52 lines
1.4 KiB
Bash
Executable File
52 lines
1.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
: "${PERSIST_RULES_V4:?PERSIST_RULES_V4 is required}"
|
|
: "${PERSIST_RULES_V6:=}"
|
|
: "${IPTABLES_SAVE_BIN:=iptables-save}"
|
|
: "${IP6TABLES_SAVE_BIN:=ip6tables-save}"
|
|
: "${IPTABLES_RESTORE_BIN:=iptables-restore}"
|
|
: "${IP6TABLES_RESTORE_BIN:=ip6tables-restore}"
|
|
: "${PERSIST_FIXTURE_LOG:=}"
|
|
|
|
log_action() {
|
|
[[ -n ${PERSIST_FIXTURE_LOG} ]] || return 0
|
|
printf '%s %s\n' "$(basename -- "$0")" "$*" >>"${PERSIST_FIXTURE_LOG}"
|
|
}
|
|
|
|
save_family_rules() {
|
|
local save_bin=$1
|
|
local output_file=$2
|
|
[[ -n ${output_file} ]] || return 0
|
|
mkdir -p "$(dirname -- "${output_file}")"
|
|
if command -v "${save_bin}" >/dev/null 2>&1; then
|
|
"${save_bin}" >"${output_file}"
|
|
fi
|
|
}
|
|
|
|
reload_family_rules() {
|
|
local restore_bin=$1
|
|
local input_file=$2
|
|
[[ -n ${input_file} && -f ${input_file} ]] || return 0
|
|
if command -v "${restore_bin}" >/dev/null 2>&1; then
|
|
"${restore_bin}" <"${input_file}"
|
|
fi
|
|
}
|
|
|
|
case ${1-} in
|
|
save)
|
|
log_action "$@"
|
|
save_family_rules "${IPTABLES_SAVE_BIN}" "${PERSIST_RULES_V4}"
|
|
save_family_rules "${IP6TABLES_SAVE_BIN}" "${PERSIST_RULES_V6}"
|
|
;;
|
|
reload)
|
|
log_action "$@"
|
|
reload_family_rules "${IPTABLES_RESTORE_BIN}" "${PERSIST_RULES_V4}"
|
|
reload_family_rules "${IP6TABLES_RESTORE_BIN}" "${PERSIST_RULES_V6}"
|
|
;;
|
|
*)
|
|
printf 'usage: %s <save|reload>\n' "$(basename -- "$0")" >&2
|
|
exit 1
|
|
;;
|
|
esac
|