From b19d4156d21904491b6934cb206d3a6ffbc05feb Mon Sep 17 00:00:00 2001 From: Brielle Bruns Date: Mon, 19 Nov 2018 10:50:00 -0700 Subject: [PATCH] Add before/after run commands --- CHANGELOG | 3 +++ bin/srfirewall | 12 ++++++++++++ etc/ipv4/custom/runafter.sh | 6 ++++++ etc/ipv4/custom/runbefore.sh | 6 ++++++ etc/ipv6/custom/runafter.sh | 6 ++++++ etc/ipv6/custom/runbefore.sh | 6 ++++++ 6 files changed, 39 insertions(+) create mode 100644 etc/ipv4/custom/runafter.sh create mode 100644 etc/ipv4/custom/runbefore.sh create mode 100644 etc/ipv6/custom/runafter.sh create mode 100644 etc/ipv6/custom/runbefore.sh diff --git a/CHANGELOG b/CHANGELOG index adc5571..ed3e26a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +2.1 Beta 1 - 11/19/2018 + - Add run-after and run-before rules (custom/runafter.sh and custom/runbefore.sh) + 2.1 Alpha 3 - 04/25/2016 - Fix issue with erasing variables in two different setups - mss clamp fix for fwd target diff --git a/bin/srfirewall b/bin/srfirewall index 2d794b0..830d646 100755 --- a/bin/srfirewall +++ b/bin/srfirewall @@ -174,6 +174,10 @@ fi # Do IPv4 IPTables Rules if [ "${EnableIPv4}" == "yes" ]; then + + # Commands to run before everything else + if [ -x ${FWCONFIGDIR}/ipv4/custom/runbefore.sh ]; then . ${FWCONFIGDIR}/ipv4/custom/runbefore.sh; fi + # First flush all rules iptables_rules_flush ipv4 @@ -203,10 +207,16 @@ if [ "${EnableIPv4}" == "yes" ]; then [[ ${Enablev4NAT} == "yes" ]] && enable_nat ipv4 [[ ${Enablev4PortForwarding} == "yes" ]] && enable_portfw ipv4 + # Commands to run after everything else + if [ -x ${FWCONFIGDIR}/ipv4/custom/runafter.sh ]; then . ${FWCONFIGDIR}/ipv4/custom/runafter.sh; fi + fi # Do IPv6 IPTables Rules if [ "${EnableIPv6}" == "yes" ]; then + # Commands to run before everything else + if [ -x ${FWCONFIGDIR}/ipv6/custom/runbefore.sh ]; then . ${FWCONFIGDIR}/ipv6/custom/runbefore.sh; fi + # First flush all rules iptables_rules_flush ipv6 @@ -237,5 +247,7 @@ if [ "${EnableIPv6}" == "yes" ]; then [[ ${Enablev6NAT} == "yes" ]] && enable_nat ipv6 [[ ${Enablev6PortForwarding} == "yes" ]] && enable_portfw ipv6 [[ ${EnableSysctlTweaks} == "yes" ]] && sysctl_tweaks + # Commands to run after everything else + if [ -x ${FWCONFIGDIR}/ipv6/custom/runafter.sh ]; then . ${FWCONFIGDIR}/ipv6/custom/runafter.sh; fi fi diff --git a/etc/ipv4/custom/runafter.sh b/etc/ipv4/custom/runafter.sh new file mode 100644 index 0000000..e4d3f9c --- /dev/null +++ b/etc/ipv4/custom/runafter.sh @@ -0,0 +1,6 @@ +# This file is sourced by the main srfirewall program to inject +# custom commands/rules during specific moments of the firewall +# setup. +# +# In particular this file injects/commands rules: +# After all other things are done when the script loads diff --git a/etc/ipv4/custom/runbefore.sh b/etc/ipv4/custom/runbefore.sh new file mode 100644 index 0000000..41c9bf2 --- /dev/null +++ b/etc/ipv4/custom/runbefore.sh @@ -0,0 +1,6 @@ +# This file is sourced by the main srfirewall program to inject +# custom commands/rules during specific moments of the firewall +# setup. +# +# In particular this file injects/commands rules: +# Before all other things are done when the script loads diff --git a/etc/ipv6/custom/runafter.sh b/etc/ipv6/custom/runafter.sh new file mode 100644 index 0000000..e4d3f9c --- /dev/null +++ b/etc/ipv6/custom/runafter.sh @@ -0,0 +1,6 @@ +# This file is sourced by the main srfirewall program to inject +# custom commands/rules during specific moments of the firewall +# setup. +# +# In particular this file injects/commands rules: +# After all other things are done when the script loads diff --git a/etc/ipv6/custom/runbefore.sh b/etc/ipv6/custom/runbefore.sh new file mode 100644 index 0000000..41c9bf2 --- /dev/null +++ b/etc/ipv6/custom/runbefore.sh @@ -0,0 +1,6 @@ +# This file is sourced by the main srfirewall program to inject +# custom commands/rules during specific moments of the firewall +# setup. +# +# In particular this file injects/commands rules: +# Before all other things are done when the script loads