extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-01 23:45:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move the bulk of command processing to lib.cli

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-06 07:47:34 -08:00
parent e762998f1e
commit c724e238e6
3 changed files with 286 additions and 401 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
Shorewall-lite/shorewall-lite
View File

@ -372,55 +372,6 @@ usage() # $1 = exit status
exit $1 exit $1
} }
version_command() {
local finished
finished=0
local all
all=
local product
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
a*)
all=Yes
option=${option#a}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
[ $# -gt 0 ] && usage 1
echo $SHOREWALL_VERSION
if [ -n "$all" ]; then
for product in shorewall shorewall6 shorewall-lite shorewall6-lite shorewall-init; do
if [ $product != $g_program ] && [ -f /usr/share/$product/version ]; then
echo "$product: $(cat /usr/share/$product/version)"
fi
done
fi
}
# #
# Execution begins here # Execution begins here
# #
@ -655,29 +606,7 @@ case "$COMMAND" in
status) status)
[ $# -eq 1 ] || usage 1 [ $# -eq 1 ] || usage 1
[ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root" [ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root"
echo "$g_product $SHOREWALL_VERSION Status at $g_hostname - $(date)" status_command
echo
if product_is_started ; then
echo "$g_product is running"
status=0
else
echo "$g_product is stopped"
status=4
fi
if [ -f ${VARDIR}/state ]; then
state="$(cat ${VARDIR}/state)"
case $state in
Stopped*|Closed*|Clear*)
status=3
;;
esac
else
state=Unknown
fi
echo "State:$state"
echo
exit $status
;; ;;
dump) dump)
shift shift
@ -698,38 +627,17 @@ case "$COMMAND" in
drop) drop)
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
[ $# -eq 1 ] && usage 1 [ $# -eq 1 ] && usage 1
if product_is_started ; then drop_command $@
[ -n "$nolock" ] || mutex_on
block DROP Dropped $*
[ -n "$nolock" ] || mutex_off
else
error_message "ERROR: $g_product is not started"
exit 2
fi
;; ;;
logdrop) logdrop)
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
[ $# -eq 1 ] && usage 1 [ $# -eq 1 ] && usage 1
if product_is_started ; then logdrop_command $@
[ -n "$nolock" ] || mutex_on
block logdrop Dropped $*
[ -n "$nolock" ] || mutex_off
else
error_message "ERROR: $g_product is not started"
exit 2
fi
;; ;;
reject|logreject) reject|logreject)
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
[ $# -eq 1 ] && usage 1 [ $# -eq 1 ] && usage 1
if product_is_started ; then reject_command $@
[ -n "$nolock" ] || mutex_on
block $COMMAND Rejected $*
[ -n "$nolock" ] || mutex_off
else
error_message "ERROR: $g_product is not started"
exit 2
fi
;; ;;
allow) allow)
allow_command $@ allow_command $@
@ -754,117 +662,39 @@ case "$COMMAND" in
;; ;;
save) save)
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
save_command $@
case $# in
1)
;;
2)
RESTOREFILE="$2"
validate_restorefile '<restore file>'
;;
*)
usage 1
;;
esac
g_restorepath=${VARDIR}/$RESTOREFILE
[ "$nolock" ] || mutex_on
save_config
[ "$nolock" ] || mutex_off
;; ;;
forget) forget)
case $# in forget_command $@
1)
;;
2)
RESTOREFILE="$2"
validate_restorefile '<restore file>'
;;
*)
usage 1
;;
esac
g_restorepath=${VARDIR}/$RESTOREFILE
if [ -x $g_restorepath ]; then
rm -f $g_restorepath
rm -f ${g_restorepath}-iptables
rm -f ${g_restorepath}-ipsets
echo " $g_restorepath removed"
elif [ -f $g_restorepath ]; then
echo " $g_restorepath exists and is not a saved Shorewall configuration"
fi
rm -f ${VARDIR}/save
;; ;;
ipcalc) ipcalc)
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
if [ $# -eq 2 ]; then ipcalc_command $@
address=${2%/*}
vlsm=${2#*/}
elif [ $# -eq 3 ]; then
address=$2
vlsm=$(ip_vlsm $3)
else
usage 1
fi
valid_address $address || fatal_error "Invalid IP address: $address"
