59 lines
1.2 KiB
Bash
Executable File
59 lines
1.2 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
basedir=$(realpath "$(dirname "$0")")
|
|
bindir="${basedir}/bin"
|
|
uname=$(uname -n)
|
|
|
|
debug=0
|
|
flush=0
|
|
override=
|
|
while getopts "hfdn:" flag
|
|
do
|
|
case $flag in
|
|
h)
|
|
echo "Usage: $0 [options]"
|
|
echo "-f : flush rules"
|
|
echo "-d : debug rules, ie does not load it, generate rules and check with “nft -c” instead of loading it"
|
|
echo "-n <hostname> : generate ruleset for <hostname> instead of current host. Works only with -d"
|
|
exit
|
|
;;
|
|
f)
|
|
flush=1
|
|
;;
|
|
d)
|
|
debug=1
|
|
;;
|
|
n)
|
|
override=${OPTARG}
|
|
esac
|
|
done
|
|
shift "$((OPTIND-1))"
|
|
|
|
if [ -n "$override" ]
|
|
then
|
|
if [ $debug -ne 0 ]
|
|
then
|
|
echo "Generating rules for ${override}"
|
|
uname=$override
|
|
else
|
|
echo "Override ${override} ignored: enable debug to override"
|
|
fi
|
|
fi
|
|
rules="${basedir}/rules-${uname}.nft"
|
|
|
|
if [ $flush -ne 0 ]
|
|
then
|
|
perl -f "${bindir}/clear.pl" > "${rules}"
|
|
else
|
|
perl -f "${bindir}/rulesgen-${uname}.pl" > "${rules}"
|
|
fi
|
|
|
|
if [ $debug -eq 0 ]
|
|
then
|
|
nft -f "${rules}"
|
|
else
|
|
nft -c -f "${rules}"
|
|
fi
|