summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--scripts/sh/pf.sh21
1 files changed, 15 insertions, 6 deletions
diff --git a/scripts/sh/pf.sh b/scripts/sh/pf.sh
index aab30ed..5cd5e45 100644
--- a/scripts/sh/pf.sh
+++ b/scripts/sh/pf.sh
@@ -4,8 +4,8 @@
#
# Author: Georg Pfuetzenreuter <georg@lysergic.dev>
# Created: 02/11/2021
-# Last edit: 05/12/2021
-# Version: 2.0
+# Last edit: 07/12/2021
+# Version: 2.1
#
# This assumes .ssh/config being configured to ssh into your router with a user having write access to /tmp/* and $prodfile as well as having doas permissions for `pfctl -f $prodfile`.
@@ -21,7 +21,7 @@ gethostaddress () {
}
init () {
- #hostaddress=$(gethostaddress) ##we no longer parse ssh_config and rely on functioning DNS lookups
+ #hostaddress=$(gethostaddress)
hostaddress="$host"
if nc -z $hostaddress 22 2>/dev/null; then
workfile="/tmp/pf.conf.$host-$USER-$(date -u +%d%m%y-%H%M)"
@@ -48,7 +48,8 @@ edit () {
}
check () {
- echo "$stagefile"
+ #echo "$stagefile"
+ render_diff
ssh -q $host pfctl -nf $stagefile
result="$?"
case $result in
@@ -65,12 +66,18 @@ render_diff () {
$difftool "${diffargs[@]}" $localbackupfile $workfile
}
+send_report () {
+ maildiff=$(diff -u --color=never $localbackupfile $workfile)
+ echo -e "$USER deployed packet filter changes on $host at $(date):\n\n$maildiff" | mail -s "pf changes on $host by $USER" system@lysergic.dev
+}
+
edit_ok () {
- render_diff
- echo "Syntax OK. Type YES to deploy changes or anything else to abort."
+ echo "Syntax OK. Type YES to deploy changes, edit to edit, or anything else to abort."
read choice
if [ "$choice" = "YES" ]; then
deploy
+ elif [ "$choice" = "edit" ]; then
+ edit
else
#rollback
abort
@@ -117,6 +124,7 @@ deploy () {
result="$?"
case $result in
0 )
+ send_report
ssh -q $host "doas pfctl -f $prodfile && rm $stagefile"
echo "OK."
rm $workfile
@@ -138,3 +146,4 @@ else
host="$1"
init
fi
+