extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 07:33:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Modify lib.cli to run the 'add' and 'delete' to allow the zone name to come first

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-10-06 09:22:14 -07:00
parent c228668500
commit 8091ad6c70
1 changed files with 133 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

209
Shorewall-core/lib.cli
View File

@ -1595,53 +1595,82 @@ add_command() {
[ -n "$(mywhich $IPSET)" ] || fatal_error "The $IPSET utility cannot be located" [ -n "$(mywhich $IPSET)" ] || fatal_error "The $IPSET utility cannot be located"
;; ;;
esac esac
#
# Normalize host list
#
while [ $# -gt 1 ]; do
interface=${1%%:*}
host=${1#*:}
[ "$host" = "$1" ] && host=
if [ -z "$host" ]; then case $1 in
if [ $g_family -eq 4 ]; then *:*)
hostlist="$hostlist $interface:0.0.0.0/0" while [ $# -gt 1 ]; do
else if $g_family -eq 4; then
hostlist="$hostlist $interface:::/0" interface=${1%%:*}
fi host=${1#*:}
else else
for h in $(separate_list $host); do interface=${1%%|*}
hostlist="$hostlist $interface:$h" host=${1#*|}
fi
[ "$host" = "$1" ] && host=
if [ -z "$host" ]; then
if [ $g_family -eq 4 ]; then
hostlist="$hostlist $interface:0.0.0.0/0"
else
hostlist="$hostlist $interface:::/0"
fi
else
for h in $(separate_list $host); do
hostlist="$hostlist $interface:$h"
done
fi
shift
done done
fi ;;
*)
shift ipset=$1
done shift
while [ $# -gt 0 ]; do
for h in $(separate_list $1); do
hostlist="$hostlist $h"
done
shift
done
;;
esac
zone=$1 zone=$1
for host in $hostlist; do if [ -n "$zone" ]; then
if [ $g_family -eq 4 ]; then for host in $hostlist; do
interface=${host%:*} if [ $g_family -eq 4 ]; then
ipset=${zone}_${interface}; interface=${host%:*}
else ipset=${zone}_${interface};
interface=${host%%:*} else
ipset=6_${zone}_${interface}; interface=${host%%:*}
fi ipset=6_${zone}_${interface};
fi
if ! qt $IPSET -L $ipset -n; then if ! qt $IPSET -L $ipset -n; then
fatal_error "Zone $zone, interface $interface does not have a dynamic host list" fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
fi fi
host=${host#*:} host=${host#*:}
if $IPSET -A $ipset $host; then if $IPSET -A $ipset $host; then
echo "Host $interface:$host added to zone $zone" echo "Host $interface:$host added to zone $zone"
else else
fatal_error "Unable to add $interface:$host to zone $zone" fatal_error "Unable to add $interface:$host to zone $zone"
fi fi
done done
else
qt $IPSET -L $ipset -n || fatal_error "Zone $ipset is not dynamic"
for host in $hostlist; do
if $IPSET -A $ipset $host; then
echo "Host $host added to zone $ipset"
else
fatal_error "Unable to add $host to zone $ipset"
fi
done
fi
} }
# #
@ -1662,53 +1691,81 @@ delete_command() {
;; ;;
esac esac
# case $1 in
# Normalize host list *:*)
# while [ $# -gt 1 ]; do
while [ $# -gt 1 ]; do if $g_family -eq 4; then
interface=${1%%:*} interface=${1%%:*}
host=${1#*:} host=${1#*:}
[ "$host" = "$1" ] && host= else
interface=${1%%|*}
host=${1#*|}
fi
if [ -z "$host" ]; then [ "$host" = "$1" ] && host=
if [ $g_family -eq 4 ]; then
hostlist="$hostlist $interface:0.0.0.0/0" if [ -z "$host" ]; then
else if [ $g_family -eq 4 ]; then
hostlist="$hostlist $interface:::/0" hostlist="$hostlist $interface:0.0.0.0/0"
fi else
else hostlist="$hostlist $interface:::/0"
for h in $(separate_list $host); do fi
hostlist="$hostlist $interface:$h" else
for h in $(separate_list $host); do
hostlist="$hostlist $interface:$h"
done
fi
shift
done done
fi ;;
*)
shift ipset=$1
done shift
while [ $# -gt 0 ]; do
for h in $(separate_list $1); do
hostlist="$hostlist $h"
done
shift
done
;;
esac
zone=$1 zone=$1
for hostent in $hostlist; do if [ -n "$zone" ]; then
if [ $g_family -eq 4 ]; then for host in $hostlist; do
interface=${hostent%:*} if [ $g_family -eq 4 ]; then
ipset=${zone}_${interface}; interface=${host%:*}
else ipset=${zone}_${interface};
interface=${hostent%%:*} else
ipset=6_${zone}_${interface}; interface=${host%%:*}
fi ipset=6_${zone}_${interface};
fi
if ! qt $IPSET -L $ipset -n; then if ! qt $IPSET -L $ipset -n; then
fatal_error "Zone $zone, interface $interface is does not have a dynamic host list" fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
fi fi
host=${hostent#*:} host=${host#*:}
if $IPSET -D $ipset $host; then if $IPSET -D $ipset $host; then
echo "Host $hostent deleted from zone $zone" echo "Host $hostent deleted from zone $zone"
else else
echo " WARNING: Unable to delete host $hostent to zone $zone" >&2 echo " WARNING: Unable to delete host $hostent to zone $zone" >&2
fi fi
done done
else
qt $IPSET -L $ipset -n || fatal_error "Zone $ipset is not dynamic"
for host in $hostlist; do
if $IPSET -D $ipset $host; then
echo "Host $host deleted from to zone $ipset"
else
echo " WARNING: Unable to delete host $host from zone $zone" >&2
fi
done
fi
} }
# #