2009-02-22 18:30:14 +01:00
|
|
|
#! /usr/bin/perl -w
|
|
|
|
|
#
|
2009-04-10 18:15:36 +02:00
|
|
|
# The Shoreline Firewall Packet Filtering Firewall Compiler - V4.4
|
2009-02-22 18:30:14 +01:00
|
|
|
#
|
2014-01-04 18:48:27 +01:00
|
|
|
# (c) 2007,2008,2009,2010,2011,2014 - Tom Eastep (teastep@shorewall.net)
|
2009-02-22 18:30:14 +01:00
|
|
|
#
|
|
|
|
|
# Complete documentation is available at http://shorewall.net
|
|
|
|
|
#
|
2014-01-04 18:48:27 +01:00
|
|
|
# This program is part of Shorewall.
|
|
|
|
|
#
|
2009-02-22 18:30:14 +01:00
|
|
|
# This program is free software; you can redistribute it and/or modify
|
2014-01-04 18:48:27 +01:00
|
|
|
# it under the terms of the GNU General Public License as published by the
|
|
|
|
|
# Free Software Foundation, either version 2 of the license or, at your
|
|
|
|
|
# option, any later version.
|
2009-02-22 18:30:14 +01:00
|
|
|
#
|
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
2014-01-04 18:48:27 +01:00
|
|
|
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
2009-02-22 18:30:14 +01:00
|
|
|
#
|
|
|
|
|
# Usage:
|
|
|
|
|
#
|
|
|
|
|
# compiler.pl [ <option> ... ] [ <filename> ]
|
|
|
|
|
#
|
|
|
|
|
# Options:
|
|
|
|
|
#
|
|
|
|
|
# --export # Compile for export
|
|
|
|
|
# --verbosity=<number> # Set VERBOSITY range -1 to 2
|
|
|
|
|
# --directory=<directory> # Directory where configuration resides (default is /etc/shorewall)
|
|
|
|
|
# --timestamp # Timestamp all progress messages
|
|
|
|
|
# --debug # Print stack trace on warnings and fatal error.
|
|
|
|
|
# --refresh=<chainlist> # Make the 'refresh' command refresh a comma-separated list of chains rather than 'blacklst'.
|
|
|
|
|
# --log=<filename> # Log file
|
|
|
|
|
# --log_verbosity=<number> # Log Verbosity range -1 to 2
|
|
|
|
|
# --family=<number> # IP family; 4 = IPv4 (default), 6 = IPv6
|
2010-01-13 00:32:50 +01:00
|
|
|
# --preview # Preview the ruleset.
|
2012-09-04 00:07:50 +02:00
|
|
|
# --shorewallrc=<path> # Path to global shorewallrc file.
|
|
|
|
|
# --shorewallrc1=<path> # Path to export shorewallrc file.
|
2011-12-02 16:36:23 +01:00
|
|
|
# --config_path=<path-list> # Search path for config files
|
2013-12-15 02:54:10 +01:00
|
|
|
# --inline # Update alternative column specifications
|
2015-08-31 23:21:41 +02:00
|
|
|
# --update # Update configuration to this release
|
2014-02-15 18:36:13 +01:00
|
|
|
# --tcrules # Create mangle from tcrules
|
2015-08-07 22:46:16 +02:00
|
|
|
# --routestopped # Create stoppedrules from routestopped
|
2015-08-09 01:46:58 +02:00
|
|
|
# --notrack # Create conntrack from notrack
|
2009-02-22 18:30:14 +01:00
|
|
|
#
|
|
|
|
|
use strict;
|
|
|
|
|
use FindBin;
|
|
|
|
|
use lib "$FindBin::Bin";
|
|
|
|
|
use Shorewall::Compiler;
|
|
|
|
|
use Getopt::Long;
|
|
|
|
|
|
|
|
|
|
sub usage( $ ) {
|
2009-04-19 16:19:40 +02:00
|
|
|
|
2013-02-17 16:44:10 +01:00
|
|
|
print STDERR << '_EOF_';
|
|
|
|
|
|
|
|
|
|
usage: compiler.pl [ <option> ... ] [ <filename> ]
|
2009-02-22 18:30:14 +01:00
|
|
|
|
|
|
|
|
options are:
|
|
|
|
|
[ --export ]
|
|
|
|
|
[ --directory=<directory> ]
|
|
|
|
|
[ --verbose={-1|0-2} ]
|
|
|
|
|
[ --timestamp ]
|
|
|
|
|
[ --debug ]
|
2011-05-24 19:21:49 +02:00
|
|
|
[ --confess ]
|
2009-02-22 18:30:14 +01:00
|
|
|
[ --refresh=<chainlist> ]
|
|
|
|
|
[ --log=<filename> ]
|
|
|
|
|
[ --log-verbose={-1|0-2} ]
|
|
|
|
|
[ --test ]
|
2010-01-13 00:32:50 +01:00
|
|
|
[ --preview ]
|
2009-04-10 18:15:36 +02:00
|
|
|
[ --family={4|6} ]
|
2011-06-18 22:03:55 +02:00
|
|
|
[ --annotate ]
|
2011-11-08 21:59:40 +01:00
|
|
|
[ --update ]
|
2012-05-08 01:55:51 +02:00
|
|
|
[ --shorewallrc=<pathname> ]
|
2012-09-04 00:07:50 +02:00
|
|
|