[ -z "$vlsm" ] && exit 2
[ "x$address" = "x$vlsm" ] && usage 2
[ $vlsm -gt 32 ] && echo "Invalid VLSM: /$vlsm" >&2 && exit 2
address=$address/$vlsm
echo " CIDR=$address"
temp=$(ip_netmask $address); echo " NETMASK=$(encodeaddr $temp)"
temp=$(ip_network $address); echo " NETWORK=$temp"
temp=$(broadcastaddress $address); echo " BROADCAST=$temp"
;; ;;
iprange) iprange)
[ -n "$g_debugging" ] && set -x [ -n "$g_debugging" ] && set -x
range='' iprange_command $@
while [ $# -gt 0 ]; do
shift
range="${range}${1}"
done
case $range in
*.*.*.*-*.*.*.*)
for address in ${range%-*} ${range#*-}; do
valid_address $address || fatal_error "Invalid IP address: $address"
done
ip_range $range
;;
*)
usage 1
;;
esac
;; ;;
ipdecimal) ipdecimal)
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
[ $# -eq 2 ] || usage 1 ipdecimal_command $@
case $2 in
*.*.*.*)
valid_address $2 || fatal_error "Invalid IP address: $2"
echo " $(decodeaddr $2)"
;;
*)
echo " $(encodeaddr $2)"
;;
esac
;; ;;
restore) restore)
shift shift
STARTUP_ENABLED=Yes STARTUP_ENABLED=Yes
restore_command $@ restore_command $@
;; ;;
iptrace)
get_config
shift
iptrace_command $@
;;
noiptrace)
get_config
shift
noiptrace_command $@
;;
call) call)
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
# #

256
Shorewall/lib.cli
View File

@ -459,6 +459,55 @@ list_zone() {
done done
} }
version_command() {
local finished
finished=0
local all
all=
local product
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
a*)
all=Yes
option=${option#a}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
[ $# -gt 0 ] && usage 1
echo $SHOREWALL_VERSION
if [ -n "$all" ]; then
for product in shorewall shorewall6 shorewall-lite shorewall6-lite shorewall-init; do
if [ $product != $g_program -a -f /usr/share/$product/version ]; then
echo "$product: $(cat /usr/share/$product/version)"
fi
done
fi
}
# #
# Show Filter - For Shorewall[6]-lite, if there was an scfilter file at compile-time, # Show Filter - For Shorewall[6]-lite, if there was an scfilter file at compile-time,
# then the compiler generated another version of this function and # then the compiler generated another version of this function and
@ -2228,3 +2277,210 @@ report_capabilities1() {
echo CAPVERSION=$SHOREWALL_CAPVERSION echo CAPVERSION=$SHOREWALL_CAPVERSION
echo KERNELVERSION=$KERNELVERSION echo KERNELVERSION=$KERNELVERSION
} }
status_command() {
echo "${g_product}-$SHOREWALL_VERSION Status at $g_hostname - $(date)"
echo
if product_is_started ; then
echo "$g_product is running"
status=0
else
echo "$g_product is stopped"
status=4
fi
if [ -f ${VARDIR}/state ]; then
state="$(cat ${VARDIR}/state)"
case $state in
Stopped*|Closed*|Clear*)
status=3
;;
esac
else
state=Unknown
fi
echo "State:$state"
echo
exit $status
}
drop_command() {
if product_is_started ; then
if ! chain_exists dynamic; then
echo "Dynamic blacklisting is not supported in the current $g_product configuration"
exit 2
fi
[ -n "$nolock" ] || mutex_on
block DROP Dropped $*
[ -n "$nolock" ] || mutex_off
else
fatal_error "$g_product is not started"
fi
}
logdrop_command() {
if product_is_started ; then
if ! chain_exists dynamic; then
echo "Dynamic blacklisting is not supported in the current $g_product configuration"
exit 2
fi
[ -n "$nolock" ] || mutex_on
block logdrop Dropped $*
[ -n "$nolock" ] || mutex_off
else
fatal_error "$g_product is not started"
fi
}
reject_command() {
if product_is_started ; then
[ -n "$nolock" ] || mutex_on
block $1 Rejected $*
[ -n "$nolock" ] || mutex_off
else
fatal_error "$g_product is not started"
fi
}
save_command() {
case $# in
1)
;;
2)
RESTOREFILE="$2"
validate_restorefile '<restore file>'
;;
*)
usage 1
;;
esac
g_restorepath=${VARDIR}/$RESTOREFILE
[ -n "$nolock" ] || mutex_on
save_config
result=$?
