local.m4: Refactor common SSH permission between safe/untrusted hosts.

[firewall] / functions.m4

diff --git a/functions.m4 b/functions.m4
index 16c07c8..c3609a5 100644 (file)
--- a/functions.m4
+++ b/functions.m4
@@ -183,7 +183,7 @@ setdevopt () {
     for ver in ipv4 ipv6; do
       if [ -f /proc/sys/net/$ver/conf/$i/$opt ]; then
        any=t
-       run sysctl -q net/ipv4/conf/$i/$opt="$val"
+       run sysctl -q net/$ver/conf/$i/$opt="$val"
       fi
     done
     case $any in
@@ -513,14 +513,19 @@ host () {
 defhost () {
   host=$1
   addword allhosts $host
-  eval host_type_$host=endsys
+  eval host_type_$host=server
 }
 
-## router
+## hosttype TYPE
 ##
-## Declare the host to be a router, so it should forward packets and so on.
-router () {
-  eval host_type_$host=router
+## Declare the host to have the given type.
+hosttype () {
+  type=$1
+  case $type in
+    router | server | client) ;;
+     *) echo >&2 "$0: bad host type \`$type'"; exit 1 ;;
+  esac
+  eval host_type_$host=$type
 }
 
 ## iface IFACE NET ...