fancier services

[firewall-squeep] / common.sh

diff --git a/common.sh b/common.sh
index 781df4abe4a1471b86381ea7b79c4ab9fc54cedb..f8860fcb1adf50868d549a147cfeb5f57ef23ea9 100644 (file)
--- a/common.sh
+++ b/common.sh
@@ -21,11 +21,21 @@ function create_set(){
 }
 
 function insert_setmatch_rules(){
+       local single=0
+       if [ "x$1" = "x-single-set" ]
+       then
+               single=1
+               shift
+       fi
        local ipt set_name="$1"
        shift
        for v in '' '6'
        do
                eval ipt="\$IP${v}TABLES"
+               if [ $single -eq 1 ]
+               then
+                       v=''
+               fi
                if ! $ipt -C INPUT -m set --match-set "${set_name}${v}" src "$@" >/dev/null 2>&1
                then
                        echo "initializing rule '${set_name}${v}'"
@@ -74,3 +84,26 @@ function reload_cidr_sets(){
        done
 }
 
+function add_service_entry(){
+       local port/proto
+       port=$(echo "${s}" | cut -d/ -f1)
+       proto=$(echo "${s}" | cut -d/ -f2)
+       $IPSET -exist add allowed_${proto} ${port}
+}
+
+function allow_services(){
+       local s proto port
+       for s in "$@"
+       do
+               case "${s}" in
+               */*)    add_service_entry "${s}"
+                       ;;
+               *)      for svc in $(getent services "${s}" | awk '{print $2}')
+                       do
+                               add_service_entry "${svc}"
+                       done
+                       ;;
+               esac
+       done
+}
+