Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
awall
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
7
Issues
7
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
awall
Commits
aadabe65
Commit
aadabe65
authored
Mar 26, 2012
by
Kaarle Ritvanen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
safe activation mode (with automatic fallback)
parent
858b186a
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
66 additions
and
5 deletions
+66
-5
awall-cli
awall-cli
+61
-5
awall/init.lua
awall/init.lua
+5
-0
No files found.
awall-cli
View file @
aadabe65
...
...
@@ -8,10 +8,12 @@ Licensed under the terms of GPL2
require
'alt_getopt'
require
'lfs'
require
'signal'
require
'stringy'
short_opts
=
'o:V'
long_opts
=
{[
'output-dir'
]
=
'o'
,
short_opts
=
'aFo:V'
long_opts
=
{
activate
=
'a'
,
[
'output-dir'
]
=
'o'
,
verify
=
'V'
}
if
stringy
.
endswith
(
arg
[
0
],
'/awall-cli'
)
then
...
...
@@ -23,7 +25,9 @@ if stringy.endswith(arg[0], '/awall-cli') then
end
for
switch
,
value
in
pairs
(
alt_getopt
.
get_opts
(
arg
,
short_opts
,
long_opts
))
do
if
switch
==
'i'
then
table.insert
(
input
,
value
)
if
switch
==
'a'
then
activate
=
true
elseif
switch
==
'F'
then
fallback
=
true
elseif
switch
==
'i'
then
table.insert
(
input
,
value
)
elseif
switch
==
'o'
then
iptdir
=
value
ipsfile
=
value
..
'/ipset'
...
...
@@ -33,8 +37,60 @@ end
require
'awall'
require
'awall.iptables'
awall
.
loadmodules
(
basedir
)
config
=
awall
.
Config
.
new
(
input
)
if
verify
then
config
:
test
()
end
config
:
dump
(
iptdir
,
ipsfile
)
if
activate
then
awall
.
iptables
.
backup
()
signal
.
signal
(
'SIGCHLD'
,
function
()
if
pid
and
lpc
.
wait
(
pid
,
1
)
then
os.exit
(
2
)
end
end
)
for
i
,
sig
in
ipairs
({
'INT'
,
'TERM'
})
do
signal
.
signal
(
'SIG'
..
sig
,
function
()
interrupted
=
true
io.stdin
:
close
()
end
)
end
require
'lpc'
pid
,
stdio
,
stdout
=
lpc
.
run
(
arg
[
0
],
'-F'
)
stdio
:
close
()
stdout
:
close
()
config
:
activate
()
io.stderr
:
write
(
'New firewall configuration activated\n'
)
io.stderr
:
write
(
'Press RETURN to commit changes permanently: '
)
io.read
()
signal
.
signal
(
'SIGCHLD'
,
'default'
)
signal
.
kill
(
pid
,
'SIGTERM'
)
lpc
.
wait
(
pid
)
if
interrupted
then
io.stderr
:
write
(
'
\n
Activation canceled, reverting to the old configuration\n'
)
awall
.
iptables
.
revert
()
else
config
:
dump
()
end
elseif
fallback
then
for
i
,
sig
in
ipairs
({
'HUP'
,
'PIPE'
})
do
signal
.
signal
(
'SIG'
..
sig
,
function
()
end
)
end
require
'lsleep'
lsleep
.
sleep
(
10
)
io.stderr
:
write
(
'
\n
Timeout, reverting to the old configuration\n'
)
awall
.
iptables
.
revert
()
else
if
verify
then
config
:
test
()
end
config
:
dump
(
iptdir
,
ipsfile
)
end
awall/init.lua
View file @
aadabe65
...
...
@@ -136,3 +136,8 @@ function Config:test()
self
.
ipset
:
create
()
self
.
iptables
:
test
()
end
function
Config
:
activate
()
self
:
test
()
self
.
iptables
:
activate
()
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment