CDNWiki - KnowledgeBase / FreeBSD / pfScripts / pfadd

#!/bin/sh

pfctl="/sbin/pfctl"

if [ $(/usr/bin/id -u) -ne 0 ]
then
        echo "Mortal user detected! Begging for root privs!"
        exec /usr/bin/su ${0} ${*}
fi

verbose="" # Default verbosity

# Parse command line
while [ -n "${1}" ]
do
        case "${1}" in
        -v)     # Louder!
                verbose="-v"
                ;;
        -q)     # Shh.. Quiet!
                verbose="-q"
                ;;
        *)
                file="${*}"
                break
                ;;
        esac
        shift
done

if [ ! -f "${file}" ]
then
        echo "Usage: $(/usr/bin/basename ${0}) {file.pf|file.table|file.list}"
        exit 64
fi

load_pf(){
        # Compute anchor point and insert ruleset
        anchor="dynamic/$(/usr/bin/basename "${1}" .pf)"
        [ "${verbose}" = "-v" ] && echo pfctl -a "${anchor}" -f "${1}"
        pfctl ${verbose} -a "${anchor}" -f "${1}"
}

load_table(){
        # Compute tablename and load IP list into table
        table="$(/usr/bin/basename "${1}" .table)"
        # Load list from table
#       content=$(/bin/cat "${1}" | /usr/bin/sed -e 's@#.*$@@')
#       [ "${verbose}" = "-v" ] && echo pfctl -t "${table}" -T flush
#       pfctl ${verbose} -t "${table}" -T flush
#       [ "${verbose}" = "-v" ] && echo pfctl -t "${table}" -T add ${content}
#       pfctl ${verbose} -t "${table}" -T add ${content}
        [ "${verbose}" = "-v" ] && echo pfctl -T replace -t "${table}" -f "${1}"
        pfctl -T replace -t "${table}" -f "${1}"
}

load_list(){
        # Iterate through the lines in the list and load each rule file and table
        cmd="$(/bin/realpath "${0}")"
        cd "$(/usr/bin/dirname "$(/bin/realpath "${1}")")"
        /bin/cat "${1}" | sed -e 's@#.*@@' | while read line
        do
                if [ -f "${line}" ]
                then
                        "${cmd}" ${verbose} "${line}"
                fi
        done
}

case "${file}" in
*.pf)
        [ "${verbose}" != "-q" ] && echo "Loading ruleset from $(/usr/bin/basename ${file})"
        load_pf "${file}"
        # Look for a table definition with the same name, for auto loading
        table="$(/usr/bin/dirname "${file}")/$(/usr/bin/basename "${file}" .pf).table"
        [ -f "${table}" ] && load_table "${table}"
        ;;
*.table)
        [ "${verbose}" != "-q" ] && echo "Loading table from $(/usr/bin/basename ${file})"
        load_table "${file}"
        ;;
*.list)
        [ "${verbose}" != "-q" ] && echo "Loading all rulesets in $(/usr/bin/basename ${file})";
        load_list "${file}"
        ;;
*)
        echo "Unknown filetype: ${file}"
        exit 32
        ;;
esac