Commit f715db9d authored by Steve Kemp's avatar Steve Kemp
Browse files

Rename the binary package, and avoid the auto-generated rule files.

parent 9d24af37
......@@ -15,7 +15,6 @@ nop:
clean:
if [ -d ./man ] ; then rm -rf ./man ; fi
if [ -d ./i ] ; then rm -rf ./i ; fi
ruby make-rules.rb clean ./rule.d ./services
manpage: ./bin/firewall
if ! [ -d ./man ] ; then mkdir ./man ; fi
......@@ -23,11 +22,7 @@ manpage: ./bin/firewall
pod2man ./bin/firewall-logtail > ./man/firewall-logtail.1
pod2man ./bin/firewall-blacklist > ./man/firewall-blacklist.1
rules: ./make-rules.rb ./services
if ! [ -d ./rule.d ] ; then mkdir ./rule.d ; fi
ruby make-rules.rb create ./rule.d ./services
all: manpage rules
all: manpage
test:
if [ ! -d ./i ]; then mkdir ./i ; fi
......
bytemark-symbiosis-firewall (2010:0427-1) stable; urgency=low
* Renamed the main package.
- But still "Provide:" the old name.
-- Steve Kemp <steve@bytemark.co.uk> Tue, 27 Apr 2010 16:00:16 +0000
bytemark-vhost-firewall (2010:0421-1) stable; urgency=low
* Install a trivial manpage for `firewall-logtail`.
......
Source: bytemark-vhost-firewall
Source: bytemark-symbiosis-firewall
Section: net
Priority: extra
Maintainer: Steve Kemp <steve@bytemark.co.uk>
Uploaders: Patrick J Cherry <patch@bytemark.co.uk>
Build-Depends: debhelper (>= 4.0.0), ruby
Build-Depends: debhelper (>= 4.0.0)
Standards-Version: 3.8.0
Package: bytemark-vhost-firewall
Package: bytemark-symbiosis-firewall
Provide: bytemark-vhost-firewall
Architecture: all
Depends: iptables, dnsutils, iproute
Replaces: bytemark-vhost-ssh-protection
......
#!/usr/bin/ruby
#
#
services = Hash.new{|h,k| h[k] = Hash.new{|i,l| i[l] = Array.new}}
action = ARGV.shift
action = "create" if action.nil?
output_dir = ARGV.shift
output_dir = "rule.d" if output_dir.nil?
services_file = ARGV.shift
services_file = "services" if services_file.nil?
File.open(services_file) do |fh|
while line = fh.gets do
if line =~ /^([\w-]+)\s+(\d+)\/(tcp|udp)\s*/
services[$1][$2] << $3 unless services[$1][$2].include?($3)
end
end
end
services.each do |service, ports|
[ "incoming", "outgoing" ].each do |direction|
var = "$"+("incoming" == direction ? "SRC" : "DEST")
fn = File.join(output_dir,"#{service}.#{direction}")
skip = false
# check to see if the file exists, and if so, see if it is auto-generated
# (in which case we can overwrite it).
File.open(fn, 'r') do |fh|
unless fh.gets == "# AUTOMATICALLY GENERATED! Do not edit.\n"
puts "Manually created file exists: rule.d/#{service}.#{direction}"
skip = true
end
end if File.exists?(fn)
next if skip
if action == "clean"
File.unlink(fn) if File.exists?(fn)
else
File.open(fn,"w+") do |fh|
fh.puts "# AUTOMATICALLY GENERATED! Do not edit.\n#\n# Allow #{direction} connections for #{service}\n#\n"
ports.each do |port, protos|
protos.each do |proto|
fh.puts ["/sbin/iptables",
"--append",
("incoming" == direction ? "INPUT" : "OUTPUT"),
"--protocol",
proto,
"--destination-port",
port,
("incoming" == direction ? "$SRC" : "$DEST"),
"--jump ACCEPT"].join(" ")
end
end
fh.puts ""
end
end
end
end
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment