script/admin-stuff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update_firewall-script_ipt-gateway.sh, update_firewall-script_ipt-server.sh: copy also changed configuration files.

Browse Source
This commit is contained in:
Christoph 2019-05-20 18:57:23 +02:00
parent 05b5f6a1fa
commit a1d3c7857d
2 changed files with 195 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
update_firewall-script_ipt-gateway.sh
View File

@ -198,6 +198,16 @@ DEFAULT_REPOSITORY_NAME="ipt-gateway"
DEFAULT_REPOSITORY_BASE_PATH="/usr/local/src" DEFAULT_REPOSITORY_BASE_PATH="/usr/local/src"
DEFAULT_IPV4_FIREWALL_SCRIPT="ipt-firewall-gateway" DEFAULT_IPV4_FIREWALL_SCRIPT="ipt-firewall-gateway"
DEFAULT_IPV6_FIREWALL_SCRIPT="ip6t-firewall-gateway" DEFAULT_IPV6_FIREWALL_SCRIPT="ip6t-firewall-gateway"
DEFAULT_CONFIG_DIR="/etc/ipt-firewall"
DEFAULT_FIREWALL_CONFIGURATION_FILES="
default_ports.conf
include_functions.conf
load_modules_ipv4.conf
load_modules_ipv6.conf
logging_ipv4.conf
logging_ipv6.conf
post_decalrations.conf
"
if [[ -f "$conf_file" ]]; then if [[ -f "$conf_file" ]]; then
source "$conf_file" source "$conf_file"
@ -212,6 +222,10 @@ fi
[[ -n "$IPV4_FIREWALL_SCRIPT" ]] || IPV4_FIREWALL_SCRIPT="$DEFAULT_IPV4_FIREWALL_SCRIPT" [[ -n "$IPV4_FIREWALL_SCRIPT" ]] || IPV4_FIREWALL_SCRIPT="$DEFAULT_IPV4_FIREWALL_SCRIPT"
[[ -n "$IPV6_FIREWALL_SCRIPT" ]] || IPV6_FIREWALL_SCRIPT="$DEFAULT_IPV6_FIREWALL_SCRIPT" [[ -n "$IPV6_FIREWALL_SCRIPT" ]] || IPV6_FIREWALL_SCRIPT="$DEFAULT_IPV6_FIREWALL_SCRIPT"
[[ -n "$CONFIG_DIR" ]] || CONFIG_DIR="$DEFAULT_CONFIG_DIR"
[[ -n "$FIREWALL_CONFIGURATION_FILES" ]] || FIREWALL_CONFIGURATION_FILES="$DEFAULT_FIREWALL_CONFIGURATION_FILES"
REPOSITORY_PATH="${REPOSITORY_BASE_PATH}/$REPOSITORY_NAME" REPOSITORY_PATH="${REPOSITORY_BASE_PATH}/$REPOSITORY_NAME"
@ -234,18 +248,27 @@ fi
if $terminal ; then if $terminal ; then
echo "" echo ""
echo -e " Update firewall script '$IPV4_FIREWALL_SCRIPT' from local repositiry\033[1m$REPOSITORY_NAME\033[m .." echo -e " Update firewall scripts from local repository \033[1m$REPOSITORY_NAME\033[m .."
echo "" echo ""
fi fi
restart_ipv6_firewall=false
restart_ipv4_firewall=false
echononl "Copy firewall script '$IPV4_FIREWALL_SCRIPT' to /usr/local/sbin/ .." echononl "Copy firewall script '$IPV4_FIREWALL_SCRIPT' to /usr/local/sbin/ .."
if [[ -f "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" ]]; then if [[ -f "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" ]]; then
if $(diff "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV4_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
echo_skipped
else
cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1 cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
if [[ $? -gt 0 ]]; then if [[ $? -gt 0 ]]; then
echo_failed echo_failed
error "$(cat "$log_file")" error "$(cat "$log_file")"
else else
echo_ok echo_ok
restart_ipv4_firewall=true
fi
fi fi
else else
echo_skipped echo_skipped
@ -254,7 +277,74 @@ fi
echononl "Copy firewall script '$IPV6_FIREWALL_SCRIPT' to /usr/local/sbin/ .." echononl "Copy firewall script '$IPV6_FIREWALL_SCRIPT' to /usr/local/sbin/ .."
if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then
if $(diff "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV6_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
echo_skipped
else
cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1 cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
if [[ $? -gt 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
restart_ipv6_firewall=true
fi
fi
else
echo_skipped
warn "No file '$IPV6_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'"
fi
if $terminal ; then
echo ""
echo -e " Update Configuration files from local repository \033[1m$REPOSITORY_NAME\033[m .."
echo ""
fi
for _file_name in ${FIREWALL_CONFIGURATION_FILES} ; do
_file_src="${REPOSITORY_PATH}/conf/$_file_name"
_file_dst="${CONFIG_DIR}/$_file_name"
echononl "Copy firewall configuration file '$_file_name'.."
if [[ -f "$_file_src" ]]; then
if $(diff "$_file_src" "$_file_dst" > /dev/null 2>&1) ; then
echo_skipped
else
cp "$_file_src" "$_file_dst" > "$log_file" 2>&1
if [[ $? -gt 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
restart_ipv6_firewall=true
restart_ipv4_firewall=true
fi
fi
else
echo_skipped
warn "No configuration file '$_file_name' found!"
fi
done
blank_line
echononl "Restart IPv4 Firewall.."
if $restart_ipv4_firewall ; then
/usr/local/sbin/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
if [[ $? -gt 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
echononl "Restart IPv6 Firewall.."
if $restart_ipv6_firewall ; then
/usr/local/sbin/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
if [[ $? -gt 0 ]]; then if [[ $? -gt 0 ]]; then
echo_failed echo_failed
error "$(cat "$log_file")" error "$(cat "$log_file")"
@ -263,7 +353,6 @@ if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then
fi fi
else else
echo_skipped echo_skipped
warn "No file '$IPV6_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'"
fi fi

92
update_firewall-script_ipt-server.sh
View File

@ -198,6 +198,16 @@ DEFAULT_REPOSITORY_NAME="ipt-server"
DEFAULT_REPOSITORY_BASE_PATH="/usr/local/src" DEFAULT_REPOSITORY_BASE_PATH="/usr/local/src"
DEFAULT_IPV4_FIREWALL_SCRIPT="ipt-firewall-server" DEFAULT_IPV4_FIREWALL_SCRIPT="ipt-firewall-server"
DEFAULT_IPV6_FIREWALL_SCRIPT="ip6t-firewall-server" DEFAULT_IPV6_FIREWALL_SCRIPT="ip6t-firewall-server"
DEFAULT_CONFIG_DIR="/etc/ipt-firewall"
DEFAULT_FIREWALL_CONFIGURATION_FILES="
include_functions.conf
load_modules_ipv4.conf
load_modules_ipv6.conf
logging_ipv4.conf
logging_ipv6.conf
ports.conf
post_decalrations.conf
"
if [[ -f "$conf_file" ]]; then if [[ -f "$conf_file" ]]; then
source "$conf_file" source "$conf_file"
@ -212,6 +222,10 @@ fi
[[ -n "$IPV4_FIREWALL_SCRIPT" ]] || IPV4_FIREWALL_SCRIPT="$DEFAULT_IPV4_FIREWALL_SCRIPT" [[ -n "$IPV4_FIREWALL_SCRIPT" ]] || IPV4_FIREWALL_SCRIPT="$DEFAULT_IPV4_FIREWALL_SCRIPT"
[[ -n "$IPV6_FIREWALL_SCRIPT" ]] || IPV6_FIREWALL_SCRIPT="$DEFAULT_IPV6_FIREWALL_SCRIPT" [[ -n "$IPV6_FIREWALL_SCRIPT" ]] || IPV6_FIREWALL_SCRIPT="$DEFAULT_IPV6_FIREWALL_SCRIPT"
[[ -n "$CONFIG_DIR" ]] || CONFIG_DIR="$DEFAULT_CONFIG_DIR"
[[ -n "$FIREWALL_CONFIGURATION_FILES" ]] || FIREWALL_CONFIGURATION_FILES="$DEFAULT_FIREWALL_CONFIGURATION_FILES"
REPOSITORY_PATH="${REPOSITORY_BASE_PATH}/$REPOSITORY_NAME" REPOSITORY_PATH="${REPOSITORY_BASE_PATH}/$REPOSITORY_NAME"
@ -234,18 +248,26 @@ fi
if $terminal ; then if $terminal ; then
echo "" echo ""
echo -e " Update firewall script '$IPV4_FIREWALL_SCRIPT' from local repositiry\033[1m$REPOSITORY_NAME\033[m .." echo -e " Update firewall scripts from local repository \033[1m$REPOSITORY_NAME\033[m .."
