1*0a6a1f1dSLionel Sambuc#!/bin/sh 2*0a6a1f1dSLionel Sambuc#echo "run $@" 1>&2 3*0a6a1f1dSLionel Sambuc#set -x 4*0a6a1f1dSLionel Sambuc# $1 command 5*0a6a1f1dSLionel Sambuc# $2 rulename 6*0a6a1f1dSLionel Sambuc# $3 protocol 7*0a6a1f1dSLionel Sambuc# $4 address 8*0a6a1f1dSLionel Sambuc# $5 mask 9*0a6a1f1dSLionel Sambuc# $6 port 10*0a6a1f1dSLionel Sambuc# $7 id 11*0a6a1f1dSLionel Sambuc 12*0a6a1f1dSLionel Sambuccase "$1" in 13*0a6a1f1dSLionel Sambucadd) 14*0a6a1f1dSLionel Sambuc if [ -n "$3" ]; then 15*0a6a1f1dSLionel Sambuc proto="proto $3" 16*0a6a1f1dSLionel Sambuc fi 17*0a6a1f1dSLionel Sambuc if [ -n "$6" ]; then 18*0a6a1f1dSLionel Sambuc port="port $6" 19*0a6a1f1dSLionel Sambuc fi 20*0a6a1f1dSLionel Sambuc exec /sbin/npfctl rule $2 add block in final $proto from $4/$5 to any $port 21*0a6a1f1dSLionel Sambuc ;; 22*0a6a1f1dSLionel Sambucrem) 23*0a6a1f1dSLionel Sambuc exec /sbin/npfctl rule $2 rem-id $7 24*0a6a1f1dSLionel Sambuc ;; 25*0a6a1f1dSLionel Sambucflush) 26*0a6a1f1dSLionel Sambuc exec /sbin/npfctl rule $2 flush 27*0a6a1f1dSLionel Sambuc ;; 28*0a6a1f1dSLionel Sambuc*) 29*0a6a1f1dSLionel Sambuc echo "$0: Unknown command '$1'" 1>&2 30*0a6a1f1dSLionel Sambuc exit 1 31*0a6a1f1dSLionel Sambuc ;; 32*0a6a1f1dSLionel Sambucesac 33