-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiptconf.f
101 lines (80 loc) · 2.25 KB
/
iptconf.f
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# iptconf functions
# iptables chain INPUT ipv4+ipv6
INPUT() { ip46tables -A INPUT "$@"; }
# iptables chain OUTPUT ipv4+ipv6
OUTPUT() { ip46tables -A OUTPUT "$@"; }
# iptables chain FORWARD ipv4+ipv6
FORWARD() { ip46tables -A FORWARD "$@"; }
# iptables chain PREROUTING ipv4+ipv6
PREROUTING() { ip46tables -A PREROUTING "$@"; }
# iptables chain INPUT ipv4
INPUT4() { vx iptables -A INPUT "$@"; }
# iptables chain OUTPUT ipv4
OUTPUT4() { vx iptables -A OUTPUT "$@"; }
# iptables chain FORWARD ipv4
FORWARD4() { vx iptables -A FORWARD "$@"; }
# iptables chain FORWARD ipv4
PREROUTING4() { vx iptables -A PREROUTING "$@"; }
# iptables chain INPUT ipv6
INPUT6() { vx ip6tables -A INPUT "$@"; }
# iptables chain OUTPUT ipv6
OUTPUT6() { vx ip6tables -A OUTPUT "$@"; }
# iptables chain FORWARD ipv6
FORWARD6() { vx ip6tables -A FORWARD "$@"; }
# iptables chain FORWARD ipv6
PREROUTING6() { vx ip6tables -A PREROUTING "$@"; }
# iptables ipv4+ipv6
ip46tables() {
if [[ "$*" =~ " -s " || "$*" =~ "--source" || "$*" =~ "--src" || \
"$*" =~ " -d " || "$*" =~ "--destination" || "$*" =~ "--dst" ]]; then
if ip4test "$@"; then
vx iptables "$@"
fi
if ip6test "$@"; then
vx ip6tables "$@"
return
fi
else
vx iptables "$@"
vx ip6tables "$@"
fi
}
ip4test() {
while [ "$1" ]; do
if [ x"$1" = x-s -o x"$1" = x--source -o x"$1" = x--src -o \
x"$1" = x-d -o x"$1" = x--destination -o x"$1" = x--dst ]; then
shift
# FIXME: Does not work with several addresses, that are separated with
# commas.
[[ "$1" =~ ^[0-9./]+$ || $(host -t a $1) =~ "has address" ]] && return 0
fi
shift
done
return 1
}
ip6test() {
while [ -n "$1" ]; do
if [ x"$1" = x-s -o x"$1" = x--source -o x"$1" = x--src -o \
x"$1" = x-d -o x"$1" = x--destination -o x"$1" = x--dst ]; then
shift
# FIXME: Does not work with several addresses, that are separated with
# commas.
[[ "$1" =~ ^[0-9a-fA-F:/]+$ || $(host -t aaaa $1) =~ "has IPv6 address" ]] && return 0
fi
shift
done
return 1
}
# verbose execution
vx() {
verbose "$@"
"$@" || exit $?
}
verbose() {
test $verbose && echo "$@"
}
warn() { echo "$@" >&2; }
verbose=
[ x"$1" = x-v ] && verbose=v
# ensure a defined return
true