56 lines
1.3 KiB
Bash
56 lines
1.3 KiB
Bash
#!/bin/ksh
|
|
# install to /usr/local/bin on firewall
|
|
# OpenBSD pdksh
|
|
|
|
hostname_file='/etc/myname'
|
|
|
|
if [ "$(id -u)" -ne 0 ]; then
|
|
printf 'Must be run as root.\n' >&2
|
|
exit 1
|
|
fi
|
|
if [ ! -f "$hostname_file" ]; then
|
|
printf 'No hostname file. Is this the right server?\n' >&2
|
|
exit 1
|
|
fi
|
|
if [ "$(<"$hostname_file")" != 'danknasty' ]; then
|
|
printf 'Only designed to be run on danknasty.\n' >&2
|
|
exit 1
|
|
fi
|
|
|
|
fw_config="/etc/pf_${ssl_service}.conf"
|
|
|
|
if [ ! -f "$fw_config" ]; then
|
|
printf 'No firewall config found for %s at %s.\n' "$ssl_service" "$fw_config" >&2
|
|
exit 1
|
|
fi
|
|
|
|
printf 'Setting "%s" for "%s".\n' "$state" "$ssl_service"
|
|
printf 'Firewall config: "%s"\n' "$fw_config"
|
|
|
|
if [ "$state" == 'HTTP_UP' ]; then
|
|
printf 'Removing comment\n'
|
|
/usr/bin/sed -i 's/^# pass/pass/' "$fw_config"
|
|
if [ $? != 0 ]; then
|
|
printf 'Failed to configure %s http port up.\n' "$ssl_service" >&2
|
|
exit 1
|
|
fi
|
|
elif [ "$state" == 'HTTP_DOWN' ]; then
|
|
printf 'Adding comment\n'
|
|
/usr/bin/sed -i 's/^pass/# pass/' "$fw_config"
|
|
if [ $? != 0 ]; then
|
|
printf 'Failed to configure %s http port down.\n' "$ssl_service" >&2
|
|
exit 1
|
|
fi
|
|
else
|
|
printf 'Invalid state: %s.\n' "$state" >&2
|
|
exit 1
|
|
fi
|
|
|
|
/usr/local/bin/pfhup.sh
|
|
if [ $? != 0 ]; then
|
|
printf 'Failed to restart firewall. Check config immediately.\n' >&2
|
|
exit 1
|
|
fi
|
|
|
|
printf 'success\n'
|