94 Set final policies. [bookends]
51 ### 99 File footer: do-not-edit warning. [base]
52
53 ###--------------------------------------------------------------------------
54 ### Headers and footers.
55
56 m4_divert(0)m4_dnl
57 #! /bin/sh
58 ### BEGIN INIT INFO
59 # Provides: firewall
60 # Required-Start: mountkernfs
61 # Required-Stop:
62 # X-Start-Before: ifupdown
63 # X-Stop-After: ifupdown
64 # Default-Start: S
65 # Default-Stop: 0 6
66 # Description: Provides customized packet filter rules.
67 ### END INIT INFO
68 ### *** GENERATED FILE: DO NOT EDIT ***
69
70 set -e
71 PATH=/bin:/sbin:/usr/bin:/usr/sbin; export PATH
72
73 m4_divert(99)m4_dnl
74 ### *** GENERATED FILE: DO NOT EDIT ***
75 m4_divert(-1)
76
77 ###--------------------------------------------------------------------------
78 ### Unpleasant m4 hacking.
79
80 ## dolist(VAR, LIST, BODY)
81 ##
82 ## LIST is a parenthesized list of comma-separated items. For each item,
83 ## set VAR to expand to the item and emit the BODY.
84 m4_define(<:dolist:>, <:m4_pushdef(<:$1:>)__loop($@)m4_popdef(<:$1:>):>)
85 m4_define(<:__loop:>, <:m4_ifelse(<:$2:>, <:():>, ,m4_dnl
86 <:m4_define(<:$1:>, __first$2)$3<::>__loop(<:$1:>,(m4_shift$2),<:$3:>):>):>)
87 m4_define(<:__first:>, <:$1:>)
88
89 ## split(DELIM, TEXT)
90 ##
91 ## Split TEXT at characters in DELIM; stash result in positional parameters.
92 m4_define(<:split:>, <:IFS=$1; set -- $2; IFS=$STDIFS:>)
93
94 ## defconf(CONF, DEFAULT)
95 ##
96 ## Define config variable CONF, assigning it the DEFAULT value if not
97 ## overridden by setconf.
98 m4_define(<:defconf:>, <:: ${$1=m4_ifdef(<:conf_$1:>, conf_$1, $2)}:>)
99
100 ## setconf(CONF, VALUE)
101 ##
102 ## Set config variable VALUE.
103 m4_define(<:setconf:>, <:m4_define(<:conf_$1:>, <:$2:>):>)
104
105 ###----- That's all, folks --------------------------------------------------
Firewall scripts for distorted.org.uk.