echo "" echo ""
fi fi
restart_ipv6_firewall=false
restart_ipv4_firewall=false
echononl "Copy firewall script '$IPV4_FIREWALL_SCRIPT' to /usr/local/sbin/ .." echononl "Copy firewall script '$IPV4_FIREWALL_SCRIPT' to /usr/local/sbin/ .."
if [[ -f "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" ]]; then if [[ -f "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" ]]; then
if $(diff "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV4_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
echo_skipped
else
cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1 cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
if [[ $? -gt 0 ]]; then if [[ $? -gt 0 ]]; then
echo_failed echo_failed
error "$(cat "$log_file")" error "$(cat "$log_file")"
else else
echo_ok echo_ok
restart_ipv4_firewall=true
fi
fi fi
else else
echo_skipped echo_skipped
@ -254,7 +276,74 @@ fi
echononl "Copy firewall script '$IPV6_FIREWALL_SCRIPT' to /usr/local/sbin/ .." echononl "Copy firewall script '$IPV6_FIREWALL_SCRIPT' to /usr/local/sbin/ .."
if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then
if $(diff "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV6_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
echo_skipped
else
cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1 cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
if [[ $? -gt 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
restart_ipv6_firewall=true
fi
fi
else
echo_skipped
warn "No file '$IPV6_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'"
fi
if $terminal ; then
echo ""
echo -e " Update Configuration files from local repository \033[1m$REPOSITORY_NAME\033[m .."
echo ""
fi
for _file_name in ${FIREWALL_CONFIGURATION_FILES} ; do
_file_src="${REPOSITORY_PATH}/conf/$_file_name"
_file_dst="${CONFIG_DIR}/$_file_name"
echononl "Copy firewall configuration file '$_file_name'.."
if [[ -f "$_file_src" ]]; then
if $(diff "$_file_src" "$_file_dst" > /dev/null 2>&1) ; then
echo_skipped
else
cp "$_file_src" "$_file_dst" > "$log_file" 2>&1
if [[ $? -gt 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
restart_ipv6_firewall=true
restart_ipv4_firewall=true
fi
fi
else
echo_skipped
warn "No configuration file '$_file_name' found!"
fi
done
blank_line
echononl "Restart IPv4 Firewall.."
if $restart_ipv4_firewall ; then
/usr/local/sbin/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
if [[ $? -gt 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
echononl "Restart IPv6 Firewall.."
if $restart_ipv6_firewall ; then
/usr/local/sbin/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
if [[ $? -gt 0 ]]; then if [[ $? -gt 0 ]]; then
echo_failed echo_failed
error "$(cat "$log_file")" error "$(cat "$log_file")"
@ -263,7 +352,6 @@ if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then
fi fi
else else
echo_skipped echo_skipped
warn "No file '$IPV6_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'"
fi fi