[ -n "$nolock" ] || mutex_off
exit $result
}
forget_command() {
case $# in
1)
;;
2)
RESTOREFILE="$2"
validate_restorefile '<restore file>'
;;
*)
usage 1
;;
esac
g_restorepath=${VARDIR}/$RESTOREFILE
if [ -x $g_restorepath ]; then
rm -f $g_restorepath
rm -f ${g_restorepath}-iptables
rm -f ${g_restorepath}-ipsets
echo " $g_restorepath removed"
elif [ -f $g_restorepath ]; then
echo " $g_restorepath exists and is not a saved $g_product configuration"
fi
rm -f ${VARDIR}/save
}
ipcalc_command() {
local address
local vlsm
[ $g_family -eq 6 ] && usage 1
if [ $# -eq 2 ]; then
address=${2%/*}
vlsm=${2#*/}
elif [ $# -eq 3 ]; then
address=$2
vlsm=$(ip_vlsm $3)
else
usage 1
fi
valid_address $address || fatal_error "Invalid IP address: $address"
[ -z "$vlsm" ] && usage 2
[ "x$address" = "x$vlsm" ] && usage 2
[ $vlsm -gt 32 ] && echo "Invalid VLSM: /$vlsm" >&2 && exit 2
address=$address/$vlsm
echo " CIDR=$address"
temp=$(ip_netmask $address); echo " NETMASK=$(encodeaddr $temp)"
temp=$(ip_network $address); echo " NETWORK=$temp"
temp=$(broadcastaddress $address); echo " BROADCAST=$temp"
}
iprange_command() {
local range
[ $g_family -eq 6 ] && usage 1
range=''
while [ $# -gt 0 ]; do
shift
range="${range}${1}"
done
case $range in
*.*.*.*-*.*.*.*)
for address in ${range%-*} ${range#*-}; do
valid_address $address || fatal_error "Invalid IP address: $address"
done
ip_range $range
;;
*)
usage 1
;;
esac
}
ipdecimal_command() {
[ $# -eq 2 ] || usage 1
[ $g_family -eq 6 ] && usage 1
case $2 in
*.*.*.*)
valid_address $2 || fatal_error "Invalid IP address: $2"
echo " $(decodeaddr $2)"
;;
*)
echo " $(encodeaddr $2)"
;;
esac
}
iptrace_command() {
if product_is_started ; then
$g_tool -t raw -A PREROUTING $@ -j TRACE
$g_tool -t raw -A OUTPUT $@ -j TRACE
else
fatal_error "$g_product is not started"
fi
}
noiptrace_command() {
if product_is_started ; then
$g_tool -t raw -D PREROUTING $@ -j TRACE
$g_tool -t raw -D OUTPUT $@ -j TRACE
else
fatal_error "$g_product is not started"
fi
}

223
Shorewall/shorewall
View File

@ -1591,55 +1591,6 @@ usage() # $1 = exit status
exit $1 exit $1
} }
version_command() {
local finished
finished=0
local all
all=
local product
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
a*)
all=Yes
option=${option#a}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
[ $# -gt 0 ] && usage 1
echo $SHOREWALL_VERSION
if [ -n "$all" ]; then
for product in shorewall shorewall6 shorewall-lite shorewall6-lite shorewall-init; do
if [ $product != $g_program -a -f /usr/share/$product/version ]; then
echo "$product: $(cat /usr/share/$product/version)"
fi
done
fi
}
# #
# Execution begins here # Execution begins here
# #
@ -1926,29 +1877,7 @@ case "$COMMAND" in
[ $# -eq 1 ] || usage 1 [ $# -eq 1 ] || usage 1
[ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root" [ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root"
get_config get_config
echo "${g_product}-$SHOREWALL_VERSION Status at $g_hostname - $(date)" status_command
echo
if product_is_started ; then
echo "$g_product is running"
status=0
else
echo "$g_product is stopped"
status=4
fi
if [ -f ${VARDIR}/state ]; then
state="$(cat ${VARDIR}/state)"
case $state in
Stopped*|Closed*|Clear*)
status=3
;;
esac
else
state=Unknown
fi
echo "State:$state"
echo
exit $status
;; ;;
dump) dump)
get_config Yes No Yes get_config Yes No Yes
@ -1980,47 +1909,19 @@ case "$COMMAND" in
get_config get_config
[ -n "$g_debugging" ] && set -x [ -n "$g_debugging" ] && set -x
[ $# -eq 1 ] && usage 1 [ $# -eq 1 ] && usage 1
if product_is_started ; then drop_command $@
if ! chain_exists dynamic; then
echo "Dynamic blacklisting is not supported in the current $g_product configuration"
exit 2
fi
[ -n "$nolock" ] || mutex_on
block DROP Dropped $*
[ -n "$nolock" ] || mutex_off
else
fatal_error "$g_product is not started"
fi
;; ;;
logdrop) logdrop)
get_config get_config
[ -n "$g_debugging" ] && set -x [ -n "$g_debugging" ] && set -x
[ $# -eq 1 ] && usage 1 [ $# -eq 1 ] && usage 1
if product_is_started ; then logdrop_command $@
if ! chain_exists dynamic; then
echo "Dynamic blacklisting is not supported in the current $g_product configuration"
exit 2
fi
[ -n "$nolock" ] || mutex_on
block logdrop Dropped $*
[ -n "$nolock" ] || mutex_off
else
fatal_error "$g_product is not started"
fi
;; ;;
reject|logreject) reject|logreject)
get_config get_config
[ -n "$g_debugging" ] && set -x [ -n "$g_debugging" ] && set -x
[ $# -eq 1 ] && usage 1 [ $# -eq 1 ] && usage 1
if product_is_started ; then reject_command $@
[ -n "$nolock" ] || mutex_on
block $COMMAND Rejected $*
[ -n "$nolock" ] || mutex_off
else
fatal_error "$g_product is not started"
fi
;; ;;
allow) allow)
get_config get_config
@ -2039,116 +1940,24 @@ case "$COMMAND" in
save) save)
get_config get_config
[ -n "$g_debugging" ] && set -x [ -n "$g_debugging" ] && set -x
save_command $@
case $# in
1)
;;
2)
RESTOREFILE="$2"
validate_restorefile '<restore file>'
;;
*)
usage 1
;;
esac
g_restorepath=${VARDIR}/$RESTOREFILE
[ -n "$nolock" ] || mutex_on
save_config
result=$?
[ -n "$nolock" ] || mutex_off
exit $result
;; ;;
forget) forget)
get_config get_config
case $# in forget_command $@
1)
;;
2)
RESTOREFILE="$2"
validate_restorefile '<restore file>'
;;
*)
usage 1
;;
esac
g_restorepath=${VARDIR}/$RESTOREFILE
if [ -x $g_restorepath ]; then
rm -f $g_restorepath
rm -f ${g_restorepath}-iptables
rm -f ${g_restorepath}-ipsets
echo " $g_restorepath removed"
elif [ -f $g_restorepath ]; then
echo " $g_restorepath exists and is not a saved $g_product configuration"
fi
rm -f ${VARDIR}/save
;; ;;
ipcalc) ipcalc)
[ $g_family -eq 6 ] && usage 1
[ -n "$g_debugging" ] && set -x [ -n "$g_debugging" ] && set -x
if [ $# -eq 2 ]; then ipcalc_command $@
address=${2%/*}
vlsm=${2#*/}
elif [ $# -eq 3 ]; then
address=$2
vlsm=$(ip_vlsm $3)
else
usage 1
fi
valid_address $address || fatal_error "Invalid IP address: $address"
[ -z "$vlsm" ] && exit 2
[ "x$address" = "x$vlsm" ] && usage 2
[ $vlsm -gt 32 ] && echo "Invalid VLSM: /$vlsm" >&2 && exit 2
address=$address/$vlsm
echo " CIDR=$address"
temp=$(ip_netmask $address); echo " NETMASK=$(encodeaddr $temp)"
temp=$(ip_network $address); echo " NETWORK=$temp"
temp=$(broadcastaddress $address); echo " BROADCAST=$temp"
;; ;;
iprange) iprange)
[ -n "$g_debugging" ] && set -x [ -n "$g_debugging" ] && set -x
range='' iprange_command $@
while [ $# -gt 0 ]; do
shift
range="${range}${1}"
done
case $range in
*.*.*.*-*.*.*.*)
for address in ${range%-*} ${range#*-}; do
valid_address $address || fatal_error "Invalid IP address: $address"
done
ip_range $range
;;
*)
usage 1
;;
esac
;; ;;
ipdecimal) ipdecimal)
[ -n "$g_debugging" ] && set -x [ -n "$g_debugging" ] && set -x
[ $# -eq 2 ] || usage 1 ipdecimal_command $@
case $2 in
*.*.*.*)
valid_address $2 || fatal_error "Invalid IP address: $2"
echo " $(decodeaddr $2)"
;;
*)
echo " $(encodeaddr $2)"
;;
esac
;; ;;
restore) restore)
get_config get_config
@ -2176,22 +1985,12 @@ case "$COMMAND" in
iptrace) iptrace)
get_config get_config
shift shift
if shorewall_is_started ; then iptrace_command $@
$g_tool -t raw -A PREROUTING $@ -j TRACE
$g_tool -t raw -A OUTPUT $@ -j TRACE
else
fatal_error "$g_product is not started"
fi
;; ;;
noiptrace) noiptrace)
get_config get_config
shift shift
if shorewall_is_started ; then noiptrace_command $@
$g_tool -t raw -D PREROUTING $@ -j TRACE
$g_tool -t raw -D OUTPUT $@ -j TRACE
else
fatal_error "$g_product is not started"
fi
;; ;;
*) *)
usage 1 usage 1