[ --shorewallrc1=<pathname> ]
|
2011-12-02 16:36:23 +01:00
|
|
|
[ --config_path=<path-list> ]
|
2013-12-15 02:54:10 +01:00
|
|
|
[ --inline ]
|
2013-02-17 16:44:10 +01:00
|
|
|
_EOF_
|
2009-04-19 16:19:40 +02:00
|
|
|
|
2013-12-15 02:54:10 +01:00
|
|
|
exit shift @_;
|
2009-02-22 18:30:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# E x e c u t i o n B e g i n s H e r e
|
|
|
|
|
#
|
|
|
|
|
my $export = 0;
|
|
|
|
|
my $shorewall_dir = '';
|
|
|
|
|
my $verbose = 0;
|
|
|
|
|
my $timestamp = 0;
|
|
|
|
|
my $debug = 0;
|
2011-05-24 19:21:49 +02:00
|
|
|
my $confess = 0;
|
2011-05-16 22:08:32 +02:00
|
|
|
my $chains = ':none:';
|
2009-02-22 18:30:14 +01:00
|
|
|
my $log = '';
|
|
|
|
|
my $log_verbose = 0;
|
|
|
|
|
my $help = 0;
|
|
|
|
|
my $test = 0;
|
|
|
|
|
my $family = 4; # F_IPV4
|
2010-01-13 00:32:50 +01:00
|
|
|
my $preview = 0;
|
2011-06-18 22:03:55 +02:00
|
|
|
my $annotate = 0;
|
2011-06-19 16:14:27 +02:00
|
|
|
my $update = 0;
|
2011-12-02 16:36:23 +01:00
|
|
|
my $config_path = '';
|
2012-04-01 19:47:24 +02:00
|
|
|
my $shorewallrc = '';
|
2012-09-04 00:07:50 +02:00
|
|
|
my $shorewallrc1 = '';
|
2013-12-15 02:54:10 +01:00
|
|
|
my $inline = 0;
|
2009-02-22 18:30:14 +01:00
|
|
|
|
|
|
|
|
Getopt::Long::Configure ('bundling');
|
|
|
|
|
|
|
|
|
|
my $result = GetOptions('h' => \$help,
|
2009-06-26 18:46:15 +02:00
|
|
|
'help' => \$help,
|
2009-02-22 18:30:14 +01:00
|
|
|
'export' => \$export,
|
|
|
|
|
'e' => \$export,
|
|
|
|
|
'directory=s' => \$shorewall_dir,
|
|
|
|
|
'd=s' => \$shorewall_dir,
|
|
|
|
|
'verbose=i' => \$verbose,
|
|
|
|
|
'v=i' => \$verbose,
|
|
|
|
|
'timestamp' => \$timestamp,
|
|
|
|
|
't' => \$timestamp,
|
|
|
|
|
'debug' => \$debug,
|
|
|
|
|
'r=s' => \$chains,
|
|
|
|
|
'refresh=s' => \$chains,
|
|
|
|
|
'log=s' => \$log,
|
|
|
|
|
'l=s' => \$log,
|
|
|
|
|
'log_verbosity=i' => \$log_verbose,
|
|
|
|
|
'test' => \$test,
|
2010-01-13 00:32:50 +01:00
|
|
|
'preview' => \$preview,
|
2009-02-22 18:30:14 +01:00
|
|
|
'f=i' => \$family,
|
|
|
|
|
'family=i' => \$family,
|
2011-05-24 19:21:49 +02:00
|
|
|
'c' => \$confess,
|
|
|
|
|
'confess' => \$confess,
|
2011-06-18 22:03:55 +02:00
|
|
|
'a' => \$annotate,
|
|
|
|
|
'annotate' => \$annotate,
|
2011-06-19 16:14:27 +02:00
|
|
|
'u' => \$update,
|
|
|
|
|
'update' => \$update,
|
2013-12-15 02:54:10 +01:00
|
|
|
'inline' => \$inline,
|
2011-12-02 16:36:23 +01:00
|
|
|
'config_path=s' => \$config_path,
|
2012-04-01 19:47:24 +02:00
|
|
|
'shorewallrc=s' => \$shorewallrc,
|
2012-09-04 00:07:50 +02:00
|
|
|
'shorewallrc1=s' => \$shorewallrc1,
|
2009-02-22 18:30:14 +01:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
usage(1) unless $result && @ARGV < 2;
|
|
|
|
|
usage(0) if $help;
|
|
|
|
|
|
2010-02-13 19:03:32 +01:00
|
|
|
compiler( script => $ARGV[0] || '',
|
2009-08-20 23:32:15 +02:00
|
|
|
directory => $shorewall_dir,
|
|
|
|
|
verbosity => $verbose,
|
2009-02-22 18:30:14 +01:00
|
|
|
timestamp => $timestamp,
|
2009-08-20 23:32:15 +02:00
|
|
|
debug => $debug,
|
2009-02-22 18:30:14 +01:00
|
|
|
export => $export,
|
|
|
|
|
chains => $chains,
|
|
|
|
|
log => $log,
|
|
|
|
|
log_verbosity => $log_verbose,
|
|
|
|
|
test => $test,
|
2010-01-13 00:32:50 +01:00
|
|
|
preview => $preview,
|
2011-05-24 19:21:49 +02:00
|
|
|
family => $family,
|
|
|
|
|
confess => $confess,
|
2011-06-19 16:14:27 +02:00
|
|
|
update => $update,
|
2011-06-18 22:03:55 +02:00
|
|
|
annotate => $annotate,
|
2011-12-02 16:36:23 +01:00
|
|
|
config_path => $config_path,
|
2012-09-04 00:07:50 +02:00
|
|
|
shorewallrc => $shorewallrc,
|
|
|
|
|
shorewallrc1 => $shorewallrc1,
|
2014-02-15 18:36:13 +01:00
|
|
|
inline => $inline,
|
2011-05-24 19:21:49 +02:00
|
|
|
);
|
